[SCM] BOINC packaging branch, upstream, updated. upstream/7.0.38+dfsg

Gianfranco Costamagna costamagnagianfranco at yahoo.it
Sat Nov 3 13:28:31 UTC 2012


The following commit has been merged in the upstream branch:
commit 86fc3733334f5dece263e7798719e86e977ed033
Author: Gianfranco Costamagna <costamagnagianfranco at yahoo.it>
Date:   Sat Nov 3 11:19:34 2012 +0100

    Imported Upstream version 7.0.38+dfsg

diff --git a/.vimrc b/.vimrc
new file mode 100644
index 0000000..94a5a51
--- /dev/null
+++ b/.vimrc
@@ -0,0 +1,10 @@
+set ai
+set ts=4
+set bs=1
+set cin
+set sts=4
+set sw=4
+set expandtab
+set smarttab
+set backspace=indent,eol,start
+syntax off
diff --git a/Makefile.am b/Makefile.am
index 818d59f..f74a363 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,5 +1,5 @@
 ## -*- mode: makefile; tab-width: 4 -*-
-## $Id: Makefile.am 25623 2012-04-30 21:06:39Z romw $
+## $Id$
 
 AUTOMAKE_OPTIONS = foreign
 
@@ -22,9 +22,9 @@ endif
 
 if ENABLE_MANAGER
    CLIENTGUI_SUBDIRS = clientgui locale
-#if BUILD_X11_SCREENSAVER
-#   CLIENTGUI_SUBDIRS += clientscr
-#endif
+if BUILD_X11_SCREENSAVER
+   CLIENTGUI_SUBDIRS += clientscr
+endif
 endif
 
 # ORDER MATTERS below.  One must build dependencies FIRST, then things
diff --git a/Makefile.incl b/Makefile.incl
index 49aabb5..537a0f9 100644
--- a/Makefile.incl
+++ b/Makefile.incl
@@ -1,5 +1,5 @@
 ## -*-Makefile -*-
-## $Id: Makefile.incl 25351 2012-02-28 06:57:28Z davea $
+## $Id$
 
 # Note: MYSQL_CFLAGS and MYSQL_LIBS set by configure from mysql_config
 
diff --git a/_autosetup b/_autosetup
index 990f6e3..775bc60 100755
--- a/_autosetup
+++ b/_autosetup
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-## $Id: _autosetup 19144 2009-09-23 17:16:24Z davea $
+## $Id$
 
 ## ---------- some portability checks/adjustments [stolen from configure] ----------
 ## 'echo -n' is not portable..
diff --git a/api/Makefile.am b/api/Makefile.am
index 7caf9e0..d720318 100644
--- a/api/Makefile.am
+++ b/api/Makefile.am
@@ -1,5 +1,5 @@
 ## -*- mode: makefile; tab-width: 4 -*-
-## $Id: Makefile.am 26029 2012-08-16 17:42:54Z romw $
+## $Id$
 
 include $(top_srcdir)/Makefile.incl
 
diff --git a/api/boinc_api_fortran.cpp b/api/boinc_api_fortran.cpp
index a78bac5..0b02748 100644
--- a/api/boinc_api_fortran.cpp
+++ b/api/boinc_api_fortran.cpp
@@ -128,4 +128,4 @@ void boinc_zip_(int* zipmode, const char* zipfile,
 
 }   // extern "C"
 
-const char *BOINC_RCSID_4f5153609c = "$Id: boinc_api_fortran.cpp 16069 2008-09-26 18:20:24Z davea $";
+const char *BOINC_RCSID_4f5153609c = "$Id$";
diff --git a/api/graphics2_util.cpp b/api/graphics2_util.cpp
index fd58bf7..36fb3bf 100644
--- a/api/graphics2_util.cpp
+++ b/api/graphics2_util.cpp
@@ -35,7 +35,7 @@
 
 #ifdef __EMX__
 static key_t get_shmem_name(const char* prog_name) {
-    char cwd[256], path[256];
+    char cwd[MAXPATHLEN], path[MAXPATHLEN];
     boinc_getcwd(cwd);
     sprintf(path, "%s/init_data.xml", cwd);
     return ftok(path, 2);
@@ -54,7 +54,7 @@ static void get_shmem_name(const char* prog_name, char* shmem_name) {
 void* boinc_graphics_make_shmem(const char* prog_name, int size) {
 #ifdef _WIN32
     HANDLE shmem_handle;
-    char shmem_name[256];
+    char shmem_name[MAXPATHLEN];
     void* p;
     get_shmem_name(prog_name, shmem_name);
     shmem_handle = create_shmem(shmem_name, size, &p);
@@ -67,7 +67,7 @@ void* boinc_graphics_make_shmem(const char* prog_name, int size) {
     int retval = create_shmem(key, size, 0, &p);
 #else
     // V6 Unix/Linux/Mac applications always use mmap() shared memory for graphics communication
-    char shmem_name[256];
+    char shmem_name[MAXPATHLEN];
     get_shmem_name(prog_name, shmem_name);
     int retval = create_shmem_mmap(shmem_name, size, &p);
     // Graphics app may be run by a different user & group than worker app
@@ -82,7 +82,7 @@ void* boinc_graphics_make_shmem(const char* prog_name, int size) {
 #ifdef _WIN32
 void* boinc_graphics_get_shmem(const char* prog_name) {
     HANDLE shmem_handle;
-    char shmem_name[256];
+    char shmem_name[MAXPATHLEN];
     void* p;
     get_shmem_name(prog_name, shmem_name);
     shmem_handle = attach_shmem(shmem_name, &p);
@@ -100,7 +100,7 @@ void* boinc_graphics_get_shmem(const char* prog_name) {
     retval = attach_shmem(key, &p);
 #else
     // V6 Unix/Linux/Mac applications always use mmap() shared memory for graphics communication
-    char shmem_name[256];
+    char shmem_name[MAXPATHLEN];
     get_shmem_name(prog_name, shmem_name);
     retval = attach_shmem_mmap(shmem_name, &p);
 #endif
diff --git a/api/graphics_api.cpp b/api/graphics_api.cpp
index 238b823..62c3657 100644
--- a/api/graphics_api.cpp
+++ b/api/graphics_api.cpp
@@ -99,4 +99,4 @@ bool boinc_graphics_possible() {
     return true;
 }
 
-const char *BOINC_RCSID_b2ceed0813 = "$Id: graphics_api.cpp 16069 2008-09-26 18:20:24Z davea $";
+const char *BOINC_RCSID_b2ceed0813 = "$Id$";
diff --git a/api/graphics_data.cpp b/api/graphics_data.cpp
index 55f029a..35c2936 100644
--- a/api/graphics_data.cpp
+++ b/api/graphics_data.cpp
@@ -78,4 +78,4 @@ void GRAPHICS_DOUBLE_BUFFER::generate_done(GRAPHICS_BUFFER* b) {
     b->state = GB_STATE_GENERATED;
 }
 
-const char *BOINC_RCSID_ebfbd0f929 = "$Id: graphics_data.cpp 16069 2008-09-26 18:20:24Z davea $";
+const char *BOINC_RCSID_ebfbd0f929 = "$Id$";
diff --git a/api/graphics_impl.cpp b/api/graphics_impl.cpp
index c5c903f..ce35890 100644
--- a/api/graphics_impl.cpp
+++ b/api/graphics_impl.cpp
@@ -267,4 +267,4 @@ void get_window_title(APP_INIT_DATA& aid, char* buf, int len) {
     }
 }
 
-const char *BOINC_RCSID_6e92742852 = "$Id: graphics_impl.cpp 16726 2008-12-19 18:14:02Z davea $";
+const char *BOINC_RCSID_6e92742852 = "$Id$";
diff --git a/api/graphics_impl_lib.cpp b/api/graphics_impl_lib.cpp
index ac97322..0ab9b3c 100644
--- a/api/graphics_impl_lib.cpp
+++ b/api/graphics_impl_lib.cpp
@@ -51,4 +51,4 @@ void block_sigalrm() {
 }
 #endif
 
-const char *BOINC_RCSID_9886dee259 = "$Id: graphics_impl_lib.cpp 16069 2008-09-26 18:20:24Z davea $";
+const char *BOINC_RCSID_9886dee259 = "$Id$";
diff --git a/api/graphics_lib.cpp b/api/graphics_lib.cpp
index 1fcb1f2..fad2671 100644
--- a/api/graphics_lib.cpp
+++ b/api/graphics_lib.cpp
@@ -178,4 +178,4 @@ bool boinc_graphics_possible() {
     return true;
 }
 
-const char *BOINC_RCSID_93054c7e32 = "$Id: graphics_lib.cpp 20054 2010-01-01 02:50:56Z davea $";
+const char *BOINC_RCSID_93054c7e32 = "$Id$";
diff --git a/api/gutil.cpp b/api/gutil.cpp
index 1a3e251..c9023ba 100644
--- a/api/gutil.cpp
+++ b/api/gutil.cpp
@@ -729,7 +729,10 @@ tImageJPG *LoadJPG(const char *filename) {
 
 int TEXTURE_DESC::CreateTextureJPG(const char* strFileName) {
 	if(!strFileName) return -1;
-	tImageJPG *pImage = LoadJPG(strFileName);			// Load the image and store the data
+
+    // Load the image and store the data
+    //
+	tImageJPG *pImage = LoadJPG(strFileName);
 	if(pImage == NULL) return -1;
 	glPixelStorei(GL_UNPACK_ALIGNMENT,1);
 	glGenTextures(1, (GLuint*)&id);
@@ -740,12 +743,10 @@ int TEXTURE_DESC::CreateTextureJPG(const char* strFileName) {
     xsize = pImage->sizeX;
     ysize = pImage->sizeY;
 
-	if (pImage) {
-		if (pImage->data) {
-			free(pImage->data);
-		}
-		free(pImage);
-	}
+    if (pImage->data) {
+        free(pImage->data);
+    }
+    free(pImage);
 	return 0;
 }
 
diff --git a/api/static_graphics.cpp b/api/static_graphics.cpp
index e3a90e1..6f5085c 100644
--- a/api/static_graphics.cpp
+++ b/api/static_graphics.cpp
@@ -73,4 +73,4 @@ void app_graphics_resize(int w, int h) {
 void app_graphics_reread_prefs() {
 }
 
-const char *BOINC_RCSID_ebba08c46e = "$Id: static_graphics.cpp 16069 2008-09-26 18:20:24Z davea $";
+const char *BOINC_RCSID_ebba08c46e = "$Id$";
diff --git a/api/ttfont.cpp b/api/ttfont.cpp
index d4ee435..0bcf431 100644
--- a/api/ttfont.cpp
+++ b/api/ttfont.cpp
@@ -1,194 +1,194 @@
-// This file is part of BOINC.
-// http://boinc.berkeley.edu
-// Copyright (C) 2010 University of California
-//
-// BOINC is free software; you can redistribute it and/or modify it
-// under the terms of the GNU Lesser General Public License
-// as published by the Free Software Foundation,
-// either version 3 of the License, or (at your option) any later version.
-//
-// BOINC is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-// See the GNU Lesser General Public License for more details.
-//
-// You should have received a copy of the GNU Lesser General Public License
-// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
-
-
-// utility functions for TrueType font OpenGL graphics
-
-// FTGL OpenGL TrueType/FreeType font rendering
-// you will need to build & link against freetype2 and ftgl
-// tested using ftgl version 2.1.3 rc5 and freetype version 2.4.10
-
-// ftgl library:  http://sourceforge.net/projects/ftgl/files/FTGL%20Source/
-// freetype2 library:  http://www.freetype.org/
-
-// this should basically be a drop-in for the old boinc txf_* functions i.e.
-//  txf_load_fonts and txf_render_string, with extra options on the latter for rotating etc
-
-// originally adapted by Carl Christensen
-
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2010 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+
+// utility functions for TrueType font OpenGL graphics
+
+// FTGL OpenGL TrueType/FreeType font rendering
+// you will need to build & link against freetype2 and ftgl
+// tested using ftgl version 2.1.3 rc5 and freetype version 2.4.10
+
+// ftgl library:  http://sourceforge.net/projects/ftgl/files/FTGL%20Source/
+// freetype2 library:  http://www.freetype.org/
+
+// this should basically be a drop-in for the old boinc txf_* functions i.e.
+//  txf_load_fonts and txf_render_string, with extra options on the latter for rotating etc
+
+// originally adapted by Carl Christensen
+
 #if defined(_WIN32) && !defined(__STDWX_H__) && !defined(_BOINC_WIN_) && !defined(_AFX_STDAFX_H_) 
 #include "boinc_win.h"
 #endif
-
-#include "boinc_gl.h"
-#include <FTGL/ftgl.h>
-
-#include "ttfont.h"
-#include "filesys.h"  // from boinc for file_exists
-
-// I put in it's own namespace so call TTFont::ttf_load_fonts() etc
-namespace TTFont {  
-
-// The Liberation version 2.00.0 fonts referenced below are free 
-// fonts under the SIL Open Font License version 1.1.  You can 
-// download the license and fonts from
-// https://fedorahosted.org/liberation-fonts
-//
-// Another source of free fonts is the GNU FreeFont project 
-// at http://www.gnu.org/software/freefont
-
-// you'll want to define a 2-d array of char as appropriate for your 
-// truetype font filenames (path is set in the call to ttf_load_fonts)
-static const char *g_cstrFont[] = {
-    "LiberationSans-Regular.ttf",       // 0, this is the default
-    "LiberationSans-Bold.ttf",          // 1
-    "LiberationSans-Italic.ttf",        // 2
-    "LiberationSans-BoldItalic.ttf",    // 3
-    "LiberationSerif-Regular.ttf",      // 4
-    "LiberationSerif-Bold.ttf",         // 5
-    "LiberationSerif-Italic.ttf",       // 6
-    "LiberationSerif-BoldItalic.ttf",   // 7
-    "LiberationMono-Regular.ttf",       // 8
-    "LiberationMono-Bold.ttf",          // 9
-    "LiberationMono-Italic.ttf",        // 10
-    "LiberationMono-BoldItalic.ttf"     // 11
-};
-    
-// define the number of fonts supported
-#define NUM_FONT (sizeof(g_cstrFont) / sizeof(char*))
-
-FTFont* g_font[NUM_FONT];
-int g_iFont = -1;
-
-// load fonts. call once.
-// pass in the font directory, and any special-scaling font name & size (e.g. if I want a huge typeface for Sans-Serif Regular then I pass in "LiberationSans-Regular.ttf", 3000)
-void ttf_load_fonts(const char* dir, const char* strScaleFont, const int& iScaleFont) {
-    static bool bInit = false; // flag so we don't call again, otherwise we'll have memory leaks each subsequent call to new FTTextureFont etc
-    if (bInit) return; // we've already been here
-    bInit = true; // we're in now!
-    ttf_cleanup();
-    memset(g_font, 0x00, sizeof(FTFont*) * NUM_FONT); // initialize to null's for error checking later
-    char vpath[MAXPATHLEN];
-    g_iFont = -1;
-    for (unsigned int i=0 ; i < NUM_FONT; i++){
-        sprintf(vpath, "%s/%s", dir, g_cstrFont[i]);
-        if (boinc_file_exists(vpath)) {
-            //g_font[i] = new FTBitmapFont(vpath);
-            //g_font[i] = new FTPixmapFont(vpath);
-            //g_font[i] = new FTPolygonFont(vpath);
-            g_font[i] = new FTTextureFont(vpath);
-            if(!g_font[i]->Error()) {
-#ifdef _DEBUG
-               fprintf(stderr, "Successfully loaded '%s'...\n", vpath);
-#endif
-                int iScale = 30;
-                if (strScaleFont && !strcmp(strScaleFont, g_cstrFont[i])) iScale = iScaleFont;
-                if(!g_font[i]->FaceSize(iScale))
-                {
-                    fprintf(stderr, "Failed to set size");
-                }
-
-                g_font[i]->Depth(3.);
-                g_font[i]->Outset(-.5f, 1.5f);
-
-                g_font[i]->CharMap(ft_encoding_unicode);
-                g_iFont = i;
-
-            }
-#ifdef _DEBUG
-             else {
-                fprintf(stderr, "Failed to load '%s'...\n", vpath);
-            }
-#endif
-        }
-    }  
-}
-
-// remove our objects?
-void ttf_cleanup()
-{
-    for (unsigned int i = 0; i < NUM_FONT; i++) {
-        if (g_font[i]) {
-            delete g_font[i];
-            g_font[i] = NULL;
-        }
-    }
-}
-
-
-void ttf_render_string(
-    const double& x,
-    const double& y,
-    const double& z,                // text position
-    const float& fscale,            // scale factor
-    const GLfloat* col,             // colour 4vf
-    const char* s,                  // string ptr
-    const int& iFont,               // font index
-    const float& fRotAngle,         // optional rotation angle
-    const float& fRotX,             // optional rotation vector for X
-    const float& fRotY,             // optional rotation vector for Y
-    const float& fRotZ,             // optional rotation vector for Z
-    const float& fRadius            // circular radius to draw along
-)
-{
-        // http://ftgl.sourceforge.net/docs/html/
-
-    // if requested font isn't available, find first one that is
-    //
-    unsigned int theFont = iFont;
-    while((theFont < NUM_FONT) && !g_font[theFont]) theFont++;
-	if((theFont >= NUM_FONT) || !g_font[theFont]) {
-        // bad font index
-        return;
-    }
-
-    int renderMode = FTGL::RENDER_FRONT; //ALL; //FRONT | FTGL::FTGL_RENDER_BACK;
-
-    glColor4fv(col);
-    glPushMatrix();
-
-    glTranslated(x, y, z);
-    glScaled(1.0f / fscale, 1.0f / fscale, 1.0f / fscale);
-    glEnable(GL_TEXTURE_2D);
-
-    if (fRotAngle != 0.0f) {
-        glRotatef(fRotAngle, fRotX, fRotY, fRotZ);
-    }
-
-    if (fRadius == 0.0f) {
-        g_font[theFont]->Render(s, -1, FTPoint(), FTPoint(), renderMode);
-    }
-    else {
-        int i = 0;
-        float fAdvance = 1.0f;
-        while ( *(s+i) ) {
-            fAdvance = g_font[theFont]->Advance((s+i), 1, FTPoint());
-            g_font[theFont]->Render((s+i), 1, FTPoint(), FTPoint(), renderMode);
-            glTranslated(fAdvance, 0.0f, 0.0f);
-            glRotatef(fRadius * fAdvance / (float) 20.0f, 0.0f, 0.0f, 1.0f);
-            i++;
-        }
-    }
-
-    glDisable(GL_TEXTURE_2D);
-
-    glPopMatrix();
-}
-
-}   // namespace
-
-
+
+#include "boinc_gl.h"
+#include <FTGL/ftgl.h>
+
+#include "ttfont.h"
+#include "filesys.h"  // from boinc for file_exists
+
+// I put in it's own namespace so call TTFont::ttf_load_fonts() etc
+namespace TTFont {  
+
+// The Liberation version 2.00.0 fonts referenced below are free 
+// fonts under the SIL Open Font License version 1.1.  You can 
+// download the license and fonts from
+// https://fedorahosted.org/liberation-fonts
+//
+// Another source of free fonts is the GNU FreeFont project 
+// at http://www.gnu.org/software/freefont
+
+// you'll want to define a 2-d array of char as appropriate for your 
+// truetype font filenames (path is set in the call to ttf_load_fonts)
+static const char *g_cstrFont[] = {
+    "LiberationSans-Regular.ttf",       // 0, this is the default
+    "LiberationSans-Bold.ttf",          // 1
+    "LiberationSans-Italic.ttf",        // 2
+    "LiberationSans-BoldItalic.ttf",    // 3
+    "LiberationSerif-Regular.ttf",      // 4
+    "LiberationSerif-Bold.ttf",         // 5
+    "LiberationSerif-Italic.ttf",       // 6
+    "LiberationSerif-BoldItalic.ttf",   // 7
+    "LiberationMono-Regular.ttf",       // 8
+    "LiberationMono-Bold.ttf",          // 9
+    "LiberationMono-Italic.ttf",        // 10
+    "LiberationMono-BoldItalic.ttf"     // 11
+};
+    
+// define the number of fonts supported
+#define NUM_FONT (sizeof(g_cstrFont) / sizeof(char*))
+
+FTFont* g_font[NUM_FONT];
+int g_iFont = -1;
+
+// load fonts. call once.
+// pass in the font directory, and any special-scaling font name & size (e.g. if I want a huge typeface for Sans-Serif Regular then I pass in "LiberationSans-Regular.ttf", 3000)
+void ttf_load_fonts(const char* dir, const char* strScaleFont, const int& iScaleFont) {
+    static bool bInit = false; // flag so we don't call again, otherwise we'll have memory leaks each subsequent call to new FTTextureFont etc
+    if (bInit) return; // we've already been here
+    bInit = true; // we're in now!
+    ttf_cleanup();
+    memset(g_font, 0x00, sizeof(FTFont*) * NUM_FONT); // initialize to null's for error checking later
+    char vpath[MAXPATHLEN];
+    g_iFont = -1;
+    for (unsigned int i=0 ; i < NUM_FONT; i++){
+        sprintf(vpath, "%s/%s", dir, g_cstrFont[i]);
+        if (boinc_file_exists(vpath)) {
+            //g_font[i] = new FTBitmapFont(vpath);
+            //g_font[i] = new FTPixmapFont(vpath);
+            //g_font[i] = new FTPolygonFont(vpath);
+            g_font[i] = new FTTextureFont(vpath);
+            if(!g_font[i]->Error()) {
+#ifdef _DEBUG
+               fprintf(stderr, "Successfully loaded '%s'...\n", vpath);
+#endif
+                int iScale = 30;
+                if (strScaleFont && !strcmp(strScaleFont, g_cstrFont[i])) iScale = iScaleFont;
+                if(!g_font[i]->FaceSize(iScale))
+                {
+                    fprintf(stderr, "Failed to set size");
+                }
+
+                g_font[i]->Depth(3.);
+                g_font[i]->Outset(-.5f, 1.5f);
+
+                g_font[i]->CharMap(ft_encoding_unicode);
+                g_iFont = i;
+
+            }
+#ifdef _DEBUG
+             else {
+                fprintf(stderr, "Failed to load '%s'...\n", vpath);
+            }
+#endif
+        }
+    }  
+}
+
+// remove our objects?
+void ttf_cleanup()
+{
+    for (unsigned int i = 0; i < NUM_FONT; i++) {
+        if (g_font[i]) {
+            delete g_font[i];
+            g_font[i] = NULL;
+        }
+    }
+}
+
+
+void ttf_render_string(
+    const double& x,
+    const double& y,
+    const double& z,                // text position
+    const float& fscale,            // scale factor
+    const GLfloat* col,             // colour 4vf
+    const char* s,                  // string ptr
+    const int& iFont,               // font index
+    const float& fRotAngle,         // optional rotation angle
+    const float& fRotX,             // optional rotation vector for X
+    const float& fRotY,             // optional rotation vector for Y
+    const float& fRotZ,             // optional rotation vector for Z
+    const float& fRadius            // circular radius to draw along
+)
+{
+        // http://ftgl.sourceforge.net/docs/html/
+
+    // if requested font isn't available, find first one that is
+    //
+    unsigned int theFont = iFont;
+    while((theFont < NUM_FONT) && !g_font[theFont]) theFont++;
+	if((theFont >= NUM_FONT) || !g_font[theFont]) {
+        // bad font index
+        return;
+    }
+
+    int renderMode = FTGL::RENDER_FRONT; //ALL; //FRONT | FTGL::FTGL_RENDER_BACK;
+
+    glColor4fv(col);
+    glPushMatrix();
+
+    glTranslated(x, y, z);
+    glScaled(1.0f / fscale, 1.0f / fscale, 1.0f / fscale);
+    glEnable(GL_TEXTURE_2D);
+
+    if (fRotAngle != 0.0f) {
+        glRotatef(fRotAngle, fRotX, fRotY, fRotZ);
+    }
+
+    if (fRadius == 0.0f) {
+        g_font[theFont]->Render(s, -1, FTPoint(), FTPoint(), renderMode);
+    }
+    else {
+        int i = 0;
+        float fAdvance = 1.0f;
+        while ( *(s+i) ) {
+            fAdvance = g_font[theFont]->Advance((s+i), 1, FTPoint());
+            g_font[theFont]->Render((s+i), 1, FTPoint(), FTPoint(), renderMode);
+            glTranslated(fAdvance, 0.0f, 0.0f);
+            glRotatef(fRadius * fAdvance / (float) 20.0f, 0.0f, 0.0f, 1.0f);
+            i++;
+        }
+    }
+
+    glDisable(GL_TEXTURE_2D);
+
+    glPopMatrix();
+}
+
+}   // namespace
+
+
diff --git a/api/windows_opengl.cpp b/api/windows_opengl.cpp
index 12d4f7e..0242367 100644
--- a/api/windows_opengl.cpp
+++ b/api/windows_opengl.cpp
@@ -538,4 +538,4 @@ void win_graphics_event_loop() {
     SetEvent(hQuitEvent);        // Signal the worker thread that we're quitting
 }
 
-const char *BOINC_RCSID_462f482d81 = "$Id: windows_opengl.cpp 25393 2012-03-08 22:42:44Z davea $";
+const char *BOINC_RCSID_462f482d81 = "$Id$";
diff --git a/api/x_opengl.cpp b/api/x_opengl.cpp
index 057cab2..4e9cee0 100644
--- a/api/x_opengl.cpp
+++ b/api/x_opengl.cpp
@@ -673,4 +673,4 @@ void xwin_graphics_event_loop() {
 }
 
 
-const char *BOINC_RCSID_c457a14644 = "$Id: x_opengl.cpp 25906 2012-07-30 19:37:51Z romw $";
+const char *BOINC_RCSID_c457a14644 = "$Id$";
diff --git a/apps/1sec.cpp b/apps/1sec.cpp
index 56eccfa..4c88b1f 100644
--- a/apps/1sec.cpp
+++ b/apps/1sec.cpp
@@ -35,4 +35,4 @@ int main() {
     fclose(f);
 }
 
-const char *BOINC_RCSID_afc4016a8b = "$Id: 1sec.cpp 16068 2008-09-26 18:10:10Z davea $";
+const char *BOINC_RCSID_afc4016a8b = "$Id$";
diff --git a/apps/Makefile.am b/apps/Makefile.am
index 7fa90f5..858f403 100644
--- a/apps/Makefile.am
+++ b/apps/Makefile.am
@@ -1,5 +1,5 @@
 ## -*- mode: makefile; tab-width: 4 -*-
-## $Id: Makefile.am 18378 2009-06-11 16:11:45Z davea $
+## $Id$
 
 include $(top_srcdir)/Makefile.incl
 
diff --git a/apps/concat.cpp b/apps/concat.cpp
index c4e04cc..4c24576 100644
--- a/apps/concat.cpp
+++ b/apps/concat.cpp
@@ -151,4 +151,4 @@ int main(int argc, char** argv) {
     return 0;
 }
 
-const char *BOINC_RCSID_8254ea59c3 = "$Id: concat.cpp 16068 2008-09-26 18:10:10Z davea $";
+const char *BOINC_RCSID_8254ea59c3 = "$Id$";
diff --git a/apps/error.cpp b/apps/error.cpp
index 2be4a4b..57bff23 100644
--- a/apps/error.cpp
+++ b/apps/error.cpp
@@ -35,4 +35,4 @@ int main() {
     fprintf(stderr, "APP: upper_case ending, wrote %d chars\n", n);
 }
 
-const char *BOINC_RCSID_130fd0309d = "$Id: error.cpp 16068 2008-09-26 18:10:10Z davea $";
+const char *BOINC_RCSID_130fd0309d = "$Id$";
diff --git a/apps/upper_case.cpp b/apps/upper_case.cpp
index 9629691..7852eba 100644
--- a/apps/upper_case.cpp
+++ b/apps/upper_case.cpp
@@ -305,5 +305,5 @@ int WINAPI WinMain(HINSTANCE hInst, HINSTANCE hPrevInst, LPSTR Args, int WinMode
 }
 #endif
 
-const char *BOINC_RCSID_33ac47a071 = "$Id: upper_case.cpp 23710 2011-06-12 20:58:43Z davea $";
+const char *BOINC_RCSID_33ac47a071 = "$Id$";
 
diff --git a/checkin_notes b/checkin_notes
index 65c4077..99b36c3 100644
--- a/checkin_notes
+++ b/checkin_notes
@@ -4342,7 +4342,6 @@ David  20 Aug 2012
     client/
         gpu_nvidia.cpp
 
-<<<<<<< .working
 Charlie 8 Sep 2012
     - client: work around a nasty bug which crashes OSX (!) on some 
         dual-gpu MacBooks with CUDA installed if we call cuInit() 
@@ -4425,3 +4424,315 @@ Rom    12 Sept 2012
     /
         configure.ac
         version.h
+
+Rom    13 Sept 2012
+    - client: Initialize the total mem size_t.
+    
+    client/
+        gpu_nvidia.cpp
+
+Rom    26 Oct 2012
+    - WINSETUP: Add the account manager auth logic from the 6.8 installer to current
+        generation installers.
+    - WINSETUP: Make whether or not to create start menu items configurable via the
+        command line.  Useful for mass deployment installs.
+
+    win_build\installerv2\
+        BOINC.ism
+        BOINCx64.ism
+
+David  19 Sept 2012
+    - Client/manager: if a GPU app is suspended because a GPU-exclusive
+        app is running, show an appropriate message.
+
+    clientgui/
+        sg_TaskPanel.cpp
+        MainDOcument.cpp
+    lib/
+        gui_rpc_client_ops.cpp
+        gui_rpc_client.h
+
+David  19 Sept 2012
+    - client: message tweak
+    client/
+        app.cpp
+        cs_prefs.cpp
+
+David  20 Sept 2012
+    - A bunch of tweaks from Steffen Moller, e.g. using MAXPATHLEN
+
+    various files
+
+Charlie 21 Sep 2012
+    - Mac: Fix build breaks introduced by above changes; path_to_error 
+        arg is modified by CheckNestedDirectories() so can't be const.
+
+    client/
+        check_security.cpp
+
+David  21 Sept 2012
+    - client: MAXPATHLEN tweak
+
+    client/
+        app.cpp
+
+David  21 Sept 2012
+    - Manager: fix "exclusive GPU app running" message logic.
+
+    clientgui/
+        MainDocument.cpp
+
+David  11 Oct 2012
+    - client and API: improve the way an app checks for the death of the client
+        Old: heartbeat mechanism
+        Problem: if the client is blocked for > 30 secs
+            (e.g. because it takes a long time to write the state file,
+            of because it's stopped in a debugger)
+            then apps exit.
+            This is bad is the app doesn't checkpoint and has been
+            running for a long time.
+        New: the client passes its PID to the app.
+            The app periodically (10 sec) checks that the process still exists.
+        Notes:
+        - For backward compatibility (e.g. new API w/ old client,
+            or vice versa) the client still sends heartbeats,
+            and the API checks heartbeats if the client doesn't pass a PID.
+        - The new mechanism works only if the client's PID isn't assigned
+            to a new process within 10 secs of the client exiting.
+            Windows 2000 reuses PIDs immediately, so check for Win2K
+            and don't use this mechanism if so.
+
+    TODO: For Unix multithread apps,
+        critical sections aren't currently being enforced.
+        Need to fix this by masking signals.
+
+    client/
+        hostinfo_win.cpp
+        app_start.cpp
+    lib/
+        app_ipc.cpp,h
+        proc_control.cpp
+
+David  11 Oct 2012
+	- Win compile fixes.
+		For now, include psapi.lib in various project properties.
+		Try to figure out a different way.
+
+	client/
+		app_start.cpp
+	lib/
+		boinc_win.h
+	win_build/
+		various .proj files
+
+Charlie 15 Oct 2012
+    - MGR: We don't save Simple View's width & height since it's 
+        window is not resizable, so don't try to read them back.
+    
+    clientgui/
+        BOINCGUIApp.cpp
+
+Charlie 17 Oct 2012
+    - MGR: Add Control-Shift_E shortcut (Command-Shift-E on Mac) to show Event 
+        Log in Simple View, for the convenience of tech suppport volunteers.
+    
+    clientgui/
+        sg_BoincSimpleFrame.cpp,.h
+
+David  17 Oct 2012
+    - client: maintain current and previous uptime,
+        and include them in scheduler RPC request.
+    
+    Note: this is to support a future feature where the scheduler will
+        send non-checkpointing jobs only clients likely to be able
+        to complete them.
+
+    client/
+        client_state.cpp,h
+        cs_scheduler.cpp
+        cs_statefile.cpp
+    lib/
+        gui_rpc_client_ops.cpp
+
+David  17 Oct 2012
+    - tweaks
+
+    client/
+        async_file.cpp
+    lib/
+        filesys.cpp,h
+    samples/atiopencl/
+        atiopencl.cpp
+
+Charlie 18 Oct 2012
+    - MGR: Fix bug which can cause Manager to quit when started in Simple View.
+    
+    clientgui/
+        sg_TaskPanel.cpp
+
+Rom    19 Oct 2012
+    - Add missing references to psapi.lib for various build configurations.
+
+    win_build\
+        boinc_ss.vcproj
+        example_app_multi_thread.vcproj
+        sleeper.vcproj
+        uc2.vcproj
+        uc2_graphics.vcproj
+        vboxwrapper.vcproj
+        wrapper.vcproj
+
+Charlie 18 Oct 2012
+    - lib: don't clear entire APP_VERSION struct in APP_VERSION::parse_coproc().
+    
+    lib/
+        gui_rpc_client_ops.cpp
+
+David  19 Oct 2012
+    - client: change work fetch policy to avoid starving GPUs
+        in situations where GPU exclusions are used.
+    - client: fix bug in round-robin simulation when GPU exclusions are used.
+
+    Note: this fixes a major problem (starvation)
+        with project-level GPU exclusion.
+        However, project-level GPU exclusion interferes with most of
+        the client's scheduling policies.
+        E.g., round-robin simulation doesn't take GPU exclusion into account,
+        and the resulting completion estimates and device shortfalls
+        can be wrong by an order of magnitude.
+
+        The only way I can see to fix this would be to model each
+        GPU instance as a separate resource,
+        and to associate each job with a particular GPU instance.
+        This would be a sweeping change in both client and server.
+
+    client/
+        log_flags.cpp
+        project.cpp,h
+        rr_sim.cpp
+        work_fetch.cpp,h
+    lib/
+        coproc.h
+
+Rom    22 Oct 2012
+    - SCR: Fix bug in X11 screensaver.
+      (From Michael Tughan)
+      
+    clientscr/
+        screensaver_x11.cpp
+
+Rom    23 Oct 2012
+    - SCR: Fix bug in X11 screensaver.
+      (From David Cross)
+      
+    clientscr/
+        screensaver_x11.cpp
+
+David  24 Oct 2012
+    - client: if an app's finish file has existed for 10 seconds, kill it;
+        it must be hung in boinc_finish().
+        This behavior has been seen with LHC at home and maybe other projects.
+
+    client/
+        app.cpp,h
+        cpp_control.cpp
+
+David  28 Oct 2012
+    - client: fix bug in handling proxy info in cc_config.file
+
+    client/
+        log_flags.cpp
+
+David  28 Oct 2012
+    - client: if exiting because of exit_after_finished flag,
+        write state file before exiting so we don't restart the job later.
+
+    client/
+        app.cpp
+        app_control.cpp
+
+David  28 Oct 2012
+    - client, Unix: make Curl sockets close-on-exec,
+        so that app processes don't inherit them.
+    - client: fix bug that makes client exit if a slot dir contains
+        finish file on startup
+
+    client/
+        app_control.cpp
+        http_curl.cpp
+
+David  29 Oct 2012
+    - GUI RPC: expose TIME_STATS info (e.g. on_frac) in
+        the binding of the get_state() RPC
+    - client: move client_start_time and previous_uptime
+        from CLIENT_STATE to TIME_STATS,
+        so that these are also visible in GUI RPC
+    - client: condition an RR simulation message on <rrsim_detail>
+
+    client/
+        client_state.cpp,h
+        cs_prefs.cpp
+        cs_scheduler.cpp
+        cs_statefile.cpp
+        rr_sim.cpp
+        time_stats.cpp,h
+    lib/
+        common_defs.h
+        gui_rpc_client.h
+        gui_rpc_client_ops.cpp
+        gui_rpc_client_print.cpp
+
+David  31 Oct 2012
+    - client: message tweaks for failed app startup
+
+    client/
+        app_start.cpp
+        client_state.cpp
+
+David  1 Nov 2012
+	- client/manager: move the conditional define of MAXPATHLEN
+		from boinc_win.h to filesys.h,
+		so that the client will hopefully build on Hurd,
+		which doesn't define MAXPATHLEN.
+
+	client/
+		http_curl.cpp
+	lib/
+		boinc_win.h
+		common_defs.h
+		filesys.h
+		gui_rpc_client.h
+
+David  1 Nov 2012
+    - fix a few unlikely but possible file-descriptor leaks
+
+    client/
+        cs_scheduler.cpp
+    lib/
+        cert_sig.cpp
+        mem_usage.cpp
+
+David  1 Nov 2012
+    - client: in checking reasons for not requesting work,
+        look at backoff last.
+        Otherwise the user can get a misleading message if they
+        update a project that's backed off
+
+    client/
+        work_fetch.cpp
+
+Rom    2 Nov 2012
+    - Tag for 7.0.37 release, all platforms
+      client_release_7_0_37
+
+    /
+        configure.ac
+        version.h
+
+Rom    2 Nov 2012
+    - Tag for 7.0.38 release, all platforms
+      client_release_7.0.38
+
+    /
+        configure.ac
+        version.h
diff --git a/client/Makefile.am b/client/Makefile.am
index 56194f3..cd58311 100644
--- a/client/Makefile.am
+++ b/client/Makefile.am
@@ -1,5 +1,5 @@
 ## -*- mode: makefile; tab-width: 4 -*-
-## $Id: Makefile.am 25782 2012-06-22 02:10:29Z charlief $
+## $Id$
 
 include $(top_srcdir)/Makefile.incl
 
diff --git a/client/Makefile.curl.am b/client/Makefile.curl.am
index 3d2303d..a96d3a6 100644
--- a/client/Makefile.curl.am
+++ b/client/Makefile.curl.am
@@ -1,5 +1,5 @@
 ## -*- mode: make; tab-width: 4 -*-
-## $Id: Makefile.curl.am 16069 2008-09-26 18:20:24Z davea $
+## $Id$
 
 include $(top_srcdir)/Makefile.incl
 
diff --git a/client/app.cpp b/client/app.cpp
index fae19c5..6e28172 100644
--- a/client/app.cpp
+++ b/client/app.cpp
@@ -131,6 +131,7 @@ ACTIVE_TASK::ACTIVE_TASK() {
     strcpy(web_graphics_url, "");
     strcpy(remote_desktop_addr, "");
     async_copy = NULL;
+    finish_file_time = 0;
 }
 
 // preempt this task;
@@ -231,6 +232,7 @@ void ACTIVE_TASK::cleanup_task() {
 #endif
 
     if (config.exit_after_finish) {
+        gstate.write_state_file();
         exit(0);
     }
 }
@@ -300,8 +302,9 @@ void ACTIVE_TASK_SET::get_memory_usage() {
     int retval;
     static bool first = true;
     static double last_cpu_time;
+    double diff=0;
 
-    double diff = gstate.now - last_mem_time;
+    diff = gstate.now - last_mem_time;
     if (diff < 0 || diff > MEMORY_USAGE_PERIOD + 10) {
         // user has changed system clock,
         // or there has been a long system sleep
@@ -413,7 +416,7 @@ void ACTIVE_TASK_SET::get_memory_usage() {
 // Move it from slot dir to project dir
 //
 int ACTIVE_TASK::move_trickle_file() {
-    char project_dir[256], new_path[MAXPATHLEN], old_path[MAXPATHLEN];
+    char project_dir[MAXPATHLEN], new_path[MAXPATHLEN], old_path[MAXPATHLEN];
     int retval;
 
     get_project_dir(result->project, project_dir, sizeof(project_dir));
@@ -886,7 +889,7 @@ void ACTIVE_TASK_SET::report_overdue() {
 //
 int ACTIVE_TASK::handle_upload_files() {
     std::string filename;
-    char buf[256], path[MAXPATHLEN];
+    char buf[MAXPATHLEN], path[MAXPATHLEN];
     int retval;
 
     DirScanner dirscan(slot_dir);
diff --git a/client/app.h b/client/app.h
index 557d91e..ca86325 100644
--- a/client/app.h
+++ b/client/app.h
@@ -112,7 +112,7 @@ struct ACTIVE_TASK {
     double bytes_received;
     char slot_dir[256];
         // directory where process runs (relative)
-    char slot_path[512];
+    char slot_path[MAXPATHLEN];
         // same, absolute
         // This is used only to run graphics apps
         // (that way don't have to worry about top-level dirs
@@ -154,6 +154,9 @@ struct ACTIVE_TASK {
     char web_graphics_url[256];
     char remote_desktop_addr[256];
     ASYNC_COPY* async_copy;
+    double finish_file_time;
+        // time when we saw finish file in slot dir.
+        // Used to kill apps that hang after writing finished file
 
     void set_task_state(int, const char*);
     inline int task_state() {
diff --git a/client/app_control.cpp b/client/app_control.cpp
index 7012a96..86e6d35 100644
--- a/client/app_control.cpp
+++ b/client/app_control.cpp
@@ -120,6 +120,23 @@ bool ACTIVE_TASK_SET::poll() {
         }
     }
 
+    // Check for finish files every 10 sec.
+    // If we already found a finish file, kill the app;
+    // it must be hung somewhere in boinc_finish();
+    //
+    static double last_finish_check_time = 0;
+    if (gstate.now - last_finish_check_time > 10) {
+        last_finish_check_time = gstate.now;
+        for (i=0; i<active_tasks.size(); i++) {
+            ACTIVE_TASK* atp = active_tasks[i];
+            if (atp->task_state() == PROCESS_UNINITIALIZED) continue;
+            if (atp->finish_file_time) {
+                atp->kill_task(false);
+            } else if (atp->finish_file_present()) {
+                atp->finish_file_time = gstate.now;
+            }
+        }
+    }
     if (action) {
         gstate.set_client_state_dirty("ACTIVE_TASK_SET::poll");
     }
@@ -520,10 +537,6 @@ void ACTIVE_TASK::handle_exited_app(int stat) {
 
     cleanup_task();
 
-    if (config.exit_after_finish) {
-        exit(0);
-    }
-
     if (!will_restart) {
         copy_output_files();
         int retval = read_stderr_file();
@@ -621,6 +634,8 @@ void ACTIVE_TASK_SET::send_heartbeats() {
     }
 }
 
+// send queued process-control messages; check for timeout
+//
 void ACTIVE_TASK_SET::process_control_poll() {
     unsigned int i;
     ACTIVE_TASK* atp;
diff --git a/client/app_start.cpp b/client/app_start.cpp
index 21b7399..50ee4cf 100644
--- a/client/app_start.cpp
+++ b/client/app_start.cpp
@@ -218,6 +218,17 @@ void ACTIVE_TASK::init_app_init_data(APP_INIT_DATA& aid) {
     relative_to_absolute("", aid.boinc_dir);
     strcpy(aid.authenticator, wup->project->authenticator);
     aid.slot = slot;
+#ifdef _WIN32
+    if (strstr(gstate.host_info.os_name, "Windows 2000")) {
+        // Win2K immediately reuses PIDs, so can't use this mechanism
+        //
+        aid.client_pid = 0;
+    } else {
+        aid.client_pid = GetCurrentProcessId();
+    }
+#else
+    aid.client_pid = getpid();
+#endif
     strcpy(aid.wu_name, wup->name);
     strcpy(aid.result_name, result->name);
     aid.user_total_credit = wup->project->user_total_credit;
@@ -507,7 +518,8 @@ int ACTIVE_TASK::start() {
             if (fip) {
                 snprintf(
                     buf, sizeof(buf),
-                    "Input file %s missing or invalid: %d", fip->name, retval
+                    "Input file %s missing or invalid: %s",
+                    fip->name, boincerror(retval)
                 );
             } else {
                 strcpy(buf, "Input file missing or invalid");
@@ -542,7 +554,7 @@ int ACTIVE_TASK::start() {
     init_app_init_data(aid);
     retval = write_app_init_file(aid);
     if (retval) {
-        sprintf(buf, "Can't write init file: %d", retval);
+        sprintf(buf, "Can't write init file: %s", boincerror(retval));
         goto error;
     }
 
@@ -785,7 +797,7 @@ int ACTIVE_TASK::start() {
     //
     retval = chdir(slot_dir);
     if (retval) {
-        sprintf(buf, "Can't change directory: %s", slot_dir, boincerror(retval));
+        sprintf(buf, "Can't change directory to %s: %s", slot_dir, boincerror(retval));
         goto error;
     }
 
@@ -807,7 +819,7 @@ int ACTIVE_TASK::start() {
     sprintf(buf, "../../%s", exec_path );
     pid = spawnv(P_NOWAIT, buf, argv);
     if (pid == -1) {
-        sprintf(buf, "Process creation failed: %s\n", buf, boincerror(retval));
+        sprintf(buf, "Process creation failed: %s\n", boincerror(retval));
         chdir(current_dir);
         retval = ERR_EXEC;
         goto error;
@@ -1051,7 +1063,7 @@ error:
     // Verify it to trigger another download.
     //
     gstate.input_files_available(result, true);
-    gstate.report_result_error(*result, "couldn't start %s: %d", buf, retval);
+    gstate.report_result_error(*result, "couldn't start app: %s", buf);
     if (log_flags.task_debug) {
         msg_printf(wup->project, MSG_INFO,
             "[task] couldn't start app: %s", buf
diff --git a/client/app_stats_mac.cpp b/client/app_stats_mac.cpp
new file mode 100644
index 0000000..8ce8960
--- /dev/null
+++ b/client/app_stats_mac.cpp
@@ -0,0 +1,713 @@
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2008 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+// This file is adapted from code originally supplied by Apple Computer, Inc. 
+// The Berkeley Open Infrastructure for Network Computing project has modified 
+// the original code and made additions as of September 22, 2006.  The original 
+// Apple Public Source License statement appears below:
+
+/*
+ * Copyright (c) 2002-2004 Apple Computer, Inc.  All rights reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ * 
+ * The contents of this file constitute Original Code as defined in and
+ * are subject to the Apple Public Source License Version 1.1 (the
+ * "License").  You may not use this file except in compliance with the
+ * License.  Please obtain a copy of the License at
+ * http://www.apple.com/publicsource and read it before using this file.
+ * 
+ * This Original Code and all software distributed under the License are
+ * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
+ * License for the specific language governing rights and limitations
+ * under the License.
+ * 
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+// app_stats_mac.C
+//
+
+// #define _DEBUG 1
+
+// Put a safety limit on recursion
+#define MAX_DESCENDANT_LEVEL 4
+
+// Totals for non_BOINC processes are not useful because most OSs don't
+// move idle processes out of RAM, so physical memory is always full
+#define GET_NON_BOINC_INFO 0
+
+// We don't need swap space info because
+// http://developer.apple.com/documentation/Performance/Conceptual/ManagingMemory/Articles/AboutMemory.html says:
+//     Unlike most UNIX-based operating systems, Mac OS X does not use a 
+//     preallocated swap partition for virtual memory. Instead, it uses all
+//     of the available space on the machineÕs boot partition.
+// However, the associated overhead is not significant if we are examining 
+// only BOINC descendant processes.
+#define GET_SWAP_SIZE 1
+
+// The overhead for getting CPU times is not significant if we are 
+// examining only BOINC descendant processes.
+#define GET_CPU_TIMES 1
+
+
+#include <cerrno>
+#include <sys/types.h>
+#include <mach/shared_memory_server.h>
+#include <mach/mach.h>
+#include <mach/mach_error.h>
+#include <sys/sysctl.h>
+
+#include "procinfo.h"
+
+using std::vector;
+
+static int get_boinc_proc_info(int my_pid, int boinc_pid);
+static int build_proc_list (vector<PROCINFO>& pi, int boinc_pid);
+static void output_child_totals(PROCINFO& pinfo);
+static boolean_t appstats_task_update(task_t a_task, vector<PROCINFO>& piv);
+static void find_all_descendants(vector<PROCINFO>& piv, int pid, int rlvl);
+static void add_child_totals(PROCINFO& pi, vector<PROCINFO>& piv, int pid, int rlvl);
+//static void add_others(PROCINFO&, std::vector<PROCINFO>&);
+static void sig_pipe(int signo);
+
+#ifdef _DEBUG
+static void print_procinfo(PROCINFO& pinfo);
+static void vm_size_render(unsigned long long a_size);
+#endif
+
+// BOINC helper application to get info about each of the BOINC Client's 
+// child processes (including all its descendants) and also totals for 
+// all other processes. 
+// On the Mac, much of this information is accessible only by the super-user, 
+// so this helper application must be run setuid root. 
+
+int main(int argc, char** argv) {
+    int boinc_pid, my_pid;
+    int retval;
+    char buf[256];
+    
+    if (geteuid() != 0)             // This must be run setuid root
+        return EACCES;
+
+    my_pid = getpid();
+    boinc_pid = getppid();          // Assumes we were called by BOINC client
+
+    if (argc == 2)
+        boinc_pid = atoi(argv[1]);  // Pass in any desired valid pid for testing
+
+    if (signal(SIGPIPE, sig_pipe) == SIG_ERR) {
+        fprintf(stderr, "signal error");
+        return 0;
+    }
+    
+    setbuf(stdin, 0);
+    setbuf(stdout, 0);
+    
+    while (1) {
+        if (fgets(buf, sizeof(buf), stdin) == NULL)
+            return 0;
+        
+        if (feof(stdin))
+            return 0;
+
+        retval = get_boinc_proc_info(my_pid, boinc_pid);
+    }
+    
+    return 0;
+}
+
+static int get_boinc_proc_info(int my_pid, int boinc_pid) {    
+    int retval;
+    vector<PROCINFO> piv;
+    PROCINFO child_total;
+    unsigned int i;
+    
+
+    retval = build_proc_list(piv, boinc_pid);
+    if (retval)
+        return retval;
+
+    for (i=0; i<piv.size(); i++) {
+        PROCINFO& p = piv[i];
+        if (p.parentid == boinc_pid) {
+            if (p.id == my_pid)
+                continue;
+            
+            child_total = p;
+            p.is_boinc_app = true;
+#ifdef _DEBUG
+            printf("\n\nSumming info for process %d and its children:\n", child_total.id);
+            print_procinfo(child_total);
+#endif
+            // look for child processes
+         add_child_totals(child_total, piv, p.id, 0);
+#ifdef _DEBUG
+            printf("Totals for process %d and its children:\n", child_total.id);
+#endif
+            output_child_totals(child_total);
+        }
+    }
+    
+    memset(&child_total, 0, sizeof(child_total));
+#if 0
+#ifdef _DEBUG
+    printf("\n\nSumming info for all other processes\n");
+#endif
+    add_others(child_total, piv);
+#endif
+    output_child_totals(child_total);   // zero pid signals end of data
+    
+    return 0;
+}
+
+
+static void output_child_totals(PROCINFO& pinfo) {
+    printf("%d %d %.0lf %.0lf %lu %lf %lf\n", 
+                pinfo.id, pinfo.parentid, pinfo.working_set_size, pinfo.swap_size, 
+                pinfo.page_fault_count, pinfo.user_time, pinfo.kernel_time);
+//    fflush(stdout);
+}
+
+static int build_proc_list (vector<PROCINFO>& pi, int boinc_pid) {
+    boolean_t               retval = FALSE;
+    kern_return_t           error;
+        mach_port_t             appstats_port;
+    processor_set_t         *psets, pset;
+    task_t                  *tasks;
+    unsigned                i, j, pcnt, tcnt;
+        PROCINFO                pinfo;
+    int                     pid, mib[4];
+    struct kinfo_proc    kinfo;
+    size_t            kinfosize;
+        
+    appstats_port = mach_host_self();
+
+        // First, get a list of all tasks / processes
+
+    error = host_processor_sets(appstats_port, &psets, &pcnt);
+    if (error != KERN_SUCCESS) {
+        fprintf(stderr,
+            "Error in host_processor_sets(): %s",
+            mach_error_string(error));
+        retval = TRUE;
+        goto RETURN;
+    }
+
+    for (i = 0; i < pcnt; i++) {
+                if (retval)
+                        break;
+                
+        error = host_processor_set_priv(appstats_port, psets[i], &pset);
+        if (error != KERN_SUCCESS) {
+            fprintf(stderr, 
+                "Error in host_processor_set_priv(): %s",
+                mach_error_string(error));
+            retval = TRUE;
+            break;
+        }
+
+        error = processor_set_tasks(pset, &tasks, &tcnt);
+        if (error != KERN_SUCCESS) {
+            fprintf(stderr,
+                "Error in processor_set_tasks(): %s",
+                mach_error_string(error));
+            retval = TRUE;
+            break;
+        }
+
+        for (j = 0; j < tcnt; j++) {
+                        if (retval)
+                                break;
+                        
+                        memset(&pinfo, 0, sizeof(PROCINFO));
+
+                        /* Get pid for this task. */
+                        error = pid_for_task(tasks[j], &pid);
+                        if (error != KERN_SUCCESS) {
+                                /* Not a process, or the process is gone. */
+                                continue;
+                        }
+                        
+                        // Get parent pid for each process
+                        /* Get kinfo structure for this task. */
+                        kinfosize = sizeof(struct kinfo_proc);
+                        mib[0] = CTL_KERN;
+                        mib[1] = KERN_PROC;
+                        mib[2] = KERN_PROC_PID;
+                        mib[3] = pid;
+
+                        if (sysctl(mib, 4, &kinfo, &kinfosize, NULL, 0) == -1) {
+                                fprintf(stderr,
+                                    "%s(): Error in sysctl(): %s", __FUNCTION__,
+                                    strerror(errno));
+                                retval = TRUE;
+                                break;
+                        }
+
+                        if (kinfo.kp_proc.p_stat == 0) {
+                                /* Zombie process. */
+                                continue;
+                        }
+
+                        pinfo.id = pid;
+                        pinfo.parentid = kinfo.kp_eproc.e_ppid;
+
+                        pi.push_back(pinfo);
+                }
+        }
+        
+#if ! GET_NON_BOINC_INFO
+        // Next, find all BOINC's decendants and mark them for further study
+        if (! retval)
+                find_all_descendants(pi, boinc_pid, 0);
+#endif
+        
+        // Now get the process information for each descendant
+    for (i = 0; i < pcnt; i++) {
+        for (j = 0; j < tcnt; j++) {
+                        if (! retval)
+                            if (appstats_task_update(tasks[j], pi)) {
+                                    retval = TRUE;
+                                    goto RETURN;
+                            }
+
+            /* Delete task port if it isn't our own. */
+            if (tasks[j] != mach_task_self()) {
+                mach_port_deallocate(mach_task_self(),
+                    tasks[j]);
+            }
+        }
+
+        error = vm_deallocate((vm_map_t)mach_task_self(),
+            (vm_address_t)tasks, tcnt * sizeof(task_t));
+        if (error != KERN_SUCCESS) {
+                        if (!retval)
+                                fprintf(stderr,
+                                    "Error in vm_deallocate(): %s",
+                                    mach_error_string(error));
+            retval = TRUE;
+            goto RETURN;
+        }
+        if ((error = mach_port_deallocate(mach_task_self(),
+             pset)) != KERN_SUCCESS
+            || (error = mach_port_deallocate(mach_task_self(),
+            psets[i])) != KERN_SUCCESS) {
+                        if (!retval)
+                                fprintf(stderr,
+                                    "Error in mach_port_deallocate(): %s",
+                                    mach_error_string(error));
+            retval = TRUE;
+            goto RETURN;
+        }
+    }
+
+    error = vm_deallocate((vm_map_t)mach_task_self(),
+        (vm_address_t)psets, pcnt * sizeof(processor_set_t));
+    if (error != KERN_SUCCESS) {
+                if (!retval)
+                        fprintf(stderr,
+                            "Error in vm_deallocate(): %s",
+                            mach_error_string(error));
+        retval = TRUE;
+        goto RETURN;
+    }
+
+    RETURN:
+    return retval;
+
+}
+
+/* Update statistics for task a_task. */
+static boolean_t appstats_task_update(task_t a_task, vector<PROCINFO>& piv)
+{
+    boolean_t        retval;
+    kern_return_t        error;
+    mach_msg_type_number_t    count;
+    task_basic_info_data_t    ti;
+    vm_address_t        address;
+    mach_port_t        object_name;
+    vm_region_top_info_data_t info;
+    vm_size_t        size;
+    thread_array_t        thread_table;
+    unsigned int        table_size;
+    thread_basic_info_t    thi;
+    thread_basic_info_data_t thi_data;
+    unsigned        i;
+    task_events_info_data_t    events;
+        vm_size_t               vsize, rsize;
+        PROCINFO                *pinfo;
+        int                     pid;
+        
+    /* Get pid for this task. */
+    error = pid_for_task(a_task, &pid);
+    if (error != KERN_SUCCESS) {
+        /* Not a process, or the process is gone. */
+        retval = FALSE;
+        goto GONE;
+    }
+        
+        for (i=0; i<piv.size(); i++) {
+                pinfo = &piv[i];
+                if (pinfo->id == pid)
+                        break;
+        }
+
+        if (pinfo->id != pid) {
+        fprintf(stderr, "pid %d missing from list\n", pid);
+        retval = FALSE;
+        goto RETURN;
+    }
+        
+#if ! GET_NON_BOINC_INFO
+        if (!pinfo->is_boinc_app) {
+        retval = FALSE;
+        goto RETURN;
+    }
+#endif        
+    /*
+     * Get task_info, which is used for memory usage and CPU usage
+     * statistics.
+     */
+    count = TASK_BASIC_INFO_COUNT;
+    error = task_info(a_task, TASK_BASIC_INFO, (task_info_t)&ti, &count);
+    if (error != KERN_SUCCESS) {
+        retval = FALSE;
+        goto GONE;
+    }
+
+    /*
+     * Get memory usage statistics.
+     */
+
+    /*
+     * Set rsize and vsize; they require no calculation.  (Well, actually,
+     * we adjust vsize if traversing memory objects to not include the
+     * globally shared text and data regions).
+     */
+         rsize = ti.resident_size;
+#if GET_SWAP_SIZE
+         vsize = ti.virtual_size;
+            /*
+             * Iterate through the VM regions of the process and determine
+             * the amount of memory of various types it has mapped.
+             */
+            for (address = 0; ; address += size) {
+                    /* Get memory region. */
+                    count = VM_REGION_TOP_INFO_COUNT;
+                    if (vm_region(a_task, &address, &size,
+                        VM_REGION_TOP_INFO, (vm_region_info_t)&info, &count,
+                        &object_name) != KERN_SUCCESS) {
+                            /* No more memory regions. */
+                            break;
+                    }
+
+                    if (address >= GLOBAL_SHARED_TEXT_SEGMENT
+                        && address < (GLOBAL_SHARED_DATA_SEGMENT
+                        + SHARED_DATA_REGION_SIZE)) {
+                            /* This region is private shared. */
+
+                            /*
+                             * Check if this process has the globally shared
+                             * text and data regions mapped in.  If so, adjust
+                             * virtual memory size and exit loop.
+                             */
+                            if (info.share_mode == SM_EMPTY) {
+                                    vm_region_basic_info_data_64_t    b_info;
+
+                                    count = VM_REGION_BASIC_INFO_COUNT_64;
+                                    if (vm_region_64(a_task, &address,
+                                        &size, VM_REGION_BASIC_INFO,
+                                        (vm_region_info_t)&b_info, &count,
+                                        &object_name) != KERN_SUCCESS) {
+                                            break;
+                                    }
+
+                                    if (b_info.reserved) {
+                                        vsize -= (SHARED_TEXT_REGION_SIZE + SHARED_DATA_REGION_SIZE);
+                                        break;
+                                    }
+                            }
+                }
+        }
+#else
+        vsize = 0;
+#endif      // GET_SWAP_SIZE
+        pinfo->working_set_size = rsize;
+    pinfo->swap_size = vsize;
+
+    /*
+     * Get CPU usage statistics.
+     */
+
+        pinfo->user_time = (double)ti.user_time.seconds + (((double)ti.user_time.microseconds)/1000000.);
+        pinfo->kernel_time = (double)ti.system_time.seconds + (((double)ti.system_time.microseconds)/1000000.);
+
+    /* Get number of threads. */
+    error = task_threads(a_task, &thread_table, &table_size);
+    if (error != KERN_SUCCESS) {
+        retval = FALSE;
+        goto RETURN;
+    }
+
+#if GET_CPU_TIMES
+    /* Iterate through threads and collect usage stats. */
+    thi = &thi_data;
+    for (i = 0; i < table_size; i++) {
+        count = THREAD_BASIC_INFO_COUNT;
+        if (thread_info(thread_table[i], THREAD_BASIC_INFO,
+            (thread_info_t)thi, &count) == KERN_SUCCESS) {
+            if ((thi->flags & TH_FLAGS_IDLE) == 0) {
+                            pinfo->user_time += (double)thi->user_time.seconds + (((double)thi->user_time.microseconds)/1000000.);
+                            pinfo->kernel_time += (double)thi->system_time.seconds + (((double)thi->system_time.microseconds)/1000000.);
+            }
+        }
+        if (a_task != mach_task_self()) {
+            if ((error = mach_port_deallocate(mach_task_self(),
+                thread_table[i])) != KERN_SUCCESS) {
+                fprintf(stderr, 
+                    "Error in mach_port_deallocate(): %s",
+                    mach_error_string(error));
+                retval = TRUE;
+                goto RETURN;
+            }
+        }
+    }
+    if ((error = vm_deallocate(mach_task_self(), (vm_offset_t)thread_table,
+        table_size * sizeof(thread_array_t)) != KERN_SUCCESS)) {
+        fprintf(stderr,
+            "Error in vm_deallocate(): %s",
+            mach_error_string(error));
+        retval = TRUE;
+        goto RETURN;
+    }
+#endif GET_CPU_TIMES
+
+    /*
+     * Get event counters.
+     */
+
+    count = TASK_EVENTS_INFO_COUNT;
+    if (task_info(a_task, TASK_EVENTS_INFO,
+        (task_info_t)&events, &count) != KERN_SUCCESS) {
+        /* Error. */
+        retval = FALSE;
+        goto RETURN;
+    } else {
+            pinfo->page_fault_count = events.pageins;
+        }
+
+    retval = FALSE;
+    RETURN:
+    GONE:
+        
+    return retval;
+}
+
+// Scan the process table marking all the decendants of the parent 
+// process. Loop thru entire table as the entries aren't in order.  
+// Recurse at most 5 times to get additional child processes. 
+//
+static void find_all_descendants(vector<PROCINFO>& piv, int pid, int rlvl) {
+    unsigned int i;
+
+    if (rlvl > MAX_DESCENDANT_LEVEL) {
+        return;
+    }
+    for (i=0; i<piv.size(); i++) {
+        PROCINFO& p = piv[i];
+        if (p.parentid == pid) {
+            p.is_boinc_app = true;
+            // look for child process of this one
+            find_all_descendants(piv, p.id, rlvl+1); // recursion - woo hoo!
+        }
+    }
+}
+
+// Scan the process table adding in CPU time and mem usage. Loop
+// thru entire table as the entries aren't in order.  Recurse at
+// most 4 times to get additional child processes 
+//
+static void add_child_totals(PROCINFO& pi, vector<PROCINFO>& piv, int pid, int rlvl) {
+    unsigned int i;
+
+    if (rlvl > (MAX_DESCENDANT_LEVEL - 1)) {
+        return;
+    }
+    for (i=0; i<piv.size(); i++) {
+        PROCINFO& p = piv[i];
+        if (p.parentid == pid) {
+            pi.kernel_time += p.kernel_time;
+            pi.user_time += p.user_time;
+            pi.swap_size += p.swap_size;
+            pi.working_set_size += p.working_set_size;
+            pi.page_fault_count += p.page_fault_count;
+            p.is_boinc_app = true;
+#ifdef _DEBUG
+            print_procinfo(p);
+#endif
+            // look for child process of this one
+            add_child_totals(pi, piv, p.id, rlvl+1); // recursion - woo hoo!
+        }
+    }
+}
+
+#if 0
+static void add_others(PROCINFO& pi, vector<PROCINFO>& piv) {
+    unsigned int i;
+
+    memset(&pi, 0, sizeof(pi));
+    for (i=0; i<piv.size(); i++) {
+        PROCINFO& p = piv[i];
+        if (!p.is_boinc_app) {
+            pi.kernel_time += p.kernel_time;
+            pi.user_time += p.user_time;
+            pi.swap_size += p.swap_size;
+            pi.working_set_size += p.working_set_size;
+            pi.page_fault_count += p.page_fault_count;
+            p.is_boinc_app = true;
+#ifdef _DEBUG
+            print_procinfo(p);
+#endif
+        }
+    }
+}
+#endif
+
+static void sig_pipe(int signo)
+{
+    exit(1);
+}
+
+#ifdef _DEBUG
+static void print_procinfo(PROCINFO& pinfo) {
+    unsigned long long rsize, vsize;
+    
+    rsize = (unsigned long long)pinfo.working_set_size;
+    vsize = (unsigned long long)pinfo.swap_size;
+    printf("pid=%d, ppid=%d, rm=%llu=", pinfo.id, pinfo.parentid, rsize);
+    vm_size_render(rsize);
+    printf("=, vm=%llu=", vsize);
+    vm_size_render(vsize);
+    printf(", pageins=%lu, usertime=%lf, systime=%lf\n", pinfo.page_fault_count, pinfo.user_time, pinfo.kernel_time);
+}
+
+/*
+ * Render a memory size in units of B, K, M, or G, depending on the value.
+ *
+ * a_size is ULL, since there are places where VM sizes are capable of
+ * overflowing 32 bits, particularly when VM stats are multiplied by the
+ * pagesize.
+ */
+static void vm_size_render(unsigned long long a_size)
+{
+    if (a_size < 1024) {
+        /* 1023B. */
+        printf("%4lluB", a_size);
+    } else if (a_size < (1024ULL * 1024ULL)) {
+        /* K. */
+        if (a_size < 10ULL * 1024ULL) {
+            /* 9.99K */
+            printf("%1.2fK",
+                ((double)a_size) / 1024);
+        } else if (a_size < 100ULL * 1024ULL) {
+            /* 99.9K */
+            printf("%2.1fK",
+                ((double)a_size) / 1024);
+        } else {
+            /* 1023K */
+            printf("%4lluK",
+                a_size / 1024ULL);
+        }
+    } else if (a_size < (1024ULL * 1024ULL * 1024ULL)) {
+        /* M. */
+        if (a_size < 10ULL * 1024ULL * 1024ULL) {
+            /* 9.99M */
+            printf("%1.2fM",
+                ((double)a_size) / (1024 * 1024));
+        } else if (a_size < 100ULL * 1024ULL * 1024ULL) {
+            /* 99.9M */
+            printf("%2.1fM",
+                ((double)a_size) / (1024 * 1024));
+        } else {
+            /* 1023M */
+            printf("%4lluM",
+                a_size / (1024ULL * 1024ULL));
+        }
+    } else if (a_size < (1024ULL * 1024ULL * 1024ULL * 1024ULL)) {
+        /* G. */
+        if (a_size < 10ULL * 1024ULL * 1024ULL * 1024ULL) {
+            /* 9.99G. */
+            printf("%1.2fG",
+                ((double)a_size) / (1024 * 1024 * 1024));
+        } else if (a_size < 100ULL * 1024ULL * 1024ULL * 1024ULL) {
+            /* 99.9G. */
+            printf("%2.1fG",
+                ((double)a_size) / (1024 * 1024 * 1024));
+        } else {
+            /* 1023G */
+            printf("%4lluG",
+                a_size / (1024ULL * 1024ULL * 1024ULL));
+        }
+    } else if (a_size < (1024ULL * 1024ULL * 1024ULL * 1024ULL)) {
+        /* T. */
+        if (a_size < 10ULL * 1024ULL * 1024ULL * 1024ULL * 1024ULL) {
+            /* 9.99T. */
+            printf("%1.2fT",
+                 ((double)a_size) /
+                 (1024ULL * 1024ULL * 1024ULL * 1024ULL));
+        } else if (a_size < (100ULL * 1024ULL * 1024ULL * 1024ULL
+                     * 1024ULL)) {
+            /* 99.9T. */
+            printf("%2.1fT",
+                 ((double)a_size) /
+                 (1024ULL * 1024ULL * 1024ULL * 1024ULL));
+        } else {
+            /* 1023T */
+            printf("%4lluT",
+                 a_size /
+                 (1024ULL * 1024ULL * 1024ULL * 1024ULL));
+        }
+    } else {
+        /* P. */
+        if (a_size < (10ULL * 1024ULL * 1024ULL * 1024ULL * 1024ULL
+                  * 1024ULL)) {
+            /* 9.99P. */
+            printf("%1.2fP",
+                 ((double)a_size) /
+                 (1024ULL * 1024ULL * 1024ULL * 1024ULL
+                  * 1024ULL));
+        } else if (a_size < (100ULL * 1024ULL * 1024ULL * 1024ULL
+                     * 1024ULL)) {
+            /* 99.9P. */
+            printf("%2.1fP",
+                 ((double)a_size) /
+                 (1024ULL * 1024ULL * 1024ULL * 1024ULL
+                  * 1024ULL));
+        } else {
+            /* 1023P */
+            printf("%4lluP",
+                 a_size /
+                 (1024ULL * 1024ULL * 1024ULL * 1024ULL
+                  * 1024ULL));
+        }
+    }
+}
+#endif  // _DEBUG
diff --git a/client/async_file.cpp b/client/async_file.cpp
index 7067ef9..3fe3e9b 100644
--- a/client/async_file.cpp
+++ b/client/async_file.cpp
@@ -90,8 +90,8 @@ int ASYNC_COPY::copy_chunk() {
     unsigned char buf[BUFSIZE];
     int retval;
 
-    int n = fread(buf, 1, BUFSIZE, in);
-    if (n <= 0) {
+    size_t n = fread(buf, 1, BUFSIZE, in);
+    if (n == 0) {
         // copy done.  rename temp file
         //
         fclose(in);
@@ -122,7 +122,7 @@ int ASYNC_COPY::copy_chunk() {
         }
         return 1;       // tell caller we're done
     } else {
-        int m = fwrite(buf, 1, n, out);
+        size_t m = fwrite(buf, 1, n, out);
         if (m != n) {
             error(ERR_FWRITE);
             return 1;
diff --git a/client/check_security.cpp b/client/check_security.cpp
index e9daee3..b52062f 100644
--- a/client/check_security.cpp
+++ b/client/check_security.cpp
@@ -39,10 +39,11 @@
 bool IsUserInGroupBM();
 #endif
 
-static int CheckNestedDirectories(char * basepath, int depth, 
-                                    int use_sandbox, int isManager, 
-                                    char * path_to_error
-                                );
+static int CheckNestedDirectories(
+    char * basepath, int depth, 
+    int use_sandbox, int isManager, 
+    char * path_to_error
+);
 
 #if (! defined(__WXMAC__) && ! defined(_MAC_INSTALLER))
 static char * PersistentFGets(char *buf, size_t buflen, FILE *f);
@@ -500,7 +501,7 @@ saverName[2] = "Progress Thru Processors";
 }
 
 
-static int CheckNestedDirectories(char * basepath, int depth, 
+static int CheckNestedDirectories(char * basepath, int depth,
                                     int use_sandbox, int isManager, 
                                     char * path_to_error
                                 ) {
diff --git a/client/client_state.cpp b/client/client_state.cpp
index ad38a4e..64b0e03 100644
--- a/client/client_state.cpp
+++ b/client/client_state.cpp
@@ -300,7 +300,6 @@ int CLIENT_STATE::init() {
 
     srand((unsigned int)time(0));
     now = dtime();
-    client_start_time = now;
     scheduler_op->url_random = drand();
 
     notices.init();
@@ -1654,7 +1653,7 @@ int CLIENT_STATE::report_result_error(RESULT& res, const char* format, ...) {
     vsnprintf(err_msg, sizeof(err_msg), format, va);
     va_end(va);
 
-    sprintf(buf, "Unrecoverable error for task %s (%s)", res.name, err_msg);
+    sprintf(buf, "Unrecoverable error for task %s", res.name);
 #ifndef SIM
     scheduler_op->backoff(res.project, buf);
 #endif
diff --git a/client/client_state.h b/client/client_state.h
index 87b6187..ba895ee 100644
--- a/client/client_state.h
+++ b/client/client_state.h
@@ -92,7 +92,7 @@ struct CLIENT_STATE {
     GET_PROJECT_LIST_OP get_project_list_op;
     ACCT_MGR_OP acct_mgr_op;
 
-    TIME_STATS time_stats;
+    CLIENT_TIME_STATS time_stats;
     GLOBAL_PREFS global_prefs;
     NET_STATS net_stats;
     ACTIVE_TASK_SET active_tasks;
@@ -185,7 +185,6 @@ struct CLIENT_STATE {
         // this affects auto-update
     bool run_by_updater;
     double now;
-    double client_start_time;
     double last_wakeup_time;
     bool initialized;
     bool cant_write_state_file;
diff --git a/client/client_types.h b/client/client_types.h
index 0832e26..51cabf4 100644
--- a/client/client_types.h
+++ b/client/client_types.h
@@ -36,6 +36,7 @@
 #include "hostinfo.h"
 #include "coproc.h"
 #include "miofile.h"
+#include "filesys.h"
 #include "common_defs.h"
 #include "cc_config.h"
 
diff --git a/client/cs_prefs.cpp b/client/cs_prefs.cpp
index 8fb3aa7..ce3d670 100644
--- a/client/cs_prefs.cpp
+++ b/client/cs_prefs.cpp
@@ -144,7 +144,7 @@ void CLIENT_STATE::get_disk_shares() {
     if (log_flags.disk_usage_debug) {
         msg_printf(0, MSG_INFO,
             "[disk_usage] allowed %.2fMB used %.2fMB",
-            allowed, total_disk_usage
+            allowed/MEGA, total_disk_usage/MEGA
         );
     }
     for (i=0; i<projects.size(); i++) {
@@ -169,7 +169,7 @@ int CLIENT_STATE::check_suspend_processing() {
         return SUSPEND_REASON_BENCHMARKS;
     }
 
-    if (config.start_delay && now < client_start_time + config.start_delay) {
+    if (config.start_delay && now < time_stats.client_start_time + config.start_delay) {
         return SUSPEND_REASON_INITIAL_DELAY;
     }
 
diff --git a/client/cs_scheduler.cpp b/client/cs_scheduler.cpp
index c596836..133172e 100644
--- a/client/cs_scheduler.cpp
+++ b/client/cs_scheduler.cpp
@@ -369,6 +369,7 @@ int CLIENT_STATE::make_scheduler_request(PROJECT* p) {
         fprintf(f, "<client_opaque>\n<![CDATA[\n");
         copy_stream(cof, f);
         fprintf(f, "\n]]>\n</client_opaque>\n");
+        fclose(cof);
     }
 
     fprintf(f, "</scheduler_request>\n");
diff --git a/client/cs_statefile.cpp b/client/cs_statefile.cpp
index 64cfc13..d0b84d3 100644
--- a/client/cs_statefile.cpp
+++ b/client/cs_statefile.cpp
@@ -499,6 +499,9 @@ int CLIENT_STATE::parse_state_file_aux(const char* fname) {
         if (xp.parse_string("newer_version", newer_version)) {
             continue;
         }
+        if (xp.parse_double("previous_uptime", time_stats.previous_uptime)) {
+            continue;
+        }
 #ifdef ENABLE_AUTO_UPDATE
         if (xp.match_tag("auto_update")) {
             if (!project) {
@@ -750,7 +753,8 @@ int CLIENT_STATE::write_state(MIOFILE& f) {
         "<user_network_request>%d</user_network_request>\n"
         "%s"
         "<new_version_check_time>%f</new_version_check_time>\n"
-        "<all_projects_list_check_time>%f</all_projects_list_check_time>\n",
+        "<all_projects_list_check_time>%f</all_projects_list_check_time>\n"
+        "<previous_uptime>%f</previous_uptime>\n",
         get_primary_platform(),
         core_client_version.major,
         core_client_version.minor,
@@ -762,7 +766,8 @@ int CLIENT_STATE::write_state(MIOFILE& f) {
         network_run_mode.get_perm(),
         cpu_benchmarks_pending?"<cpu_benchmarks_pending/>\n":"",
         new_version_check_time,
-        all_projects_list_check_time
+        all_projects_list_check_time,
+        now - time_stats.client_start_time
     );
     if (newer_version.size()) {
         f.printf("<newer_version>%s</newer_version>\n", newer_version.c_str());
@@ -865,7 +870,7 @@ int CLIENT_STATE::parse_app_info(PROJECT* p, FILE* in) {
                     _("File referenced in app_info.xml does not exist: ")
                 );
                 strcat(buf, fip->name);
-                msg_printf(p, MSG_USER_ALERT, buf);
+                msg_printf(p, MSG_USER_ALERT, "%s", buf);
                 delete fip;
                 continue;
             }
@@ -922,11 +927,6 @@ int CLIENT_STATE::write_state_gui(MIOFILE& f) {
 
     f.printf("<client_state>\n");
 
-#if 1
-    // NOTE: the following stuff is not in CC_STATE.
-    // However, BoincView (which does its own parsing) expects it
-    // to be in the get_state() reply, so leave it in for now
-    //
     retval = host_info.write(f, true, false);
     if (retval) return retval;
 
@@ -939,12 +939,18 @@ int CLIENT_STATE::write_state_gui(MIOFILE& f) {
         f.printf("<have_ati/>\n");
     }
 
-    retval = time_stats.write(f, false);
-    if (retval) return retval;
+#if 1
+    // NOTE: the following is not in CC_STATE.
+    // However, BoincView (which does its own parsing) expects it
+    // to be in the get_state() reply, so leave it in for now
+    //
     retval = net_stats.write(f);
     if (retval) return retval;
 #endif
 
+    retval = time_stats.write(f, true);
+    if (retval) return retval;
+
     for (j=0; j<projects.size(); j++) {
         PROJECT* p = projects[j];
         retval = p->write_state(f, true);
diff --git a/client/gpu_nvidia.cpp b/client/gpu_nvidia.cpp
index cc0a982..098dce8 100644
--- a/client/gpu_nvidia.cpp
+++ b/client/gpu_nvidia.cpp
@@ -286,7 +286,7 @@ void COPROC_NVIDIA::get(
 
     int j, itemp;
     unsigned int i;
-    size_t global_mem;
+    size_t global_mem = 0;
     COPROC_NVIDIA cc;
     string s;
     for (j=0; j<cuda_ndevs; j++) {
diff --git a/client/hostinfo_win.cpp b/client/hostinfo_win.cpp
index 57b0fea..1bd4452 100644
--- a/client/hostinfo_win.cpp
+++ b/client/hostinfo_win.cpp
@@ -478,8 +478,7 @@ int get_os_information(
                 strcat(os_name, "Windows 2000");
             }
 
-            if ( osvi.dwMajorVersion <= 4 )
-            {
+            if ( osvi.dwMajorVersion <= 4 ) {
                 strcat(os_name, "Windows NT");
             }
 
diff --git a/client/http_curl.cpp b/client/http_curl.cpp
index 0add2af..0e673c0 100644
--- a/client/http_curl.cpp
+++ b/client/http_curl.cpp
@@ -31,6 +31,7 @@
 #include <sys/stat.h>
 #include <cerrno>
 #include <unistd.h>
+#include <fcntl.h>
 #if HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
@@ -387,6 +388,14 @@ bool HTTP_OP::no_proxy_for_url(const char* url) {
     return false;
 }
 
+#ifndef _WIN32
+static int set_cloexec(void*, curl_socket_t fd, curlsocktype purpose) {
+    if (purpose != CURLSOCKTYPE_IPCXN) return 0;
+    fcntl(fd, F_SETFD, FD_CLOEXEC);
+    return 0;
+}
+#endif
+
 // the following will do an HTTP GET or POST using libcurl
 //
 int HTTP_OP::libcurl_exec(
@@ -520,10 +529,17 @@ int HTTP_OP::libcurl_exec(
     // bypass any signal handlers that curl may want to install
     //
     curl_easy_setopt(curlEasy, CURLOPT_NOSIGNAL, 1L);
+
     // bypass progress meter
     //
     curl_easy_setopt(curlEasy, CURLOPT_NOPROGRESS, 1L);
 
+#ifndef _WIN32
+    // arrange for a function to get called between socket() and connect()
+    // so that we can mark the socket as close-on-exec
+    //
+    curl_easy_setopt(curlEasy, CURLOPT_SOCKOPTFUNCTION, set_cloexec);
+#endif
     // setup timeouts
     //
     curl_easy_setopt(curlEasy, CURLOPT_TIMEOUT, 0L);
diff --git a/client/install-sh b/client/install-sh
deleted file mode 100644
index e9de238..0000000
--- a/client/install-sh
+++ /dev/null
@@ -1,251 +0,0 @@
-#!/bin/sh
-#
-# install - install a program, script, or datafile
-# This comes from X11R5 (mit/util/scripts/install.sh).
-#
-# Copyright 1991 by the Massachusetts Institute of Technology
-#
-# Permission to use, copy, modify, distribute, and sell this software and its
-# documentation for any purpose is hereby granted without fee, provided that
-# the above copyright notice appear in all copies and that both that
-# copyright notice and this permission notice appear in supporting
-# documentation, and that the name of M.I.T. not be used in advertising or
-# publicity pertaining to distribution of the software without specific,
-# written prior permission.  M.I.T. makes no representations about the
-# suitability of this software for any purpose.  It is provided "as is"
-# without express or implied warranty.
-#
-# Calling this script install-sh is preferred over install.sh, to prevent
-# `make' implicit rules from creating a file called install from it
-# when there is no Makefile.
-#
-# This script is compatible with the BSD install script, but was written
-# from scratch.  It can only install one file at a time, a restriction
-# shared with many OS's install programs.
-
-
-# set DOITPROG to echo to test this script
-
-# Don't use :- since 4.3BSD and earlier shells don't like it.
-doit="${DOITPROG-}"
-
-
-# put in absolute paths if you don't have them in your path; or use env. vars.
-
-mvprog="${MVPROG-mv}"
-cpprog="${CPPROG-cp}"
-chmodprog="${CHMODPROG-chmod}"
-chownprog="${CHOWNPROG-chown}"
-chgrpprog="${CHGRPPROG-chgrp}"
-stripprog="${STRIPPROG-strip}"
-rmprog="${RMPROG-rm}"
-mkdirprog="${MKDIRPROG-mkdir}"
-
-transformbasename=""
-transform_arg=""
-instcmd="$mvprog"
-chmodcmd="$chmodprog 0755"
-chowncmd=""
-chgrpcmd=""
-stripcmd=""
-rmcmd="$rmprog -f"
-mvcmd="$mvprog"
-src=""
-dst=""
-dir_arg=""
-
-while [ x"$1" != x ]; do
-    case $1 in
-	-c) instcmd="$cpprog"
-	    shift
-	    continue;;
-
-	-d) dir_arg=true
-	    shift
-	    continue;;
-
-	-m) chmodcmd="$chmodprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-o) chowncmd="$chownprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-g) chgrpcmd="$chgrpprog $2"
-	    shift
-	    shift
-	    continue;;
-
-	-s) stripcmd="$stripprog"
-	    shift
-	    continue;;
-
-	-t=*) transformarg=`echo $1 | sed 's/-t=//'`
-	    shift
-	    continue;;
-
-	-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
-	    shift
-	    continue;;
-
-	*)  if [ x"$src" = x ]
-	    then
-		src=$1
-	    else
-		# this colon is to work around a 386BSD /bin/sh bug
-		:
-		dst=$1
-	    fi
-	    shift
-	    continue;;
-    esac
-done
-
-if [ x"$src" = x ]
-then
-	echo "install:	no input file specified"
-	exit 1
-else
-	true
-fi
-
-if [ x"$dir_arg" != x ]; then
-	dst=$src
-	src=""
-	
-	if [ -d $dst ]; then
-		instcmd=:
-		chmodcmd=""
-	else
-		instcmd=mkdir
-	fi
-else
-
-# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
-# might cause directories to be created, which would be especially bad 
-# if $src (and thus $dsttmp) contains '*'.
-
-	if [ -f $src -o -d $src ]
-	then
-		true
-	else
-		echo "install:  $src does not exist"
-		exit 1
-	fi
-	
-	if [ x"$dst" = x ]
-	then
-		echo "install:	no destination specified"
-		exit 1
-	else
-		true
-	fi
-
-# If destination is a directory, append the input filename; if your system
-# does not like double slashes in filenames, you may need to add some logic
-
-	if [ -d $dst ]
-	then
-		dst="$dst"/`basename $src`
-	else
-		true
-	fi
-fi
-
-## this sed command emulates the dirname command
-dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
-
-# Make sure that the destination directory exists.
-#  this part is taken from Noah Friedman's mkinstalldirs script
-
-# Skip lots of stat calls in the usual case.
-if [ ! -d "$dstdir" ]; then
-defaultIFS='	
-'
-IFS="${IFS-${defaultIFS}}"
-
-oIFS="${IFS}"
-# Some sh's can't handle IFS=/ for some reason.
-IFS='%'
-set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
-IFS="${oIFS}"
-
-pathcomp=''
-
-while [ $# -ne 0 ] ; do
-	pathcomp="${pathcomp}${1}"
-	shift
-
-	if [ ! -d "${pathcomp}" ] ;
-        then
-		$mkdirprog "${pathcomp}"
-	else
-		true
-	fi
-
-	pathcomp="${pathcomp}/"
-done
-fi
-
-if [ x"$dir_arg" != x ]
-then
-	$doit $instcmd $dst &&
-
-	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
-	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
-	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
-	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
-else
-
-# If we're going to rename the final executable, determine the name now.
-
-	if [ x"$transformarg" = x ] 
-	then
-		dstfile=`basename $dst`
-	else
-		dstfile=`basename $dst $transformbasename | 
-			sed $transformarg`$transformbasename
-	fi
-
-# don't allow the sed command to completely eliminate the filename
-
-	if [ x"$dstfile" = x ] 
-	then
-		dstfile=`basename $dst`
-	else
-		true
-	fi
-
-# Make a temp file name in the proper directory.
-
-	dsttmp=$dstdir/#inst.$$#
-
-# Move or copy the file name to the temp name
-
-	$doit $instcmd $src $dsttmp &&
-
-	trap "rm -f ${dsttmp}" 0 &&
-
-# and set any options; do chmod last to preserve setuid bits
-
-# If any of these fail, we abort the whole thing.  If we want to
-# ignore errors from any of these, just make sure not to ignore
-# errors from the above "$doit $instcmd $src $dsttmp" command.
-
-	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
-	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
-	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
-	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
-
-# Now rename the file to the real destination.
-
-	$doit $rmcmd -f $dstdir/$dstfile &&
-	$doit $mvcmd $dsttmp $dstdir/$dstfile 
-
-fi &&
-
-
-exit 0
diff --git a/client/log_flags.cpp b/client/log_flags.cpp
index ceab783..84798e6 100644
--- a/client/log_flags.cpp
+++ b/client/log_flags.cpp
@@ -366,7 +366,7 @@ int CONFIG::parse_options_client(XML_PARSER& xp) {
         if (xp.parse_bool("os_random_only", os_random_only)) continue;
 #ifndef SIM
         if (xp.match_tag("proxy_info")) {
-            retval = config_proxy_info.parse_config(xp);
+            retval = proxy_info.parse_config(xp);
             if (retval) {
                 msg_printf_notice(NULL, false, NULL,
                     "Can't parse <proxy_info> element in cc_config.xml"
@@ -469,6 +469,9 @@ int CONFIG::parse(FILE* f) {
     return parse(xp, log_flags);
 }
 
+// read config file, e.g. cc_config.xml
+// Called on startup and in response to GUI RPC requesting reread
+//
 int read_config_file(bool init, const char* fname) {
     if (!init) {
         msg_printf(NULL, MSG_INFO, "Re-reading %s", fname);
@@ -487,9 +490,10 @@ int read_config_file(bool init, const char* fname) {
         config.max_stdout_file_size, config.max_stderr_file_size
     );
 #endif
+    config_proxy_info = config.proxy_info;
+
     if (init) {
         coprocs = config.config_coprocs;
-        config_proxy_info = config.proxy_info;
         if (strlen(config.data_dir)) {
 #ifdef _WIN32
             _chdir(config.data_dir);
@@ -497,6 +501,8 @@ int read_config_file(bool init, const char* fname) {
             chdir(config.data_dir);
 #endif
         }
+    } else {
+        select_proxy_info();        // in case added or removed proxy info
     }
     return 0;
 }
@@ -516,6 +522,7 @@ void process_gpu_exclusions() {
         for (int k=1; k<coprocs.n_rsc; k++) {
             int n=0;
             COPROC& cp = coprocs.coprocs[k];
+            p->rsc_pwf[k].non_excluded_instances = (1<<cp.count)-1;  // all 1's
             for (j=0; j<config.exclude_gpus.size(); j++) {
                 EXCLUDE_GPU& eg = config.exclude_gpus[j];
                 if (strcmp(eg.url.c_str(), p->master_url)) continue;
@@ -524,14 +531,16 @@ void process_gpu_exclusions() {
                 if (eg.device_num >= 0) {
                     // exclusion may refer to nonexistent GPU
                     //
-                    if (cp.device_num_exists(eg.device_num)) {
+                    int ind = cp.device_num_index(eg.device_num);
+                    if (ind >= 0) {
                         n++;
+                        p->rsc_pwf[k].non_excluded_instances &= ~(1<<ind);
                     }
                 } else {
                     n = cp.count;
                 }
             }
-            p->ncoprocs_excluded[k] = n;
+            p->rsc_pwf[k].ncoprocs_excluded = n;
         }
     }
 
diff --git a/client/project.cpp b/client/project.cpp
index 8058b8b..fe4b01c 100644
--- a/client/project.cpp
+++ b/client/project.cpp
@@ -415,7 +415,7 @@ int PROJECT::write_state(MIOFILE& out, bool gui_rpc) {
         if (no_rsc_pref[j]) {
             out.printf("    <no_rsc_pref>%s</no_rsc_pref>\n", rsc_name(j));
         }
-        if (j>0 && gui_rpc && (ncoprocs_excluded[j] == rsc_work_fetch[j].ninstances)) {
+        if (j>0 && gui_rpc && (rsc_pwf[j].ncoprocs_excluded == rsc_work_fetch[j].ninstances)) {
             out.printf("    <no_rsc_config>%s</no_rsc_config>\n", rsc_name(j));
         }
     }
diff --git a/client/project.h b/client/project.h
index a325648..8e99360 100644
--- a/client/project.h
+++ b/client/project.h
@@ -238,8 +238,6 @@ struct PROJECT : PROJ_AM {
     //
     double rr_sim_cpu_share;
     bool rr_sim_active;
-    int ncoprocs_excluded[MAX_RSC];
-        // number of excluded instances per processor type
     bool operator<(const PROJECT& p) {
         return sched_priority > p.sched_priority;
     }
diff --git a/client/rr_sim.cpp b/client/rr_sim.cpp
index 552a8d7..f087596 100644
--- a/client/rr_sim.cpp
+++ b/client/rr_sim.cpp
@@ -74,6 +74,7 @@ struct RR_SIM {
         int rt = rp->avp->gpu_usage.rsc_type;
         if (rt) {
             rsc_work_fetch[rt].sim_nused += rp->avp->gpu_usage.usage;
+            rsc_work_fetch[rt].sim_used_instances |= p->rsc_pwf[rt].non_excluded_instances;
             p->rsc_pwf[rt].sim_nused += rp->avp->gpu_usage.usage;
         }
     }
@@ -169,10 +170,14 @@ void RR_SIM::init_pending_lists() {
     }
 }
 
-// pick jobs to run; put them in "active" list.
+// Pick jobs to run, putting them in "active" list.
 // Simulate what the job scheduler would do:
 // pick a job from the project P with highest scheduling priority,
-// then adjust P's scheduling priority
+// then adjust P's scheduling priority.
+//
+// This is called at the start of the simulation,
+// and again each time a job finishes.
+// In the latter case, some resources may be saturated.
 //
 void RR_SIM::pick_jobs_to_run(double reltime) {
     active.clear();
@@ -241,7 +246,18 @@ void RR_SIM::pick_jobs_to_run(double reltime) {
                 // check whether resource is saturated
                 //
                 if (rt) {
-                    if (rsc_work_fetch[rt].sim_nused >= coprocs.coprocs[rt].count - p->ncoprocs_excluded[rt]) break;
+                    if (rsc_work_fetch[rt].sim_nused >= coprocs.coprocs[rt].count) {
+                        break;
+                    }
+
+                    // if a GPU isn't saturated but this project is using
+                    // its max given exclusions, remove it from project heap
+                    //
+                    if (rsc_pwf.sim_nused >= coprocs.coprocs[rt].count - p->rsc_pwf[rt].ncoprocs_excluded) {
+                        pop_heap(project_heap.begin(), project_heap.end());
+                        project_heap.pop_back();
+                        continue;
+                    }
                 } else {
                     if (rsc_work_fetch[rt].sim_nused >= gstate.ncpus) break;
                 }
@@ -255,7 +271,7 @@ void RR_SIM::pick_jobs_to_run(double reltime) {
                 pop_heap(project_heap.begin(), project_heap.end());
                 project_heap.pop_back();
             } else if (!rp->rrsim_done) {
-                // Otherwise reshuffle the heap
+                // Otherwise reshuffle the project heap
                 //
                 make_heap(project_heap.begin(), project_heap.end());
             }
@@ -401,7 +417,9 @@ void RR_SIM::simulate() {
                 }
             }
         }
-        // adjust FLOPS left
+
+        // adjust FLOPS left of other active jobs
+        //
         for (unsigned int i=0; i<active.size(); i++) {
             rp = active[i];
             rp->rrsim_flops_left -= rp->rrsim_flops*delta_t;
@@ -464,6 +482,21 @@ void RR_SIM::simulate() {
         sim_now += delta_t;
     }
 
+    // identify GPU instances starved because of exclusions
+    //
+    for (int i=1; i<coprocs.n_rsc; i++) {
+        RSC_WORK_FETCH& rwf = rsc_work_fetch[i];
+        COPROC& cp = coprocs.coprocs[i];
+        int mask = (1<<cp.count)-1;
+        rwf.sim_excluded_instances = ~(rwf.sim_used_instances) & mask;
+        if (log_flags.rrsim_detail) {
+            msg_printf(0, MSG_INFO,
+                "[rrsim_detail] rsc %d: sim_used_inst %d mask %d sim_excluded_instances %d",
+                i, rwf.sim_used_instances, mask, rwf.sim_excluded_instances
+            );
+        }
+    }
+
     // if simulation ends before end of buffer, take the tail into account
     //
     if (sim_now < buf_end) {
diff --git a/client/sandbox.cpp b/client/sandbox.cpp
index 760e620..68e917f 100644
--- a/client/sandbox.cpp
+++ b/client/sandbox.cpp
@@ -185,7 +185,7 @@ int delete_project_owned_file(const char* path, bool retry) {
 // If an error occurs, delete as much as possible.
 //
 int client_clean_out_dir(const char* dirpath, const char* reason) {
-    char filename[256], path[MAXPATHLEN];
+    char filename[MAXPATHLEN], path[MAXPATHLEN];
     int retval, final_retval = 0;
     DIRREF dirp;
 
diff --git a/client/stream.cpp b/client/stream.cpp
deleted file mode 100644
index e17628e..0000000
--- a/client/stream.cpp
+++ /dev/null
@@ -1,331 +0,0 @@
-// This file is part of BOINC.
-// http://boinc.berkeley.edu
-// Copyright (C) 2008 University of California
-//
-// BOINC is free software; you can redistribute it and/or modify it
-// under the terms of the GNU Lesser General Public License
-// as published by the Free Software Foundation,
-// either version 3 of the License, or (at your option) any later version.
-//
-// BOINC is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-// See the GNU Lesser General Public License for more details.
-//
-// You should have received a copy of the GNU Lesser General Public License
-// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
-
-// Memory bandwidth benchmark derived from STREAM.  Original copyright
-// notice follows.  Notice that we cannot call our results "STREAM
-// benchmark results"
-// Original Copyright Notice:
-/*-----------------------------------------------------------------------*/
-/* Program: Stream                                                       */
-/* Revision: Id: stream.c,v 5.6 2005/10/04 00:19:59 mccalpin             */
-/* Original code developed by John D. McCalpin                           */
-/* Programmers: John D. McCalpin                                         */
-/*              Joe R. Zagar                                             */
-/*                                                                       */
-/* This program measures memory transfer rates in MB/s for simple        */
-/* computational kernels coded in C.                                     */
-/*-----------------------------------------------------------------------*/
-/* Copyright 1991-2005: John D. McCalpin                                 */
-/*-----------------------------------------------------------------------*/
-/* License:                                                              */
-/*  1. You are free to use this program and/or to redistribute           */
-/*     this program.                                                     */
-/*  2. You are free to modify this program for your own use,             */
-/*     including commercial use, subject to the publication              */
-/*     restrictions in item 3.                                           */
-/*  3. You are free to publish results obtained from running this        */
-/*     program, or from works that you derive from this program,         */
-/*     with the following limitations:                                   */
-/*     3a. In order to be referred to as "STREAM benchmark results",     */
-/*         published results must be in conformance to the STREAM        */
-/*         Run Rules, (briefly reviewed below) published at              */
-/*         http://www.cs.virginia.edu/stream/ref.html                    */
-/*         and incorporated herein by reference.                         */
-/*         As the copyright holder, John McCalpin retains the            */
-/*         right to determine conformity with the Run Rules.             */
-/*     3b. Results based on modified source code or on runs not in       */
-/*         accordance with the STREAM Run Rules must be clearly          */
-/*         labelled whenever they are published.  Examples of            */
-/*         proper labelling include:                                     */
-/*         "tuned STREAM benchmark results"                              */
-/*         "based on a variant of the STREAM benchmark code"             */
-/*         Other comparable, clear and reasonable labelling is           */
-/*         acceptable.                                                   */
-/*     3c. Submission of results to the STREAM benchmark web site        */
-/*         is encouraged, but not required.                              */
-/*  4. Use of this program or creation of derived works based on this    */
-/*     program constitutes acceptance of these licensing restrictions.   */
-/*  5. Absolutely no warranty is expressed or implied.                   */
-/*-----------------------------------------------------------------------*/
-# include <cstdio>
-# include <cmath>
-# include <float.h>
-# include <climits>
-# include <sys/time.h>
-# include <cstdlib>
-# include <algorithm>
-
-static int N=64;
-static const int NTIMES(10);
-static const int OFFSET(0);
-
-static double avgtime[4] = {0}, maxtime[4] = {0},
-                           mintime[4] = {FLT_MAX,FLT_MAX,FLT_MAX,FLT_MAX};
-
-static char *label[4] = {"Copy:      ", "Scale:     ",
-                         "Add:       ", "Triad:     "};
-
-static double bytes[4] = {
-                           2 * sizeof(double) * N,
-                           2 * sizeof(double) * N,
-                           3 * sizeof(double) * N,
-                           3 * sizeof(double) * N
-                         };
-
-extern double mysecond();
-extern double checktick();
-extern void checkSTREAMresults(double *a,double *b, double *c);
-
-void mem_bw(double &avg_bw, double &cache_size) {
-  avg_bw=0;
-  double  *a=(double *)malloc((N+OFFSET)*sizeof(double));
-  double  *b=(double *)malloc((N+OFFSET)*sizeof(double));
-  double  *c=(double *)malloc((N+OFFSET)*sizeof(double));
-  double   quantum=checktick();
-  int   BytesPerWord;
-  register int j, k;
-  double  scalar, t, times[4][NTIMES];
-  double rv=0;
-
-
-  double tt[30],t_max;
-  int cache_ratio=1,cache_level=1;
-  int i=0;
-
-  int check_cache=(cache_size==0);
-  do {
-    N*=2;
-    a=(double *)realloc(a,(N+OFFSET)*sizeof(double));
-    b=(double *)realloc(b,(N+OFFSET)*sizeof(double));
-    c=(double *)realloc(c,(N+OFFSET)*sizeof(double));
-    if ( !a || !b || !c ) return;
-
-    for (j=0; j<N; j++) {
-      a[j] = 1.0;
-      b[j] = 2.0;
-      c[j] = 0.0;
-    }
-
-    long transfer=0; 
-
-    // get as close to a clock boundary as possible
-    t = mysecond();
-    while ((t-mysecond())==0); // do nothing
-
-    double t0 = mysecond();
-    do {
-      for (j = 0; j < N; j++)
-        a[j] = 2.0E0 * a[j];
-      t = 1.0E6 * (mysecond() - t0);
-      transfer++;
-    } while (t < 10*quantum);  // run at least a 10 ticks.
-
-    t/=transfer; // change to "per run" time
-    tt[i++]=t;
-    t_max=std::max(N/t,t_max);
-    if (check_cache) {
-      if ((cache_ratio*N)<(t*t_max)) {
-        cache_size=N/2*sizeof(double);
-	cache_ratio*=2;
-//        printf("Level %d Cache Size = %f bytes\n",cache_level++,*cache_size);
-      }
-    }
-  } while (t<1e5);
-
-  bytes[0]=bytes[1]=2 * sizeof(double) * N;
-  bytes[2]=bytes[3]=3 * sizeof(double) * N;
-
-  /* --- MAIN LOOP --- repeat test cases NTIMES times --- */
-
-  scalar = 3.0;
-  for (k=0; k<NTIMES; k++) {
-    times[0][k] = mysecond();
-
-    for (j=0; j<N; j++)
-      c[j] = a[j];
-    times[0][k] = mysecond() - times[0][k];
-
-    times[1][k] = mysecond();
-
-    for (j=0; j<N; j++)
-      b[j] = scalar*c[j];
-
-    times[1][k] = mysecond() - times[1][k];
-
-    times[2][k] = mysecond();
-
-    for (j=0; j<N; j++)
-      c[j] = a[j]+b[j];
-
-    times[2][k] = mysecond() - times[2][k];
-
-    times[3][k] = mysecond();
-
-    for (j=0; j<N; j++)
-      a[j] = b[j]+scalar*c[j];
-
-    times[3][k] = mysecond() - times[3][k];
-  }
-
-  /* --- SUMMARY --- */
-
-  for (k=1; k<NTIMES; k++) /* note -- skip first iteration */
-  {
-    for (j=0; j<4; j++) {
-      avgtime[j] = avgtime[j] + times[j][k];
-      mintime[j] = std::min(mintime[j], times[j][k]);
-      maxtime[j] = std::max(maxtime[j], times[j][k]);
-    }
-  }
-
-  printf("Function      Rate (MB/s)   Avg time     Min time     Max time\n");
-  for (j=0; j<4; j++) {
-    avgtime[j] = avgtime[j]/(double)(NTIMES-1);
-
-    printf("%s%11.4f  %11.4f  %11.4f  %11.4f\n", label[j],
-           1.0E-06 * bytes[j]/mintime[j],
-           avgtime[j],
-           mintime[j],
-           maxtime[j]);
-
-    avg_bw+=(double)bytes[j]/mintime[j];
-  }
-  avg_bw/=4;
-
-  /* --- Check Results --- */
-  checkSTREAMresults(a,b,c);
-
-}
-
-# define M 20
-
-double checktick() {
-    int  i;
-    double minDelta, Delta;
-    double t1, t2, timesfound[M];
-
-    /*  Collect a sequence of M unique time values from the system. */
-
-    for (i = 0; i < M; i++) {
-      t1 = mysecond();
-      while( ((t2=mysecond()) - t1) < 1.0E-6 )
-	;
-      timesfound[i] = t1 = t2;
-    }
-
-    /*
-     * Determine the minimum difference between these M values.
-     * This result will be our estimate (in microseconds) for the
-     * clock granularity.
-     */
-
-    minDelta = 1000000;
-    for (i = 1; i < M; i++) {
-      Delta = ( 1.0E6 * (timesfound[i]-timesfound[i-1]));
-      minDelta = std::min(minDelta, std::max(Delta,0.0));
-    }
-
-    return(minDelta);
-  }
-
-
-
-  /* A gettimeofday routine to give access to the wall
-     clock timer on most UNIX-like systems.  */
-
-#include <sys/time.h>
-
-  double mysecond() {
-    struct timeval tp;
-    struct timezone tzp;
-    int i;
-
-    i = gettimeofday(&tp,&tzp);
-    return ( (double) tp.tv_sec + (double) tp.tv_usec * 1.e-6 );
-  }
-
-  void checkSTREAMresults (double *a, double *b, double *c) {
-    double aj,bj,cj,scalar;
-    double asum,bsum,csum;
-    double epsilon;
-    int j,k;
-
-    /* reproduce initialization */
-    aj = 1.0;
-    bj = 2.0;
-    cj = 0.0;
-    /* a[] is modified during timing check */
-    aj = 2.0E0 * aj;
-    /* now execute timing loop */
-    scalar = 3.0;
-    for (k=0; k<NTIMES; k++) {
-      cj = aj;
-      bj = scalar*cj;
-      cj = aj+bj;
-      aj = bj+scalar*cj;
-    }
-    aj = aj * (double) (N);
-    bj = bj * (double) (N);
-    cj = cj * (double) (N);
-
-    asum = 0.0;
-    bsum = 0.0;
-    csum = 0.0;
-    for (j=0; j<N; j++) {
-      asum += a[j];
-      bsum += b[j];
-      csum += c[j];
-    }
-#ifdef VERBOSE
-    printf ("Results Comparison: \n");
-    printf ("        Expected  : %f %f %f \n",aj,bj,cj);
-    printf ("        Observed  : %f %f %f \n",asum,bsum,csum);
-#endif
-
-#ifndef abs
-#define abs(a) ((a) >= 0 ? (a) : -(a))
-#endif
-    epsilon = 1.e-8;
-
-    if (abs(aj-asum)/asum > epsilon) {
-      printf ("Failed Validation on array a[]\n");
-      printf ("        Expected  : %f \n",aj);
-      printf ("        Observed  : %f \n",asum);
-    } else if (abs(bj-bsum)/bsum > epsilon) {
-      printf ("Failed Validation on array b[]\n");
-      printf ("        Expected  : %f \n",bj);
-      printf ("        Observed  : %f \n",bsum);
-    } else if (abs(cj-csum)/csum > epsilon) {
-      printf ("Failed Validation on array c[]\n");
-      printf ("        Expected  : %f \n",cj);
-      printf ("        Observed  : %f \n",csum);
-    } else {
-      printf ("Solution Validates\n");
-    }
-  }
-
-#ifdef STREAM_TEST
-
-int main() {
-  double cache_size=0;
-  double avg_bw=0;
-  mem_bw(avg_bw,cache_size);
-  printf("Average bandwidth=%f MB/s\n",avg_bw/1024/1024);
-  printf("Cache Size=%f kB\n",cache_size/1024);
-}
-
-#endif
diff --git a/client/test_fx_in b/client/test_fx_in
deleted file mode 100644
index 1aad27d..0000000
--- a/client/test_fx_in
+++ /dev/null
@@ -1 +0,0 @@
-blahblahblah
diff --git a/client/test_fx_out b/client/test_fx_out
deleted file mode 100644
index f448d51..0000000
--- a/client/test_fx_out
+++ /dev/null
@@ -1,1326 +0,0 @@
-<html>
-  <head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-    <META http-equiv="Content-Type" CONTENT="text/html" CHARSET="UTF-8">
-    <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
-    <STYLE TYPE="text/css" MEDIA="screen">
-            BODY, H2, H3, H4, P, UL, OL, DL
-            {
-            font-family: "Verdana", "Helvetica", "Arial", "sans-serif"
-            }
-
-            H1 {color: #0058a0; font-size: 20pt}
-	    H2 {color: #0058a0; font-size: 16pt}
-	    H3 {color: #0058a0; font-size: 14pt}
-	    H4 {color: #0058a0; font-size: 12pt}
-            
-            A:link, A:active, A:visited
-            {
-            color: #0058a0;
-            text-decoration: none
-            }
-
-            P, UL, OL, DL {margin-left: 10%; margin-right: 10%; font-size: 10pt}
-            DT {margin-bottom: 0.5em}
-            .offset {margin-left: 10%}
-            .afterskip {margin-bottom: 1em}
-            .afterhalf {margin-bottom: 0.5em}
-	    .example {margin-left: 10%; margin-right: 10%;
-	      border-color: #0058a0; border-style:solid; border-width: 1pt; padding: 1pt}
-            CODE {font-family: "Courier"}
-	    .comment {color: #0000ff}
-
-            P.offset {margin-left: 15%}
-            P.inner  {margin-left:  2%; width: 96%}
-            P.note   {margin-left: 10%; border-color: #0058a0;
-	      border-style:solid; border-width: 1pt;
-	      padding: 5pt; background-color:#e0e0e0 }
-	    
-	    PRE {font-size: 10pt; padding: 5pt}
-
-	  </STYLE>
-    <title>GAdoc - Sablotron 0.60</title>
-  </head>
-  <body bgcolor="#ffffff">
-    <h1 CLASS="afterskip">Sablotron 0.60</h1>
-    <DIV CLASS="afterskip">
-      <p>
-        <b>
-          <i>Tom Kaiser (Ginger Alliance)</i>
-        </b>
-      </p>
-      <p>
-        <i>June 17, 2001</i>
-      </p>
-    </DIV>
-    <h3>Abstract</h3>
-    <DIV CLASS="offset">This is a description of the current version of the
-  XSLT processor called Sablotron, including an overview of its
-  limitations as compared to the XSLT specification.
-  </DIV>
-    <h3>Contents</h3>
-<DIV STYLE="margin-left: 10%; margin-bottom: 2em; font-size: smaller">
-      <SPAN CLASS="afterhalf">
-        <a name="toc_i__25"></a> <a href="#i__25">
-          <b>1  This text</b>
-        </a>
-        <DIV class="offset"></DIV>
-      </SPAN>
-      <SPAN CLASS="afterhalf">
-        <a name="toc_i__60"></a> <a href="#i__60">
-          <b>2  Changes from the last release</b>
-        </a>
-        <DIV class="offset"></DIV>
-      </SPAN>
-      <SPAN CLASS="afterhalf">
-        <a name="toc_i__74"></a> <a href="#i__74">
-          <b>3  Introduction</b>
-        </a>
-        <DIV class="offset">  <a href="#i__81">3.1  XSLT</a>
-          <BR>  <a href="#i__154">3.2  On Sablotron</a>
-          <BR>
-        </DIV>
-      </SPAN>
-      <SPAN CLASS="afterhalf">
-        <a name="toc_i__227"></a> <a href="#i__227">
-          <b>4  The sources</b>
-        </a>
-        <DIV class="offset">  <a href="#i__238">4.1  Getting the sources</a>
-          <BR>  <a href="#i__280">4.2  Joining the development</a>
-          <BR>
-        </DIV>
-      </SPAN>
-      <SPAN CLASS="afterhalf">
-        <a name="toc_i__305"></a> <a href="#i__305">
-          <b>5  Implementation. Supported instructions and functions</b>
-        </a>
-        <DIV class="offset">  <a href="#i__343">5.1  Templates</a>
-          <BR>  <a href="#i__364">5.2  Conditional processing</a>
-          <BR>  <a href="#i__381">5.3  Loops</a>
-          <BR>  <a href="#i__398">5.4  Variables and parameters</a>
-          <BR>  <a href="#i__415">5.5  Element creation</a>
-          <BR>  <a href="#i__439">5.6  Global definitions</a>
-          <BR>  <a href="#i__476">5.7  Values and copying</a>
-          <BR>  <a href="#i__508">5.8  Namespace processing</a>
-          <BR>  <a href="#i__529">5.9  Sorting</a>
-          <BR> <a href="#i__577">5.10  Whitespace stripping</a>
-          <BR> <a href="#i__598">5.11  Includes</a>
-          <BR> <a href="#i__623">5.12  Other unimplemented instructions</a>
-          <BR> <a href="#i__654">5.13  Output conformance</a>
-          <BR> <a href="#i__686">5.14  XPath expressions</a>
-          <BR> <a href="#i__714">5.15  Built-in functions</a>
-          <BR>
-        </DIV>
-      </SPAN>
-      <SPAN CLASS="afterhalf">
-        <a name="toc_i__804"></a> <a href="#i__804">
-          <b>6  Other implementation-related notes</b>
-        </a>
-        <DIV class="offset">  <a href="#i__811">6.1  Handlers</a>
-          <BR>  <a href="#i__859">6.2  Encodings</a>
-          <BR>  <a href="#i__887">6.3  Output methods</a>
-          <BR>  <a href="#i__915">6.4  URIs</a>
-          <BR>  <a href="#i__983">6.5  Named buffers</a>
-          <BR>  <a href="#i__1015">6.6  Error and log messages</a>
-          <BR>
-        </DIV>
-      </SPAN>
-      <SPAN CLASS="afterhalf">
-        <a name="toc_i__1048"></a> <a href="#i__1048">
-          <b>7  The C interface</b>
-        </a>
-        <DIV class="offset">  <a href="#i__1065">7.1  Shortcuts</a>
-          <BR>  <a href="#i__1205">7.2  Basic functions</a>
-          <BR>  <a href="#i__1416">7.3  Generalized interface functions</a>
-          <BR>  <a href="#i__1578">7.4  The situation object</a>
-          <BR>  <a href="#i__1631">7.5  Document Object Model (DOM) functions</a>
-          <BR>
-        </DIV>
-      </SPAN>
-      <SPAN CLASS="afterhalf">
-        <a name="toc_i__1870"></a> <a href="#i__1870">
-          <b>8  The command line interface</b>
-        </a>
-        <DIV class="offset"></DIV>
-      </SPAN>
-      <SPAN CLASS="afterhalf">
-        <a name="toc_i__2013"></a> <a href="#i__2013">
-          <b>9  References</b>
-        </a>
-        <DIV class="offset"></DIV>
-      </SPAN>
-    </DIV>
-    <DIV class="afterskip">
-      <a name="i__25"></a>
-      <h2>
-        <a href="#toc_i__25">1  This text</a>
-      </h2>
-      <DIV>
-        <p CLASS="">The HTML form of this description
-        was compiled by Sablotron from the XML source
-        Sablot-0-60.xml. 
-        </p>
-        <p CLASS="">
-        The material in the following sections includes:
-        </p>
-        <ul>
-          <li>some background information on XSLT and Sablotron,</li>
-          <li>a detailed comparison of the current version of
-          Sablotron to the XSLT spec,</li>
-          <li>Sablotron usage from the command line or as a
-          library.</li>
-        </ul>
-      </DIV>
-    </DIV>
-    <DIV class="afterskip">
-      <a name="i__60"></a>
-      <h2>
-        <a href="#toc_i__60">2  Changes from the last release</a>
-      </h2>
-      <DIV>
-        <p CLASS="">Please see the RELEASE file.</p>
-      </DIV>
-    </DIV>
-    <DIV class="afterskip">
-      <a name="i__74"></a>
-      <h2>
-        <a href="#toc_i__74">3  Introduction</a>
-      </h2>
-      <DIV>
-        <DIV class="afterskip">
-          <a name="i__81"></a>
-          <h3>
-            <a href="#toc_i__74">3.1  XSLT</a>
-          </h3>
-          <p CLASS="">XSLT is a language allowing to transform given XML data (the
-    <i>input</i>) according to a <i>stylesheet</i>. XSLT stylesheets
-    are themselves XML documents; that is, all instructions of the
-    language are expressed in the form of XML elements. The
-    <i>output</i>, i.e. the result of the processing, is typically a
-    XML document as well, although the syntactic requirements can be
-    relaxed to allow the creation of a HTML document (one that
-    contains unclosed tags and the like), or even plain text.
-    </p>
-          <p CLASS="">XSLT was designed by the World Wide Web Consortium (W3C) as
-      a part of the XSL stylesheet language, where it is complemented
-      by a powerful set of formatting instructions. The most precise
-      information about XSLT can be found in the W3C Recommendation <a href="#ref-xslt">[XSLT]</a>. In particular, Appendix B of the
-      Recommendation contains a handy syntax table. A good tutorial is
-      <a href="#ref-bible">[XMLBible14]</a>.
-    </p>
-          <p CLASS="">Other W3C Recommendations one often needs to consult are <a href="#ref-xml">[XML]</a> (for the definition of the XML
-      language) and <a href="#ref-xpath">[XPath]</a> (for details on
-      XPath, the language used to form expressions in XSLT and
-      elsewhere).
-    </p>
-          <p CLASS="">An excellent source of information about XSLT (indeed, about
-    anything related to XML and SGML) is <a href="#ref-rcover">[Cover]</a>; see also <a href="#ref-xslinfo">[XSLINFO]</a> and <a href="#ref-xmlorg">[XMLorg]</a>.
-    </p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__154"></a>
-          <h3>
-            <a href="#toc_i__74">3.2  On Sablotron</a>
-          </h3>
-          <p CLASS="">Sablotron is a XSLT processor (though not quite conforming
-      yet..., see below) written in C++. Since the machines where it
-      is meant to run include various small mobile
-      clients, the main objectives of its design are the following:
-    </p>
-          <ul>
-      <li>portability,</li>
-      <li>compact code,</li>
-      <li>as much independence on other resources (Java etc.) as
-      possible.</li>
-    </ul>
-          <p CLASS="">Sablotron is a single shared library
-    (<code>sablot.dll</code> or <code>libsablot.so.0.60</code>). It can
-    also be used from the command line via the simple interface
-    called <code>sabcmd</code>. See <a href="#invocation">here</a> for
-    more information.
-    </p>
-          <p CLASS="">The only software Sablotron relies on is <b>expat</b>, the
-      XML parser by James Clark. See <a href="#expat">below</a> for
-      information on how to get expat.
-      </p>
-          <p CLASS="">For information on the available interfaces, e.g. for
-      Python, Perl and PHP, see <a href="http://www.gingerall.com">www.gingerall.com</a>. 
-      </p>
-        </DIV>
-      </DIV>
-    </DIV>
-    <DIV class="afterskip">
-      <a name="i__227"></a>
-      <h2>
-        <a href="#toc_i__227">4  The sources</a>
-      </h2>
-      <DIV>
-        <p CLASS="">
-      Sablotron is written in C++. The source files compile under
-      Win32 (using MS Visual C++ 6.0) and on Solaris and Linux (using
-      g++ 2.95.2) without change.</p>
-        <DIV class="afterskip">
-          <a name="i__238"></a>
-          <h3>
-            <a href="#toc_i__227">4.1  Getting the sources</a>
-          </h3>
-          <p CLASS="">The source or binary distributions of Sablotron can be downloaded
-      from <a href="http://www.gingerall.com">www.gingerall.com</a>. For
-      instructions on how to build the sources (if any), refer to the accompanying INSTALL file.
-      </p>
-          <p CLASS="">If you have access to the Ginger Alliance CVS server, you
-      can get the working version of Sablotron in the CVS module
-      <code>ga</code>. The access rights can be obtained on
-      request from <a href="mailto:cvsadmin at gingerall.com">the CVS admin</a>.
-      </p>
-          <p CLASS="">
-            <a name="expat"></a>
-      Since version 0.50, Sablotron uses expat 1.95.1, available from <a href="http://expat.sourceforge.org">SourceForge</a>.
-      </p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__280"></a>
-          <h3>
-            <a href="#toc_i__227">4.2  Joining the development</a>
-          </h3>
-          <p CLASS="">
-      Sablotron is an open source project and all volunteers are most
-      welcome! The documentation of the sources is still somewhat
-      sparse but we will try to improve it. If you find the invitation
-      to work on Sablotron with us interesting, please <a href="mailto:sablotron at gingerall.com">contact us</a>. There is also
-      a mailing list available, see <a href="http://www.gingerall.com">www.gingerall.com</a>.
-      </p>
-        </DIV>
-      </DIV>
-    </DIV>
-    <DIV class="afterskip">
-      <a name="i__305"></a>
-      <h2>
-        <a href="#toc_i__305">5  Implementation. Supported instructions and functions</a>
-      </h2>
-      <DIV>
-        <p CLASS="">The instruction set supported by this version of Sablotron is
-    already sufficient for many transformation tasks (e.g. the task of
-    formatting this document). On the other
-    hand, a comparison of it to the XSLT specification <a href="#ref-xslt">[XSLT]</a> shows that much is still to be
-    done. The purpose of the
-    following sections is to describe the varying degree of support
-    for the elements of the XSLT language. </p>
-        <p CLASS="">It may be helpful to refer to the syntax table in Appendix B
-    of <a href="#ref-xslt">[XSLT]</a>. The instructions/attributes that
-    are not listed as unsupported should be implemented. The <a href="mailto:sablotron at gingerall.com">authors</a> will appreciate being
-    told about any omissions found in the following
-    description.</p>
-        <p CLASS="">For readability, I sometimes omit the <code>xsl:</code> prefix
-    from the instruction names.</p>
-        <DIV class="afterskip">
-          <a name="i__343"></a>
-          <h3>
-            <a href="#toc_i__305">5.1  Templates</a>
-          </h3>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>
-        template, apply-templates, call-template
-      </code>
-          </p>
-          <p CLASS="">
-        Fully implemented. <code>xsl:sort</code> is supported since release 0.50.
-      </p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__364"></a>
-          <h3>
-            <a href="#toc_i__305">5.2  Conditional processing</a>
-          </h3>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>
-        if, choose, when, otherwise
-      </code>
-          </p>
-          <p CLASS="">Fully implemented.
-      </p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__381"></a>
-          <h3>
-            <a href="#toc_i__305">5.3  Loops</a>
-          </h3>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>for-each</code>
-          </p>
-          <p CLASS="">Fully implemented.
-      </p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__398"></a>
-          <h3>
-            <a href="#toc_i__305">5.4  Variables and parameters</a>
-          </h3>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>variable, param, with-param</code>
-          </p>
-          <p CLASS="">Fully implemented. Top-level variables and parameters are
-      read in the document order, so no forward references are
-      resolved. This is a minor deviation from the spec. </p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__415"></a>
-          <h3>
-            <a href="#toc_i__305">5.5  Element creation</a>
-          </h3>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>element, attribute, text, 
-      comment, processing-instruction, attribute-set</code>
-          </p>
-          <p CLASS="">
-            <code>xsl:attribute-set</code> is not implemented. For the
-      rest, <code>name</code> is the only recognized attribute (where
-      applicable). Literal result elements work.</p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__439"></a>
-          <h3>
-            <a href="#toc_i__305">5.6  Global definitions</a>
-          </h3>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>stylesheet, transform, output</code>
-          </p>
-          <p CLASS="">For <code>stylesheet</code> and <code>transform</code>,
-        the only recognized attribute is
-        <code>version</code>. <code>xsl:output</code> should work
-        (see below for notes on the <code>encoding</code>
-        attribute). HTML indentation has been added in 0.60.
-      </p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__476"></a>
-          <h3>
-            <a href="#toc_i__305">5.7  Values and copying</a>
-          </h3>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>value-of, copy, copy-of</code>
-          </p>
-          <p CLASS="">
-            <code>copy-of</code> and <code>value-of</code> are fully
-      implemented. <code>copy</code> is implemented except for the
-      <code>use-attribute-sets</code> attribute.</p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__508"></a>
-          <h3>
-            <a href="#toc_i__305">5.8  Namespace processing</a>
-          </h3>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>namespace-alias</code>
-          </p>
-          <p CLASS="">Namespaces should be processed correctly. The
-      <code>namespace-alias</code> instruction is now supported
-      (patch by Major).</p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__529"></a>
-          <h3>
-            <a href="#toc_i__305">5.9  Sorting</a>
-          </h3>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>sort</code>
-          </p>
-          <p CLASS="">
-            <code>xsl:sort</code> is implemented since 0.50. There are
-      minor limitations:
-      </p>
-          <ul>
-        <li>currently, the <code>lang</code> attribute may only
-        contain the values <code>"en"</code> or <code>"cz"</code>.</li>
-        <li>
-              <code>case-order</code> cannot be specified.</li>
-      </ul>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__577"></a>
-          <h3>
-            <a href="#toc_i__305">5.10  Whitespace stripping</a>
-          </h3>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>strip-space, preserve-space</code>
-          </p>
-          <p CLASS="">Only the default whitespace stripping is done. That is,
-      all whitespace-only text nodes in any stylesheet, not appearing
-      inside a <code>xsl:text</code>, are removed. The two
-      instructions for whitespace stripping and preservation are
-      unsupported.</p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__598"></a>
-          <h3>
-            <a href="#toc_i__305">5.11  Includes</a>
-          </h3>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>include, import, apply-imports</code>
-          </p>
-          <p CLASS="">Only <code>xsl:include</code> is implemented. Processing
-      involving multiple documents works, but has to get more testing,
-      eg. with respect to <code>generate-id()</code>.</p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__623"></a>
-          <h3>
-            <a href="#toc_i__305">5.12  Other unimplemented instructions</a>
-          </h3>
-          <ul>
-        <li>
-              <code>xsl:key,</code>
-            </li>
-        <li>
-              <code>xsl:number,</code>
-            </li>
-        <li>
-              <code>xsl:fallback.</code>
-            </li>
-      </ul>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__654"></a>
-          <h3>
-            <a href="#toc_i__305">5.13  Output conformance</a>
-          </h3>
-          <p CLASS="">The output mechanism is much closer to the spec than in
-      the versions prior to 0.4. The following issues remain for the
-      html method:</p>
-          <ul>
-        <li>Output the boolean attributes correctly.</li>
-        <li>Disable the escaping inside
-        <code><SCRIPT></code> and
-        <code><STYLE></code>
-            </li>.
-      </ul>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__686"></a>
-          <h3>
-            <a href="#toc_i__305">5.14  XPath expressions</a>
-          </h3>
-          <p CLASS="">Almost all features of XPath are fully implemented. This means
-      there should be no problems with expressions of any kind.</p>
-          <p CLASS="">One exception relates to axes. The <code>following</code> and
-      <code>preceding</code> axes haven't been implemented yet.</p>
-          <p CLASS="">Another possible exception may be numbers; we did not yet do a
-      thorough test of rounding, NaNs, infinity, etc.</p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__714"></a>
-          <h3>
-            <a href="#toc_i__305">5.15  Built-in functions</a>
-          </h3>
-          <p CLASS="">
-            <a name="corelib"></a>Only a few functions from the standard
-      function library remain
-      unimplemented:
-      </p>
-          <ul>
-      <li>
-              <code>id()</code>,</li>
-      <li>
-              <code>lang()</code> (accepted but always returns true),</li>
-      <li>
-              <code>key()</code>,</li>
-      <li>
-              <code>format-number()</code>,</li>
-      <li>
-              <code>unparsed-entity-uri()</code>.</li>
-      </ul>
-          <p CLASS="">As for the fuctions that <i>are</i> implemented, the
-      following is a list of differences from the spec:
-      </p>
-          <ul>
-        <li>
-              <code>document()</code> only accepts one argument, always
-        getting the base URI from the stylesheet URI.
-        </li>
-        <li>
-              <code>string-length()</code> returns the byte length of
-        the UTF-8 representation of the string. This will typically
-        differ from the actual length.
-        </li>
-        <li>
-              <code>generate-id()</code> might fail to generate unique identifiers
-        when several input documents are present (giving the same id to
-        nodes from different documents).
-        </li>
-      </ul>
-        </DIV>
-      </DIV>
-    </DIV>
-    <DIV class="afterskip">
-      <a name="i__804"></a>
-      <h2>
-        <a href="#toc_i__804">6  Other implementation-related notes</a>
-      </h2>
-      <DIV>
-        <DIV class="afterskip">
-          <a name="i__811"></a>
-          <h3>
-            <a href="#toc_i__804">6.1  Handlers</a>
-          </h3>
-          <p CLASS="">It is possible for the user to supply the following
-      handlers to Sablotron:
-        <ul>
-          <li>message handler (to bypass the default way of displaying
-          error and warning messages and logging),</li>
-          <li>scheme handler (to retrieve documents whose URI use an
-          unsupported scheme),</li>
-          <li>streaming handler (an expat-like interface to the XML
-          document which is the result of the processing),</li>
-          <li>'miscellaneous' handler (which will probably server as a
-          collections of odd callbacks).</li>
-        </ul>
-      </p>
-          <p CLASS="">
-        The handlers are set using <code>SablotRegHandler()</code>
-        For details concerning the interface of these handlers,
-        consult the header files <code>sablot.h</code> and
-        <code>shandler.h</code>. 
-      </p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__859"></a>
-          <h3>
-            <a href="#toc_i__804">6.2  Encodings</a>
-          </h3>
-          <p CLASS="">
-        In version 0.52, the encoding conversion capabilities of
-        Sablotron have been much extended. The most important fact is the
-        following: if you have the iconv library installed on your system, you
-        can use any encoding it supports (that is, almost any encoding
-        whatsoever) for both the input and the output documents. Iconv
-        is available on most systems (it is a standard part of glibc2,
-        for instance). There are implementations for Win32 as well.
-      </p>
-          <p CLASS="">If iconv is not available, the encoding may still be supported internally by
-      Sablotron. At present, the list is of such encodings is rather
-      short: besides UTF-8, these are UTF-16, ASCII, iso-8859-1,
-      iso-8859-2 and windows-1250 on input, none on output. However,
-      we plan to implement a half independent light-weight
-      conversion library for use on systems without iconv,
-      extending the set of internally supported encodings
-      considerably. 
-      </p>
-          <p CLASS="">Lastly, the user has the option to implement a custom
-      encoding conversion handler, which will be asked to perform any unsupported
-      conversion. See the <code>shandler.h</code> header file for
-      details.
-      </p>
-          <p CLASS="">The default input and output encoding is in all cases UTF-8.</p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__887"></a>
-          <h3>
-            <a href="#toc_i__804">6.3  Output methods</a>
-          </h3>
-          <p CLASS="">In addition to the standard output methods (xml, html and
-      text), it is possible to output xhtml. Documents output using
-      this method obey the XHTML 1.0 rules (in particular, all empty
-      elements are closed). To choose the method, use
-      <code><xsl:output method='xhtml'></code>. <b>Please note</b>
-      that the name of this method will possibly be changed since the XSLT
-      spec requires any processor-specific methods to have qualified
-      names, say <code>sab:xhtml</code>. On the other hand, the name
-      <code>xhtml</code> is considered in the XSLT 2.0 working draft.</p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__915"></a>
-          <h3>
-            <a href="#toc_i__804">6.4  URIs</a>
-          </h3>
-          <p CLASS="">Sablotron can handle
-      two URI schemes natively: 'file' and 'arg' (see
-      below). Moreover, it is possible to use the function
-      <code>SablotRegSchemeHandler</code> to register an external scheme
-      handler which will receive requests in all other schemes. See
-      the documentation in <code>sablot.h</code> and
-      <code>shandler.h</code>.
-      </p>
-          <p CLASS="">Relative URI references are resolved in conformance to RFC
-      2396. The base URI is well defined when the relative reference appears
-      inside a XML document; when invoking sabcmd, the base URI is
-      taken to correspond to the current working directory.
-      </p>
-          <p CLASS="">
-            <a name="fname-rules"></a>When specifying filenames, the
-      following rules are in effect:
-      </p>
-          <ul>
-        <li>specify the "file:" scheme for any standard files,
-      i.e. refer to <code>stdin</code> as <code>file://stdin</code>
-      etc.</li>
-        <li>slashes and backslashes work equally fine, in Windows as
-      well as Linux.</li>
-        <li>to include a drive letter under Windows
-      (e.g. <code>C:\doc.xml</code>), it is necessary to say
-      <code>file://c:/doc.xml</code>. 
-        </li>
-      </ul>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__983"></a>
-          <h3>
-            <a href="#toc_i__804">6.5  Named buffers</a>
-          </h3>
-          <p CLASS="">
-            <a name="argscheme"></a>Sablotron introduces an URI scheme
-      'arg:' which enables one to use strings in named memory
-      buffers. The buffer names can have a tree-like structure so that
-      a relative reference from a document in a buffer can be resolved
-      as pointing to another buffer.
-      </p>
-          <p CLASS="">For instance, if we invoke Sablotron specifying that a
-      buffer named <code>/mybuf/1</code> contains the string
-      "&lt;a>contents&lt;/a>", then the expression
-      </p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>
-      document('arg:/mybuf/1')/a
-      </code>
-          </p>
-          <p CLASS="">has string-value "contents". If the document in arg:/mybuf/1
-      contained a relative URI reference "../theirbuf/2" then this
-      would be resolved as pointing to "arg:/theirbuf/2".</p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__1015"></a>
-          <h3>
-            <a href="#toc_i__804">6.6  Error and log messages</a>
-          </h3>
-          <p CLASS="">By default, Sablotron writes error and warning messages to
-      stderr, and does no logging. By a call to
-      <code>SablotSetLog()</code>, you can specify the name of the log
-      file to be used.</p>
-          <p CLASS="">Besides, you can use <code>SablotRegHandler()</code>
-      to override the default message handling. The handler you
-      register will receive all messages in a structured form that's
-      easy to process and filter. For details, see
-      the documentation in <code>sablot.h</code> and
-      <code>shandler.h</code>.</p>
-        </DIV>
-      </DIV>
-    </DIV>
-    <DIV class="afterskip">
-      <a name="i__1048"></a>
-      <h2>
-        <a href="#toc_i__1048">7  The C interface</a>
-      </h2>
-      <DIV>
-        <p CLASS="">
-          <a name="invocation"></a>
-        </p>
-        <p CLASS="">
-        This section describes the functions exported from the
-        Sablotron library.  All of them have a return type of 'int'
-        and return an error flag (nonzero signals an error). Errors
-        are reported to the user by Sablotron itself. 
-      </p>
-        <DIV class="afterskip">
-          <a name="i__1065"></a>
-          <h3>
-            <a href="#toc_i__1048">7.1  Shortcuts</a>
-          </h3>
-          <p CLASS="">
-        We'll first describe the 'shortcuts' that do the whole
-        processing in one call.
-      </p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>
-        int SablotProcess(char *sheetURI, char *inputURI, char *resultURI,
-        char **params, char **arguments, char **resultArg);
-      </code>
-          </p>
-          <p CLASS="">
-        This is the basic function. The first three of its arguments
-        are the URIs of the XSLT stylesheet, the XML source and the
-        resulting document, respectively. For some notes on specifying
-        file names, see <a href="#fname-rules">above</a>.
-      </p>
-          <p CLASS="">
-            <code>params</code> is an array of pointers to the names
-      and contents of the top-level stylesheet parameters. Thus,
-      <code>params[0]</code> is a pointer to the null-terminated name
-      of the first parameter, <code>params[1]</code> points to the
-      (null-terminated) contents of the first parameter. The following
-      two array items do the same for the second parameter, etc. The
-      whole array is terminated by a NULL pointer in place of the
-      name. If no parameters are to be passed, you can specify NULL
-      for <code>params</code> itself.
-      </p>
-          <p CLASS="">
-            <code>arguments</code> is a similar array of named buffers
-      to be passed to the stylesheet. (They can be referred to via the
-      'arg:' scheme, see <a href="#argscheme">above</a>.) Again, the
-      array is a sequence of (name, value) pairs terminated by NULL in
-      place of a name. If no named buffers are to be passed, you can
-      specify NULL for <code>arguments</code> itself.
-      </p>
-          <p CLASS="">
-            <code>resultArg</code> enables one to access the
-      resulting document in case the output went to a named buffer. In
-      that situation, <code>*resultArg</code> points to the resulting
-      null-terminated string, allocated by Sablotron. You can pass NULL
-      for <code>resultArg</code> if the output is sure to go to a
-      file. 
-      </p>
-          <p CLASS="">
-            <b>Note:</b>When you are done processing the string
-      pointed to by <code>*resultArg</code>, free it using <a href="#sablotfree">
-              <code>SablotFree()</code>
-            </a> - never use
-      <code>free()</code>. The latter is guaranteed to produce a
-      segmentation fault under Linux.
-      </p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>
-        int SablotProcessFiles(char *styleSheetName,
-        char *inputName,
-        char *resultName);
-      </code>
-          </p>
-          <p CLASS="">A wrapper for <code>SablotProcess()</code> working on
-      files. The parameters are the null-terminated file names of the
-      XSLT stylesheet, the XML input and the result,
-      respectively. Sablotron opens these files itself and closes them
-      after the processing is complete. Values like "file://stdin" are
-      allowed.</p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>
-        int SablotProcessStrings(char *styleSheetStr, char *inputStr, char
-        **resultStr);
-      </code>
-          </p>
-          <p CLASS="">Another wrapper for <code>SablotProcess()</code>, this
-        time for accessing named buffers (i.e. user-allocated memory
-        blocks)only. Thus, the first parameter is a null-terminated
-        string containing the whole stylesheet; the second parameter
-        is a null-terminated string containing the XML
-        input. Sablotron allocates the buffer for the resulting string
-        and returns a pointer to it in resultStr. Hence, invoking
-        <code>puts(*resultStr)</code> after having called
-        <code>SablotProcessStrings</code> sends the result to
-        stdout. The buffer allocated <b>must</b> be freed by calling the
-        function <code>SablotFree</code> described next. 
-      </p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__1205"></a>
-          <h3>
-            <a href="#toc_i__1048">7.2  Basic functions</a>
-          </h3>
-          <p CLASS="">The above shortcuts just call the basic, lower-level
-      functions described below. Note that if you need to set options
-      for logging etc., you may need to use the low-level
-      functions. </p>
-          <p CLASS="">A typical processing session may look like this:</p>
-          <p CLASS="">
-            <pre>
-          SablotHandle p;
-          char *my_buf;
-          SablotCreateProcessor(&p);
-          SablotSetLog(p, ...);
-          /* ...set other instance-specific options here... */
-          SablotRunProcessor(p, ...);
-          SablotGetResultArg(p, "arg:/somename", &my_buf)
-          /* ...do something with my_buf... */
-          /* can run the processor again if necessary */
-          SablotRunProcessor(p, ...);
-          SablotDestroyProcessor(p);
-      </pre>
-          </p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>
-        int SablotCreateProcessor(SablotHandle *processorPtr);
-      </code>
-          </p>
-          <p CLASS="">Creates an instance of Sablotron and returns a pointer to
-      it in *processorPtr. This pointer is passed on all subsequent
-      calls to this instance. </p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>
-        int SablotDestroyProcessor(SablotHandle processor_);
-      </code>
-          </p>
-          <p CLASS="">Destroys an instance of the processor, deallocating all
-      the memory used up by it.</p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>
-        int SablotRunProcessor(SablotHandle processor_,
-        char *sheetURI, 
-        char *inputURI, 
-        char *resultURI,
-        char **params, 
-        char **arguments);
-      </code>
-          </p>
-          <p CLASS="">Processes documents using the given processor instance and
-      given params and args definitions. See
-      <code>SablotProcess()</code>.</p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>
-        int SablotGetResultArg(SablotHandle processor_,
-        char *argURI,
-        char **argValue);
-      </code>
-          </p>
-          <p CLASS="">Copies the result 'arg' buffer with the given URI,
-      returning a pointer to the newly-allocated block in
-      *argValue. If no such buffer exists, returns NULL in *argValue. 
-      </p>
-          <p CLASS="">This function is necessary, because if the result document
-      is output to memory, it would be lost when
-      <code>SablotDestroyProcessor()</code> is called. When
-      deallocating the copy obtained from
-      <code>SablotGetResultArg()</code>, use <code>SablotFree</code>
-      (never <code>free()</code>). </p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>
-        int SablotFreeResultArgs(SablotHandle processor_);
-      </code>
-          </p>
-          <p CLASS="">Removes the Sablotron-internal copies of the 'arg' buffers
-      from the last Sablotron run. Normally, there should be no reason
-      to call this function as it is called automatically on both
-      <code>SablotRunProcessor()</code> and
-      <code>SablotDestroyProcessor()</code>. </p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>
-              <a name="sablotfree"></a>
-        int SablotFree(char *resultBuf);
-      </code>
-          </p>
-          <p CLASS="">This function frees the buffer allocated on previous call
-        to <code>SablotProcessStrings</code>. Calling it with an
-        invalid pointer will cause a crash. 
-      </p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>
-        int SablotRegHandler(
-        SablotHandle processor_, 
-        HandlerType type,   
-        void *handler, 
-        void *userData);
-      </code>
-          </p>
-          <p CLASS="">Registers an external handler. <code>type</code> can be
-        <code>HLR_MESSAGE</code>, <code>HLR_SCHEME</code>,
-        <code>HLR_SAX</code>, <code>HLR_MISC</code> or
-        <code>HLR_ENC</code>. 
-        <code>handler</code> points to the
-        callback vector of the appropriate type. <code>userData</code>
-        is a data item to passed to all callbacks of this particular
-        handler. For details, check the <code>sablot.h</code> and
-        <code>shandler.h</code> header files.
-      </p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>
-        int SablotUnregHandler(
-        SablotHandle processor_, 
-        HandlerType type,   
-        void *handler, 
-        void *userData);
-      </code>
-          </p>
-          <p CLASS="">Unregisters the given external handler. For details, check the
-      <code>sablot.h</code> and <code>shandler.h</code> header
-      files.</p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>
-        int SablotSetLog(
-        SablotHandle processor_,
-        const char *logFilename, 
-        int logLevel);
-      </code>
-          </p>
-          <p CLASS="">Sets the log filename. The <code>logLevel</code> parameter
-      is currently not used. Pass NULL for <code>logFilename</code> to
-      turn logging off (default). </p>
-          <p CLASS="">The other functions published by sablot.h have been
-      included for experimental reasons or for compatibility, and it
-      is better not to use them.
-      </p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>
-        int SablotClearError(SablotHandle processor_);
-      </code>
-          </p>
-          <p CLASS="">Clears the 'pending error' flag for this instance of
-      Sablotron.</p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__1416"></a>
-          <h3>
-            <a href="#toc_i__1048">7.3  Generalized interface functions</a>
-          </h3>
-          <p CLASS="">The implementation of the <a href="#dom">DOM interface</a>
-      brought the need to extend some of the functions described in
-      the previous section. This extension enables the user to:
-      </p>
-          <ul>
-        <li>process documents created by the DOM functions, and</li>
-        <li>process frequently used documents in pre-parsed form.</li>
-      </ul>
-          <p CLASS="">An object called <i>situation</i> is used to provide a
-persistent context for all calls to the DOM-related
-functions. Functions used to manipulate the situation are described in
-<a href="#situation">the following section</a>.</p>
-          <p CLASS="">
-            <b>Note:</b> If not specified otherwise, all these
-      functions return an error code. A positive value indicates an error.</p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>int SablotCreateDocument(SablotSituation S, 
-	    SDOM_Document *D);
-      </code>
-          </p>
-          <p CLASS="">Creates an empty document. Typically followed by calls to
-      DOM functions to populate the document.</p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>int SablotDestroyDocument(SablotSituation S, 
-	    SDOM_Document D);
-      </code>
-          </p>
-          <p CLASS="">Destroys a document, freeing all the nodes it has created.</p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>int SablotParse(SablotSituation S, 
-        const char *uri, SDOM_Document *D);
-      </code>
-          </p>
-          <p CLASS="">Reads in a document from the given URI.</p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>int SablotParseBuffer(SablotSituation S, 
-        const char *buffer, SDOM_Document *D);
-      </code>
-          </p>
-          <p CLASS="">Reads in a document from the given in-memory buffer.</p>
-          <p CLASS="">These functions have variants to be used if the document
-      is to be interpreted as an XSLT stylesheet, namely
-      <code>SablotParseStylesheet</code> and
-      <code>SablotParseStylesheetBuffer</code>.</p>
-          <p CLASS="">The following functions generalize
-      <code>SablotRunProcessor</code> in that they make it possible to
-      utilize an extra kind of a source document: a DOM tree.</p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>int SablotRunProcessorGen(SablotSituation S,
-        void *processor_,
-        char *sheetURI, 
-        char *inputURI, 
-        char *resultURI);    
-      </code>
-          </p>
-          <p CLASS="">A key ingredient of the extended interface. Only the URIs
-      of the sources and of the result document are given to it. The
-      rest of the information passed to
-      <code>SablotRunProcessor</code> is conveyed through
-      <code>SablotAddArgBuffer,</code> <code>SablotAddArgTree</code>
-      and <code>SablotAddParam.</code> The scheme part of the
-      stylesheet URI or the input URI may be "arg:", in which
-      case they refer to a buffer or tree passed by these
-      functions. </p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>int SablotAddArgBuffer(SablotSituation S,
-        void *processor_,
-        const char *argName,
-        const char *bufferValue);
-</code>
-          </p>
-          <p CLASS="">Creates a named buffer for the next processor run. The
-      buffer's name and contents are passed as arguments. The name
-      is interpreted relative to the 'arg:/' scheme.</p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>int SablotAddArgTree(SablotSituation S,
-        void *processor_,
-        const char *argName,
-        SDOM_Document tree);
-</code>
-          </p>
-          <p CLASS="">Associates the given document with a name for the next
-      processor run. The document is <i>not</i> destroyed after the
-      run is finished. The name is interpreted relative to the 'arg:/'
-      scheme.</p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>int SablotAddParam(SablotSituation S,
-        void *processor_,
-        const char *paramName,
-        const char *paramValue);
-      </code>
-          </p>
-          <p CLASS="">Adds a global stylesheet parameter for the next processor
-      run.</p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__1578"></a>
-          <h3>
-            <a href="#toc_i__1048">7.4  The situation object</a>
-          </h3>
-          <p CLASS="">
-            <a name="situation"></a>At present, the situation object primarily holds information on any pending errors. A
-situation is created using</p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>int SablotCreateSituation(SablotSituation
-      *SP);</code>
-          </p>
-          <p CLASS="">and destroyed by</p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>int SablotDestroySituation(SablotSituation
-      S);</code>
-          </p>
-          <p CLASS="">To clear the pending error flag in a situation, use</p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>int SablotClearSituation(SablotSituation
-      S);</code>
-          </p>
-          <p CLASS="">The following self-explanatory functions extract parts of the error information
-      from the situation:</p>
-          <p CLASS="" STYLE="background-color: #ffffee">
-            <code>
-        const char *SablotGetErrorURI(SablotSituation S);<br>
-        int SablotGetErrorLine(SablotSituation S);<br>
-        const char *SablotGetErrorMsg(SablotSituation S);
-     </code>
-          </p>
-        </DIV>
-        <DIV class="afterskip">
-          <a name="i__1631"></a>
-          <h3>
-            <a href="#toc_i__1048">7.5  Document Object Model (DOM) functions</a>
-          </h3>
-          <p CLASS="">
-            <a name="dom"></a>Starting with version 0.60, Sablotron implements
-      a major subset of the DOM Level 1 Core Specification <a href="#ref-dom">[DOM]</a>. A brief
-      description of the implemented interface follows; for more
-      details, please refer to the header file named
-      <code>sdom.h.</code>
-          </p>
-          <p CLASS="">All of the names related to the DOM interface start with
-      SDOM_ (for Sablot DOM).</p>
-          <p CLASS="">Major new types are <code>SDOM_Document</code> (a DOM tree) and
-      <code>SDOM_Node</code> (a node of the tree). A document can also be used in
-      place of a node. This reflects the fact in the DOM spec, 
-      Document is a subclass of Node. When used in this way, the
-      document represents its own root node (which is not the same as
-      the `root element').</p>
-          <p CLASS="">Other types include:</p>
-          <ul>
-        <li>
-              <code>SDOM_char:</code> a DOM character type. Currently, this is just
-        char. Note that the DOM spec requires that the DOM
-        implementations work with UTF-16. Sablotron deviates from this
-        by using UTF-8 instead. A separate set of functions taking
-        UTF-16 strings will be provided.</li>
-        <li>
-              <code>SDOM_NodeType:</code> a node type enum. Some of the values are
-        <code>SDOM_ELEMENT_NODE,</code> <code>SDOM_ATTRIBUTE_NODE</code> and <code>SDOM_TEXT_NODE.</code> See
-        <code>sdom.h</code> for the rest.</li>
-        <li>
-              <code>SDOM_NodeList:</code> a node list returned by some of the
-        functions.</li>
-        <li>
-              <code>SDOM_Exception:</code> DOM exception codes enum, with values such
-        as <code>SDOM_NOT_FOUND_ERR</code> or <code>SDOM_INVALID_NODE_TYPE</code>. See <code>sdom.h</code>
-        for details.</li>
-</ul>
-          <p CLASS="">The functions listed below are implemented more or less as defined in
-      the DOM Level 1 Specification, with two exceptions:
-      their names are prefixed with <code>SDOM_</code> and the first argument is
-      always a <code>SablotSituation.</code> All the functions return
-      a <code>SDOM_Exception.</code> </p>
-          <ul>
-<li>
-              <code>createElement, createAttribute, createTextNode,
-createCDATASection, createComment, createProcessingInstruction</code>
-            </li>
-<li>
-              <code>getNodeType, getNodeName, setNodeName, getNodeValue, setNodeValue</code>
-            </li>
-<li>
-              <code>getParentNode, getFirstChild, getLastChild, getPreviousSibling,
-getNextSibling, getOwnerDocument</code>
-            </li>
-<li>
-              <code>insertBefore, appendChild, removeChild, replaceChild</code>
-            </li>
-<li>
-              <code>cloneNode</code>
-            </li>
-<li>
-              <code>getAttribute, setAttribute, removeAttribute, getAttributeList</code>
-            </li>
-</ul>
-          <p CLASS="">Several functions have been added:</p>
-          <ul>
-<li>
-              <code>disposeNode</code> frees all memory used by the given node</li>
-<li>
-              <code>cloneForeignNode</code> clones a node from a different
-document</li>
-<li>
-              <code>docToString</code> serializes the document, returning the
-resulting string</li>
-<li>
-              <code>xql</code> performs an XPath query on the DOM tree,
-returning a list of the nodes satisfying it.</li>
-</ul>
-          <p CLASS="">In addition, there are some functions used to manipulate
-      the node lists returned by <code>xql</code> and
-      <code>getAttributeList</code>. These include
-      <code>getNodeListLength</code>, <code>getNodeListItem</code> and
-      <code>disposeNodeList</code>.</p>
-          <p CLASS="">Finally, there are functions to extract DOM
-      exception-related information from the situation object, namely
-      <code>getExceptionCode</code>, <code>getExceptionMessage</code>
-      and <code>getExceptionDetails</code>.</p>
-        </DIV>
-      </DIV>
-    </DIV>
-    <DIV class="afterskip">
-      <a name="i__1870"></a>
-      <h2>
-        <a href="#toc_i__1870">8  The command line interface</a>
-      </h2>
-      <DIV>
-        <p CLASS="">Sablotron comes with a command-line interface to the
-        shared library, which is a program named
-        <code>sabcmd</code>. At present, <code>sabcmd</code> is invoked
-        as follows:</p>
-        <p CLASS="" STYLE="background-color: #ffffee">
-          <code>
-      sabcmd [<i>options</i>] <i>stylesheet</i> [<i>input</i> [<i>result</i>]] [<i>assignments</i>]
-      </code>
-        </p>
-        <p CLASS="">The arguments are the URIs of the XSLT stylesheet, the
-      XML input document, and the resulting document, respectively. The
-      default for <code>
-            <i>input</i>
-          </code> is
-      <code>file://stdin</code> (meaning plain old stdin);
-      <code>
-            <i>result</i>
-          </code> defaults to
-      <code>file://stdout</code>. Filenames have to include the extension (if
-      any).</p>
-        <p CLASS="">You can display the list of available options by typing
-      <code>sabcmd --help</code>. Among the more useful ones are
-      <code>--log-file</code> (for setting the log file) and
-      <code>--measure</code> (measures and outputs the total
-      processing time).
-      </p>
-        <p CLASS="">
-          <a href="#fname-rules">The rules for filenames</a> are the same as
-      with <code>SablotProcess()</code>. 
-      </p>
-        <p CLASS="">
-          <code>assignments</code> is a series of definitions of the
-      form:</p>
-        <p CLASS="" STYLE="background-color: #ffffee">
-          <code>
-      name1=value1 name2=value2 ...
-      </code>
-        </p>
-        <p CLASS="">
-      assigning values to top-level stylesheet parameters and to named
-      buffers. These two cases are distinguished by a leading '$' in
-      the name of a stylesheet parameter. The names of the buffers do
-      <i>not</i> start with "arg:". They may start with a slash; if
-      they don't, the slash is prepended. 
-      </p>
-        <p CLASS="">
-          <b>Note:</b> In most cases, it will be necessary to quote
-      the individual assignments. Whether to use single or double
-      quotes may depend on the shell used (or may it?) Single quotes
-      work for bash, double quotes work in Windows.
-      </p>
-        <p CLASS="">If the result URI refers to a named buffer, the output
-      would normally remain buried in memory. Sabcmd dumps the buffer to standard
-      output instead.
-      </p>
-        <p CLASS="">To sum up and give an example, the following would be a
-      valid invocation of sabcmd:</p>
-        <p CLASS="" STYLE="background-color: #ffffee">
-          <code>
-      sabcmd sheet.xsl arg:/the_input "the_input=&lt;a/>"
-      "$use_defaults=1"
-      </code>
-        </p>
-        <p CLASS="">This processes the document passed in the buffer named
-      the_input, using a stylesheet found in file "sheet.xsl" in the
-      working directory. We assign 1 to the top-level parameter called
-      "use_defaults". The output goes to stdout by default.
-      </p>
-      </DIV>
-    </DIV>
-    <DIV class="afterskip">
-      <a name="i__2013"></a>
-      <h2>
-        <a href="#toc_i__2013">9  References</a>
-      </h2>
-      <DIV>
-        <dl>
-      <dt>
-            <a name="ref-xslt"></a>[XSLT]</dt>
-      <dd>
-        <a href="http://www.w3.org/TR/1999/REC-xslt-19991116">
-          XSL Transformations (XSLT) Version 1.0
-        </a>
-      </dd>
-
-      <dt>
-            <a name="ref-xpath"></a>[XPath]</dt>
-      <dd> 
-        <a href="http://www.w3.org/TR/1999/REC-xpath-19991116">
-          XML Path Language (XPath) Version 1.0
-        </a>
-      </dd>
-
-      <dt>
-            <a name="ref-xml"></a>[XML]</dt>
-      <dd>
-        <a href="http://www.w3.org/TR/1998/REC-xml-19980210">
-          Extensible Markup Language (XML) 1.0
-        </a>
-      </dd>
-
-      <dt>
-            <a name="ref-dom"></a>[DOM]</dt>
-      <dd>
-        <a href="http://www.w3.org/TR/REC-DOM-Level-1">
-          Document Object Model Level 1 Specification, Version 1.0
-        </a>
-      </dd>
-
-      <dt>
-            <a name="ref-rcover"></a>[Cover]</dt>
-      <dd>
-        <a href="http://www.oasis-open.org/cover/sgml-xml.html">
-          The XML Cover Pages</a>
-      </dd>
-      
-      <dt>
-            <a name="ref-xmlorg"></a>[XMLorg]</dt>
-      <dd>
-        <a href="http://xml.org">XML.org</a>
-      </dd>
-
-      <dt>
-            <a name="ref-xslinfo"></a>[XSLINFO]</dt>
-      <dd>
-        <a href="http://www.xslinfo.com">XSLINFO.com</a>
-      </dd>
-
-      <dt>
-            <a name="ref-bible"></a>[XMLBible14]</dt>
-      <dd>
-        <a href="http://metalab.unc.edu/xml/books/bible/updates/14.html">
-          Harold, E. R.: XML Bible, Chapter 14 (online presentation)
-        </a>
-      </dd>
-    </dl>
-      </DIV>
-    </DIV>
-    <hr>
-    <p STYLE="font-style: italic; margin-left: 0">(c) 2000 Ginger Alliance s.r.o.</p>
-  </body>
-</html>
\ No newline at end of file
diff --git a/client/test_fx_out1 b/client/test_fx_out1
deleted file mode 100644
index 6c8e4f4..0000000
--- a/client/test_fx_out1
+++ /dev/null
@@ -1,42 +0,0 @@
-<title>my directory page</title>
-My pages:
-<ul>
-<li> <a href=http://setiathome.ssl.berkeley.edu>SETI at home</a>
-<li> <a href=http://milkyway.ssl.berkeley.edu/davea/>My home page</a>
-<li> <a href=http://alicemclerran.com>AliceMcLerran.com</a>
-<li> <a href=http://setiathome.berkeley.edu/davea/alice/>AliceMcLerran.com staging</a>
-<li> <a href=file:/home/david/tp/html/index.html>Teachpoint local</a>
-<li> <a href=file:/home/david/tp/html/index_dev_local.html>Teachpoint dev local</a>
-<li> <a href=http://www.teachpoint.com>Teachpoint</a>
-<li> <a href=http://www.teachpoint.com/index_dev.html>Teachpoint dev</a>
-<li> <a href=http://setiathome.ssl.berkeley.edu/davea/mx/>ISME</a>
-<li> <a href=https://mail.ud.com>email</a>
-<li> <a href=file:/home/david/papers/sciam/text.html>SciAm paper</a>
-</ul>
-Docs:
-<ul>
-<li><a href=file:/home/david/html/Sablot-0-60.html>Sablot</a>
-<li><a href=file:/home/david/software/expat-1.95.2/doc/reference.html>Expat</a>
-<li><a href=file:/home/david/software/xerces-c1_5_1-linux/doc/html/index.html>Xerces</a>
-<li><a href=file:/home/david/xslt.html>XSLT</a>
-<li><a href=file:/home/david/mysql/manual_toc.html>MySQL</a>
-<li><a href=http://www.garshol.priv.no/download/text/http-tut.html>HTTP explained</a>
-</ul>
-Other pages:
-<ul>
-<li><a href=http://lynnerutter.com>Lynne</a>
-</ul>
-Search:
-<ul>
-<li>
-<form action=http://google.com/search>Google: <input name=q><input type=submit></form>
-<li> <a href=
-http://www.home.zonnet.nl/robschluter/htmltaglist/index_old.html
->HTML tag list</a>
-<li> <a href=http://www.m-w.com/netdict.htm>Dictionary</a>
-<li> <a href=http://world.altavista.com/>translations</a>
-<li> <a href=http://www.whowhere.lycos.com/Phone>People find</a>
-<li> <a href=http://ameritrade.com>Ameritrade</a>
-<li> <a href=http://weather.yahoo.com/>weather</a>
-</ul>
-<p>
diff --git a/client/time_stats.cpp b/client/time_stats.cpp
index d0c90ef..2ccdee1 100644
--- a/client/time_stats.cpp
+++ b/client/time_stats.cpp
@@ -76,7 +76,7 @@ int get_connected_state() {
 const float ALPHA = (SECONDS_PER_DAY*10);
 //const float ALPHA = 60;   // for testing
 
-void TIME_STATS::init() {
+void CLIENT_TIME_STATS::init() {
     last_update = 0;
     first = true;
     on_frac = 1;
@@ -84,6 +84,8 @@ void TIME_STATS::init() {
     active_frac = 1;
     gpu_active_frac = 1;
     cpu_and_network_available_frac = 1;
+    client_start_time = gstate.now;
+    previous_uptime = 0;
     previous_connected_state = CONNECTED_STATE_UNINITIALIZED;
     inactive_start = 0;
     trim_stats_log();
@@ -92,7 +94,7 @@ void TIME_STATS::init() {
 
 // if log file is over a meg, discard everything older than a year
 //
-void TIME_STATS::trim_stats_log() {
+void CLIENT_TIME_STATS::trim_stats_log() {
 #ifndef SIM
     double size;
     char buf[256];
@@ -137,7 +139,7 @@ void send_log_after(const char* filename, double t, MIOFILE& mf) {
 
 // copy the log file after a given time
 //
-void TIME_STATS::get_log_after(double t, MIOFILE& mf) {
+void CLIENT_TIME_STATS::get_log_after(double t, MIOFILE& mf) {
     if (time_stats_log) {
         fclose(time_stats_log);     // win: can't open twice
     }
@@ -150,7 +152,7 @@ void TIME_STATS::get_log_after(double t, MIOFILE& mf) {
 // so these get written to disk only when other activities
 // cause this to happen.  Maybe should change this.
 //
-void TIME_STATS::update(int suspend_reason, int _gpu_suspend_reason) {
+void CLIENT_TIME_STATS::update(int suspend_reason, int _gpu_suspend_reason) {
     double dt, w1, w2;
 
     bool is_active = !(suspend_reason & ~SUSPEND_REASON_CPU_THROTTLE);
@@ -276,21 +278,29 @@ void TIME_STATS::update(int suspend_reason, int _gpu_suspend_reason) {
 
 // Write XML based time statistics
 //
-int TIME_STATS::write(MIOFILE& out, bool to_server) {
+int CLIENT_TIME_STATS::write(MIOFILE& out, bool to_remote) {
     out.printf(
         "<time_stats>\n"
         "    <on_frac>%f</on_frac>\n"
         "    <connected_frac>%f</connected_frac>\n"
         "    <cpu_and_network_available_frac>%f</cpu_and_network_available_frac>\n"
         "    <active_frac>%f</active_frac>\n"
-        "    <gpu_active_frac>%f</gpu_active_frac>\n",
+        "    <gpu_active_frac>%f</gpu_active_frac>\n"
+        "    <client_start_time>%f</client_start_time>\n"
+        "    <previous_uptime>%f</previous_uptime>\n",
         on_frac,
         connected_frac,
         cpu_and_network_available_frac,
         active_frac,
-        gpu_active_frac
+        gpu_active_frac,
+        client_start_time,
+        previous_uptime
     );
-    if (!to_server) {
+    if (to_remote) {
+        out.printf(
+            "    <now>%f</now>\n", gstate.now
+        );
+    } else {
         out.printf(
             "    <last_update>%f</last_update>\n",
             last_update
@@ -302,7 +312,7 @@ int TIME_STATS::write(MIOFILE& out, bool to_server) {
 
 // Parse XML based time statistics, usually from client_state.xml
 //
-int TIME_STATS::parse(XML_PARSER& xp) {
+int CLIENT_TIME_STATS::parse(XML_PARSER& xp) {
     double x;
 #ifdef SIM
     double on_lambda = 3600, connected_lambda = 3600;
@@ -392,27 +402,27 @@ int TIME_STATS::parse(XML_PARSER& xp) {
     return ERR_XML_PARSE;
 }
 
-void TIME_STATS::start() {
+void CLIENT_TIME_STATS::start() {
     time_stats_log = fopen(TIME_STATS_LOG, "a");
     if (time_stats_log) {
         setbuf(time_stats_log, 0);
     }
 }
 
-void TIME_STATS::quit() {
+void CLIENT_TIME_STATS::quit() {
     log_append("power_off", gstate.now);
 }
 
 #ifdef SIM
-void TIME_STATS::log_append(const char* , double ) {}
+void CLIENT_TIME_STATS::log_append(const char* , double ) {}
 #else
-void TIME_STATS::log_append(const char* msg, double t) {
+void CLIENT_TIME_STATS::log_append(const char* msg, double t) {
     if (!time_stats_log) return;
     fprintf(time_stats_log, "%f %s\n", t, msg);
 }
 #endif
 
-void TIME_STATS::log_append_net(int new_state) {
+void CLIENT_TIME_STATS::log_append_net(int new_state) {
     switch(new_state) {
     case CONNECTED_STATE_NOT_CONNECTED:
         log_append("net_not_connected", gstate.now);
diff --git a/client/time_stats.h b/client/time_stats.h
index 9abc4d3..dfc3fba 100644
--- a/client/time_stats.h
+++ b/client/time_stats.h
@@ -18,32 +18,16 @@
 #ifndef _TIME_STATS_
 #define _TIME_STATS_
 
-#include "miofile.h"
 #include <vector>
 
-struct TIME_STATS {
+#include "miofile.h"
+#include "common_defs.h"
+
+struct CLIENT_TIME_STATS : TIME_STATS {
     bool first;
     int previous_connected_state;
 
     double last_update;
-// we maintain an exponentially weighted average of these quantities:
-    double on_frac;
-        // the fraction of total time this host runs the client
-    double connected_frac;
-        // of the time this host runs the client,
-        // the fraction it is connected to the Internet,
-        // or -1 if not known
-    double cpu_and_network_available_frac;
-        // of the time this host runs the client,
-        // the fraction it is connected to the Internet
-        // AND network usage is allowed (by prefs and user toggle)
-        // AND CPU usage is allowed
-    double active_frac;
-        // of the time this host runs the client,
-        // the fraction it is enabled to use CPU
-        // (as determined by preferences, manual suspend/resume, etc.)
-    double gpu_active_frac;
-        // same, GPU
 
     FILE* time_stats_log;
     double inactive_start;
@@ -51,7 +35,7 @@ struct TIME_STATS {
     void update(int suspend_reason, int gpu_suspend_reason);
 
     void init();
-    int write(MIOFILE&, bool to_server);
+    int write(MIOFILE&, bool to_remote);
     int parse(XML_PARSER&);
 
     double availability_frac(int rsc_type) {
diff --git a/client/work_fetch.cpp b/client/work_fetch.cpp
index e7384dc..e98bfed 100644
--- a/client/work_fetch.cpp
+++ b/client/work_fetch.cpp
@@ -187,6 +187,7 @@ void RSC_WORK_FETCH::rr_init() {
     deadline_missed_instances = 0;
     saturated_time = 0;
     busy_time_estimator.reset();
+    sim_used_instances = 0;
 }
 
 void RSC_WORK_FETCH::accumulate_shortfall(double d_time) {
@@ -204,6 +205,7 @@ void RSC_WORK_FETCH::accumulate_shortfall(double d_time) {
 
 void RSC_WORK_FETCH::update_saturated_time(double dt) {
     double idle = ninstances - sim_nused;
+    //msg_printf(0, MSG_INFO, "update_saturated rsc %d idle %f dt %f", rsc_type, idle, dt);
     if (idle < 1e-6) {
         saturated_time = dt;
     }
@@ -222,6 +224,10 @@ static bool wacky_dcf(PROJECT* p) {
 // If this resource is below min buffer level,
 // return the highest-priority project that may have jobs for it.
 //
+// It the resource has instanced starved because of exclusions,
+// return the highest-priority project that may have jobs
+// and doesn't exclude those instances.
+//
 // If strict is true, enforce hysteresis and backoff rules
 // (which are there to limit rate of scheduler RPCs).
 // Otherwise, we're going to do a scheduler RPC anyway
@@ -230,12 +236,21 @@ static bool wacky_dcf(PROJECT* p) {
 //
 PROJECT* RSC_WORK_FETCH::choose_project_hyst(bool strict) {
     PROJECT* pbest = NULL;
+    bool buffer_low = true;
     if (strict) {
-        if (saturated_time > gstate.work_buf_min()) return NULL;
+        if (saturated_time > gstate.work_buf_min()) buffer_low = false;
     } else {
-        if (saturated_time > gstate.work_buf_total()) return NULL;
+        if (saturated_time > gstate.work_buf_total()) buffer_low = false;
+    }
+
+    if (log_flags.work_fetch_debug) {
+        msg_printf(0, MSG_INFO,
+            "[work_fetch] buffer_low: %s; sim_excluded_instances %d\n",
+            buffer_low?"yes":"no", sim_excluded_instances
+        );
     }
-    if (saturated_time > gstate.work_buf_total()) return NULL;
+
+    if (!buffer_low && !sim_excluded_instances) return NULL;
 
     for (unsigned i=0; i<gstate.projects.size(); i++) {
         PROJECT* p = gstate.projects[i];
@@ -270,11 +285,11 @@ PROJECT* RSC_WORK_FETCH::choose_project_hyst(bool strict) {
         // computing shortfall etc. on a per-project basis
         //
         if (rsc_type) {
-            int n_not_excluded = ninstances - p->ncoprocs_excluded[rsc_type];
+            int n_not_excluded = ninstances - p->rsc_pwf[rsc_type].ncoprocs_excluded;
             if (n_not_excluded == 0) {
                 continue;
             }
-            if (p->ncoprocs_excluded[rsc_type]
+            if (p->rsc_pwf[rsc_type].ncoprocs_excluded
                 && p->rsc_pwf[rsc_type].n_runnable_jobs > n_not_excluded
             ) {
                 continue;
@@ -283,6 +298,16 @@ PROJECT* RSC_WORK_FETCH::choose_project_hyst(bool strict) {
 
         RSC_PROJECT_WORK_FETCH& rpwf = project_state(p);
         if (rpwf.anon_skip) continue;
+
+        // if we're sending work only because of exclusion starvation,
+        // make sure this project can use the starved instances
+        //
+        if (!buffer_low) {
+            if ((sim_excluded_instances & rpwf.non_excluded_instances) == 0) {
+                continue;
+            }
+        }
+
         if (pbest) {
             if (pbest->sched_priority > p->sched_priority) {
                 continue;
@@ -292,7 +317,11 @@ PROJECT* RSC_WORK_FETCH::choose_project_hyst(bool strict) {
     }
     if (!pbest) return NULL;
     work_fetch.clear_request();
-    work_fetch.set_all_requests_hyst(pbest, rsc_type);
+    if (buffer_low) {
+        work_fetch.set_all_requests_hyst(pbest, rsc_type);
+    } else {
+        set_request_excluded(pbest);
+    }
     return pbest;
 }
 
@@ -442,6 +471,29 @@ void RSC_WORK_FETCH::set_request(PROJECT* p) {
     }
 }
 
+// We're fetching work because some instances are starved because
+// of exclusions.
+// See how many N of these instances are not excluded for this project.
+// Ask for N instances and for N*work_buf_min seconds.
+//
+void RSC_WORK_FETCH::set_request_excluded(PROJECT* p) {
+    RSC_PROJECT_WORK_FETCH& pwf = project_state(p);
+
+    int inst_mask = sim_excluded_instances & pwf.non_excluded_instances;
+    int n = 0;
+    for (int i=0; i<ninstances; i++) {
+        if ((i<<i) & inst_mask) {
+            n++;
+        }
+    }
+    req_instances = n;
+    if (p->resource_share == 0 || config.fetch_minimal_work) {
+        req_secs = 1;
+    } else {
+        req_secs = n*gstate.work_buf_total();
+    }
+}
+
 void RSC_WORK_FETCH::print_state(const char* name) {
     msg_printf(0, MSG_INFO,
         "[work_fetch] %s: shortfall %.2f nidle %.2f saturated %.2f busy %.2f",
@@ -481,11 +533,14 @@ int PROJECT_WORK_FETCH::compute_cant_fetch_work_reason(PROJECT* p) {
     if (p->non_cpu_intensive) return CANT_FETCH_WORK_NON_CPU_INTENSIVE;
     if (p->suspended_via_gui) return CANT_FETCH_WORK_SUSPENDED_VIA_GUI;
     if (p->master_url_fetch_pending) return CANT_FETCH_WORK_MASTER_URL_FETCH_PENDING;
-    if (p->min_rpc_time > gstate.now) return CANT_FETCH_WORK_MIN_RPC_TIME;
     if (p->dont_request_more_work) return CANT_FETCH_WORK_DONT_REQUEST_MORE_WORK;
     if (p->some_download_stalled()) return CANT_FETCH_WORK_DOWNLOAD_STALLED;
     if (p->some_result_suspended()) return CANT_FETCH_WORK_RESULT_SUSPENDED;
     if (p->too_many_uploading_results) return CANT_FETCH_WORK_TOO_MANY_UPLOADS;
+
+    // this goes last
+    //
+    if (p->min_rpc_time > gstate.now) return CANT_FETCH_WORK_MIN_RPC_TIME;
     return 0;
 }
 
@@ -877,7 +932,7 @@ void WORK_FETCH::set_initial_work_request(PROJECT* p) {
         rsc_work_fetch[i].req_secs = 1;
         if (i) {
             RSC_WORK_FETCH& rwf = rsc_work_fetch[i];
-            if (rwf.ninstances ==  p->ncoprocs_excluded[i]) {
+            if (rwf.ninstances ==  p->rsc_pwf[i].ncoprocs_excluded) {
                 rsc_work_fetch[i].req_secs = 0;
             }
         }
diff --git a/client/work_fetch.h b/client/work_fetch.h
index 975d145..4f1a1d3 100644
--- a/client/work_fetch.h
+++ b/client/work_fetch.h
@@ -100,6 +100,11 @@ struct RSC_PROJECT_WORK_FETCH {
     int n_runnable_jobs;
     double sim_nused;
     double nused_total;     // sum of instances over all runnable jobs
+    int ncoprocs_excluded;
+        // number of excluded instances
+    int non_excluded_instances;
+        // bitmap of non-excluded instances
+        // (i.e. instances this project's jobs can run on)
     int deadlines_missed;
     int deadlines_missed_copy;
         // copy of the above used during schedule_cpus()
@@ -116,6 +121,8 @@ struct RSC_PROJECT_WORK_FETCH {
         n_runnable_jobs = 0;
         sim_nused = 0;
         nused_total = 0;
+        ncoprocs_excluded = 0;
+        non_excluded_instances = 0;
         deadlines_missed = 0;
         deadlines_missed_copy = 0;
     }
@@ -201,6 +208,11 @@ struct RSC_WORK_FETCH {
         // seconds of idle instances between now and now+work_buf_total()
     double nidle_now;
     double sim_nused;
+    int sim_used_instances;
+        // bitmap of instances used in simulation,
+        // taking into account GPU exclusions
+    int sim_excluded_instances;
+        // bitmap of instances not used (i.e. starved because of exclusion)
     double total_fetchable_share;
         // total RS of projects from which we could fetch jobs for this device
     double saturated_time;
@@ -241,6 +253,7 @@ struct RSC_WORK_FETCH {
     void print_state(const char*);
     void clear_request();
     void set_request(PROJECT*);
+    void set_request_excluded(PROJECT*);
     bool may_have_work(PROJECT*);
     RSC_WORK_FETCH() {
         rsc_type = 0;
diff --git a/clientgui/BOINCGUIApp.cpp b/clientgui/BOINCGUIApp.cpp
index d9ef683..f8ab2d6 100644
--- a/clientgui/BOINCGUIApp.cpp
+++ b/clientgui/BOINCGUIApp.cpp
@@ -928,12 +928,19 @@ bool CBOINCGUIApp::SetActiveGUI(int iGUISelection, bool bShowWindow) {
             m_pConfig->SetPath(wxT("/Simple"));
             m_pConfig->Read(wxT("YPos"), &iTop, 30);
             m_pConfig->Read(wxT("XPos"), &iLeft, 30);
+
+            // We don't save Simple View's width & height since it's 
+            // window is not resizable, so don't try to read them
 #ifdef __WXMAC__
-            m_pConfig->Read(wxT("Width"), &iWidth, 409);
-            m_pConfig->Read(wxT("Height"), &iHeight, 561);
+//            m_pConfig->Read(wxT("Width"), &iWidth, 409);
+//            m_pConfig->Read(wxT("Height"), &iHeight, 561);
+            iWidth = 409;
+            iHeight = 561;
 #else
-            m_pConfig->Read(wxT("Width"), &iWidth, 416);
-            m_pConfig->Read(wxT("Height"), &iHeight, 570);
+//            m_pConfig->Read(wxT("Width"), &iWidth, 416);
+//            m_pConfig->Read(wxT("Height"), &iHeight, 570);
+            iWidth = 416;
+            iHeight = 570;
 #endif
         }
 
diff --git a/clientgui/BOINCListCtrl.cpp b/clientgui/BOINCListCtrl.cpp
index 7a6410d..c6c174b 100644
--- a/clientgui/BOINCListCtrl.cpp
+++ b/clientgui/BOINCListCtrl.cpp
@@ -267,7 +267,7 @@ wxListItemAttr* CBOINCListCtrl::OnGetItemAttr(long item) const {
 
 void CBOINCListCtrl::DrawProgressBars()
 {
-    long topItem, numItems, numVisibleItems, i, row;
+    long topItem, numItems, numVisibleItems, row;
     wxRect r, rr;
     int w = 0, x = 0, xx, yy, ww;
     int progressColumn = m_pParentView->GetProgressColumn();
@@ -300,7 +300,7 @@ void CBOINCListCtrl::DrawProgressBars()
         if (numItems <= (topItem + numVisibleItems)) numVisibleItems = numItems - topItem;
 
         x = 0;
-        for (i=0; i< progressColumn; i++) {
+        for (int i=0; i< progressColumn; i++) {
             x += GetColumnWidth(i);
         }
         w = GetColumnWidth(progressColumn);
diff --git a/clientgui/MainDocument.cpp b/clientgui/MainDocument.cpp
index be3bbb8..3a2d763 100644
--- a/clientgui/MainDocument.cpp
+++ b/clientgui/MainDocument.cpp
@@ -906,8 +906,8 @@ void CMainDocument::RunPeriodicRPCs(int frameRefreshRate) {
         pFrame->AddPendingEvent(event);
         CTaskBarIcon* pTaskbar = wxGetApp().GetTaskBarIcon();
         if (pTaskbar) {
-            CTaskbarEvent event(wxEVT_TASKBAR_REFRESH, pTaskbar);
-            pTaskbar->AddPendingEvent(event);
+            CTaskbarEvent tbevent(wxEVT_TASKBAR_REFRESH, pTaskbar);
+            pTaskbar->AddPendingEvent(tbevent);
         }
         CDlgEventLog* eventLog = wxGetApp().GetEventLog();
         if (eventLog) {
@@ -1303,10 +1303,10 @@ PROJECT* CMainDocument::project(unsigned int i) {
 
 
 PROJECT* CMainDocument::project(char* url) {
-	for (unsigned int i=0; i< state.projects.size(); i++) {
-		PROJECT* tp = state.projects[i];
-		if (!strcmp(url, tp->master_url)) return tp;
-	}
+    for (unsigned int i=0; i< state.projects.size(); i++) {
+        PROJECT* tp = state.projects[i];
+        if (!strcmp(url, tp->master_url)) return tp;
+    }
     return NULL;
 }
 
@@ -1528,7 +1528,9 @@ int CMainDocument::WorkResume(char* url, char* name) {
 // If the graphics application for the current task is already 
 // running, return a pointer to its RUNNING_GFX_APP struct.
 //
-RUNNING_GFX_APP* CMainDocument::GetRunningGraphicsApp(RESULT* result, int slot) {
+RUNNING_GFX_APP* CMainDocument::GetRunningGraphicsApp(
+    RESULT* rp, int slot
+) {
     bool exited = false;
     std::vector<RUNNING_GFX_APP>::iterator gfx_app_iter;
     
@@ -1536,7 +1538,7 @@ RUNNING_GFX_APP* CMainDocument::GetRunningGraphicsApp(RESULT* result, int slot)
         gfx_app_iter != m_running_gfx_apps.end(); 
         gfx_app_iter++
     ) {
-         if ( (slot >= 0) && ((*gfx_app_iter).slot != slot) ) continue;
+         if ((slot >= 0) && ((*gfx_app_iter).slot != slot)) continue;
 
 #ifdef _WIN32
         unsigned long exit_code;
@@ -1551,8 +1553,9 @@ RUNNING_GFX_APP* CMainDocument::GetRunningGraphicsApp(RESULT* result, int slot)
         }
 #endif
         if (! exited) {
-            if ( (result->name == (*gfx_app_iter).name) &&
-                (result->project_url == (*gfx_app_iter).project_url) ) {
+            if ((rp->name == (*gfx_app_iter).name) &&
+                (rp->project_url == (*gfx_app_iter).project_url)
+            ) {
                 return &(*gfx_app_iter);
             }
     
@@ -1660,15 +1663,15 @@ void CMainDocument::KillGraphicsApp(int pid) {
 }
 #endif
 
-int CMainDocument::WorkShowGraphics(RESULT* result) {
+int CMainDocument::WorkShowGraphics(RESULT* rp) {
     int iRetVal = 0;
     
-    if (strlen(result->web_graphics_url)) {
-        wxString url(result->web_graphics_url, wxConvUTF8);
+    if (strlen(rp->web_graphics_url)) {
+        wxString url(rp->web_graphics_url, wxConvUTF8);
         wxLaunchDefaultBrowser(url);
         return 0;
     }
-    if (strlen(result->graphics_exec_path)) {
+    if (strlen(rp->graphics_exec_path)) {
         // V6 Graphics
         RUNNING_GFX_APP gfx_app;
         RUNNING_GFX_APP* previous_gfx_app;
@@ -1680,12 +1683,12 @@ int CMainDocument::WorkShowGraphics(RESULT* result) {
         int      id;
 #endif
 
-        p = strrchr((char*)result->slot_path, '/');
+        p = strrchr((char*)rp->slot_path, '/');
         if (!p) return ERR_INVALID_PARAM;
         slot = atoi(p+1);
         
         // See if we are already running the graphics application for this task
-        previous_gfx_app = GetRunningGraphicsApp(result, slot);
+        previous_gfx_app = GetRunningGraphicsApp(rp, slot);
 
 #ifndef __WXMSW__
         char* argv[4];
@@ -1709,13 +1712,13 @@ int CMainDocument::WorkShowGraphics(RESULT* result) {
         // exits with "RegisterProcess failed (error = -50)" unless 
         // we pass its full path twice in the argument list to execv.
         //
-        argv[1] = (char *)result->graphics_exec_path;
-        argv[2] = (char *)result->graphics_exec_path;
+        argv[1] = (char *)rp->graphics_exec_path;
+        argv[2] = (char *)rp->graphics_exec_path;
         argv[3] = 0;
     
          if (g_use_sandbox) {
             iRetVal = run_program(
-                result->slot_path,
+                rp->slot_path,
                "../../switcher/switcher",
                 3,
                 argv,
@@ -1724,8 +1727,8 @@ int CMainDocument::WorkShowGraphics(RESULT* result) {
             );
         } else {        
             iRetVal = run_program(
-                result->slot_path,
-                result->graphics_exec_path,
+                rp->slot_path,
+                rp->graphics_exec_path,
                 1,
                 &argv[2],
                 0,
@@ -1741,8 +1744,8 @@ int CMainDocument::WorkShowGraphics(RESULT* result) {
         argv[0] = 0;
         
         iRetVal = run_program(
-            result->slot_path,
-            result->graphics_exec_path,
+            rp->slot_path,
+            rp->graphics_exec_path,
             0,
             argv,
             0,
@@ -1751,8 +1754,8 @@ int CMainDocument::WorkShowGraphics(RESULT* result) {
 #endif
         if (!iRetVal) {
             gfx_app.slot = slot;
-            gfx_app.project_url = result->project_url;
-            gfx_app.name = result->name;
+            gfx_app.project_url = rp->project_url;
+            gfx_app.name = rp->name;
             gfx_app.pid = id;
             m_running_gfx_apps.push_back(gfx_app);
         }
@@ -1775,32 +1778,32 @@ int CMainDocument::WorkShowVMConsole(RESULT* result) {
         strCommand = wxT("rdesktop-vrdp ") + strConnection;
         wxExecute(strCommand);
 #elif defined(__WXMAC__)
-    FSRef theFSRef;
-    OSStatus status = noErr;
+        FSRef theFSRef;
+        OSStatus status = noErr;
 
-    // I have found no reliable way to pass the IP address and port to Microsoft's 
-    // Remote Desktop Connection application for the Mac, so I'm using CoRD.  
-    // Unfortunately, CoRD does not seem as reliable as I would like either.
-    //
-    // First try to find the CoRD application by Bundle ID and Creator Code
-    status = LSFindApplicationForInfo('RDC#', CFSTR("net.sf.cord"),   
+        // I have found no reliable way to pass the IP address and port to Microsoft's 
+        // Remote Desktop Connection application for the Mac, so I'm using CoRD.  
+        // Unfortunately, CoRD does not seem as reliable as I would like either.
+        //
+        // First try to find the CoRD application by Bundle ID and Creator Code
+        status = LSFindApplicationForInfo('RDC#', CFSTR("net.sf.cord"),   
                                         NULL, &theFSRef, NULL);
-    if (status != noErr) {
-        CBOINCBaseFrame* pFrame = wxGetApp().GetFrame();
-        if (pFrame) {
-            pFrame->ShowAlert(
-                _("Missing application"), 
-                _("Please download and install the CoRD application from http://cord.sourceforge.net"),
-                wxOK | wxICON_INFORMATION,
+        if (status != noErr) {
+            CBOINCBaseFrame* pFrame = wxGetApp().GetFrame();
+            if (pFrame) {
+                pFrame->ShowAlert(
+                    _("Missing application"), 
+                    _("Please download and install the CoRD application from http://cord.sourceforge.net"),
+                    wxOK | wxICON_INFORMATION,
                     false
                 );
-        } 
-        return ERR_FILE_MISSING;
-    }
+            } 
+            return ERR_FILE_MISSING;
+        }
 
-    strCommand = wxT("osascript -e 'tell application \"CoRD\"' -e 'activate' -e 'open location \"rdp://") + strConnection + wxT("\"' -e 'end tell'");
-    strCommand.Replace(wxT("localhost"), wxT("127.0.0.1"));
-    system(strCommand.char_str());
+        strCommand = wxT("osascript -e 'tell application \"CoRD\"' -e 'activate' -e 'open location \"rdp://") + strConnection + wxT("\"' -e 'end tell'");
+        strCommand.Replace(wxT("localhost"), wxT("127.0.0.1"));
+        system(strCommand.char_str());
 #endif
     }
 
@@ -2377,11 +2380,11 @@ int CMainDocument::GetSimpleGUIWorkCount() {
     CachedSimpleGUIUpdate();
     CachedStateUpdate();
 
-	for(i=0; i<results.results.size(); i++) {
-		if (results.results[i]->active_task) {
-			iCount++;
-		}
-	}
+    for(i=0; i<results.results.size(); i++) {
+        if (results.results[i]->active_task) {
+            iCount++;
+        }
+    }
     return iCount;
 }
 
@@ -2403,12 +2406,17 @@ wxString suspend_reason_wxstring(int reason) {
     return _("unknown reason");
 }
 
+bool uses_gpu(RESULT* r) {
+	// kludge.  But r->avp isn't populated.
+    return (strstr(r->resources, "GPU") != NULL);
+}
+
 wxString result_description(RESULT* result, bool show_resources) {
     CMainDocument* doc = wxGetApp().GetDocument();
     PROJECT* project;
     CC_STATUS       status;
     int             retval;
-	wxString strBuffer= wxEmptyString;
+    wxString strBuffer= wxEmptyString;
 
     strBuffer.Clear();
     retval = doc->GetCoreClientStatus(status);
@@ -2421,7 +2429,7 @@ wxString result_description(RESULT* result, bool show_resources) {
     }
 
     project = doc->state.lookup_project(result->project_url);
-	int throttled = status.task_suspend_reason & SUSPEND_REASON_CPU_THROTTLE;
+    int throttled = status.task_suspend_reason & SUSPEND_REASON_CPU_THROTTLE;
     switch(result->state) {
     case RESULT_NEW:
         strBuffer += _("New"); 
@@ -2449,6 +2457,13 @@ wxString result_description(RESULT* result, bool show_resources) {
             if (strlen(result->resources) && show_resources) {
                 strBuffer += wxString(wxT(" (")) + wxString(result->resources, wxConvUTF8) + wxString(wxT(")"));
             }
+        } else if (status.gpu_suspend_reason && uses_gpu(result)) {
+            strBuffer += _("GPU suspended - ");
+            strBuffer += suspend_reason_wxstring(status.gpu_suspend_reason);
+            if (strlen(result->resources) && show_resources) {
+                strBuffer += wxString(wxT(" (")) + wxString(result->resources, wxConvUTF8) + wxString(wxT(")"));
+            }
+        } else if (status.gpu_suspend_reason && uses_gpu(result)) {
         } else if (result->active_task) {
             if (result->too_large) {
                 strBuffer += _("Waiting for memory");
diff --git a/clientgui/Makefile.am b/clientgui/Makefile.am
index 5a9ed33..2be390c 100644
--- a/clientgui/Makefile.am
+++ b/clientgui/Makefile.am
@@ -1,5 +1,5 @@
 ## -*- mode: makefile; tab-width: 4 -*-
-## $Id: Makefile.am 24510 2011-11-03 02:35:04Z romw $
+## $Id$
 
 include $(top_srcdir)/Makefile.incl
 
diff --git a/clientgui/ViewMessages.cpp b/clientgui/ViewMessages.cpp
index cb07fdf..41d397e 100644
--- a/clientgui/ViewMessages.cpp
+++ b/clientgui/ViewMessages.cpp
@@ -614,4 +614,4 @@ bool CViewMessages::CloseClipboard() {
 #endif
 
 
-const char *BOINC_RCSID_0be7149475 = "$Id: ViewMessages.cpp 21706 2010-06-08 18:56:53Z davea $";
+const char *BOINC_RCSID_0be7149475 = "$Id$";
diff --git a/clientgui/_wx_intellisense.h b/clientgui/_wx_intellisense.h
deleted file mode 100644
index 1913071..0000000
--- a/clientgui/_wx_intellisense.h
+++ /dev/null
@@ -1,13 +0,0 @@
-/*
- * This file enables intellisense for wxWindows. It is included in the project,
- * but never actually included in any cpp source.
- *
- * It needs to be opened once to create the *.ncb file.
- * You can close this file now.
- * 
- * NOTE: To enable intellisense for your other projects, copy this file to the project
- * and include it in your workspace. Then open the file and close it again to give
- * Visual Studio the opportunity to parse the file and add its contents to intellisense.
- */
-#include <wx/msw/__wx_intellisense_inc.h>
-
diff --git a/clientgui/mac/CE_ss_logo.tiff b/clientgui/mac/CE_ss_logo.tiff
new file mode 100644
index 0000000..308454b
Binary files /dev/null and b/clientgui/mac/CE_ss_logo.tiff differ
diff --git a/clientgui/mac/MacAccessiblity.cpp b/clientgui/mac/MacAccessiblity.cpp
new file mode 100755
index 0000000..fca045f
--- /dev/null
+++ b/clientgui/mac/MacAccessiblity.cpp
@@ -0,0 +1,1902 @@
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2009 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+//  macAccessiblity.cpp
+
+#include <Carbon/Carbon.h>
+
+#include "stdwx.h"
+#include "BOINCGUIApp.h"
+#include "BOINCBaseFrame.h"
+#include "BOINCBaseView.h"
+#include "DlgEventLog.h"
+#include "MainDocument.h"
+#include "AdvancedFrame.h"
+#include "BOINCListCtrl.h"
+#include "DlgEventLogListCtrl.h"
+#include "ProjectListCtrl.h"
+#include "NoticeListCtrl.h"
+#include "ViewStatistics.h"
+#include "wxPieCtrl.h"
+#include "sg_BoincSimpleGUI.h"
+#include "Events.h"
+#include "macAccessiblity.h"
+
+#define MAX_LIST_COL 100
+
+UInt64 makeElementIdentifier(SInt32 row, SInt32 col, Boolean isHeader) {
+    UInt64 id = (((row + 1) * MAX_LIST_COL) + (col + 1)) * 2;
+    if (isHeader) id |= 1;
+return id;
+}
+
+void parseElementIdentifier(UInt64 inIdentifier, SInt32& row, SInt32&col, Boolean& isHeader) {
+    isHeader = inIdentifier & 1;
+    row = (inIdentifier / (MAX_LIST_COL * 2)) - 1;
+    col = ((inIdentifier / 2) % MAX_LIST_COL) - 1;
+}
+
+void AccessibilityIgnoreAllChildren(HIViewRef parent, int recursionLevel) {
+    HIViewRef       child;
+    OSStatus        err;
+    
+    if (recursionLevel > 100) {
+        fprintf(stderr, "Error: AccessibilityIgnoreAllChildren recursion level > 100\n");
+        return;
+    }
+
+    child = HIViewGetFirstSubview(parent);
+    while (child) {
+        err = HIObjectSetAccessibilityIgnored((HIObjectRef)child, true);
+        AccessibilityIgnoreAllChildren(child, recursionLevel + 1);
+        child = HIViewGetNextView(child);
+    }
+}
+
+
+pascal OSStatus BOINCListAccessibilityEventHandler( EventHandlerCallRef inHandlerCallRef,
+                                    EventRef inEvent, void* pData);
+
+pascal OSStatus HTMLListAccessibilityEventHandler( EventHandlerCallRef inHandlerCallRef,
+                                    EventRef inEvent, void* pData);
+
+    static EventTypeSpec myAccessibilityEvents[] = {
+                                    { kEventClassAccessibility, kEventAccessibleGetChildAtPoint },
+                                    { kEventClassAccessibility, kEventAccessibleGetFocusedChild },
+                                    { kEventClassAccessibility, kEventAccessibleGetAllAttributeNames },
+                                    { kEventClassAccessibility, kEventAccessibleGetAllParameterizedAttributeNames },
+                                    { kEventClassAccessibility, kEventAccessibleIsNamedAttributeSettable },
+                                    { kEventClassAccessibility, kEventAccessibleSetNamedAttribute },
+                                    { kEventClassAccessibility, kEventAccessibleGetNamedAttribute },
+                                    { kEventClassAccessibility, kEventAccessibleGetAllActionNames },			
+                                    { kEventClassAccessibility, kEventAccessibleGetNamedActionDescription },
+                                    { kEventClassAccessibility, kEventAccessiblePerformNamedAction }			
+                                };
+
+
+    static EventTypeSpec Simple_AccessibilityEvents[] = {
+                                    { kEventClassAccessibility, kEventAccessibleGetNamedAttribute }			
+                                };
+
+pascal OSStatus SimpleAccessibilityEventHandler( EventHandlerCallRef inHandlerCallRef,
+                                    EventRef inEvent, void* pData);
+
+pascal OSStatus PieCtrlAccessibilityEventHandler( EventHandlerCallRef inHandlerCallRef,
+                                    EventRef inEvent, void* pData);
+
+
+
+#if !USE_NATIVE_LISTCONTROL
+void CBOINCListCtrl::SetupMacAccessibilitySupport() {
+    HIViewRef                       listControlView;
+    HIViewRef                       headerView;
+    HIViewRef                       bodyView;
+    SInt32                          response;
+    Boolean                         snowLeopard;
+    OSErr                           err;
+
+    err = Gestalt(gestaltSystemVersion, &response);
+    snowLeopard = (err == noErr) && (response >= 0x1060);
+    
+    listControlView = (HIViewRef)GetHandle();
+    headerView = HIViewGetFirstSubview(listControlView);
+    bodyView = HIViewGetNextView(headerView);
+    err = HIViewSetEnabled(headerView, true);
+
+    accessibilityHandlerData.pList = (wxGenericListCtrl*)this;
+    accessibilityHandlerData.pView = m_pParentView;
+    accessibilityHandlerData.pEventLog = NULL;
+    accessibilityHandlerData.bodyView = bodyView;
+    accessibilityHandlerData.headerView = headerView;
+    accessibilityHandlerData.snowLeopard = snowLeopard;
+    
+    err = InstallHIObjectEventHandler((HIObjectRef)bodyView, NewEventHandlerUPP(BOINCListAccessibilityEventHandler), 
+                                sizeof(myAccessibilityEvents) / sizeof(EventTypeSpec), myAccessibilityEvents, 
+                                                        &accessibilityHandlerData, &m_pBodyAccessibilityEventHandlerRef); 
+
+    err = InstallHIObjectEventHandler((HIObjectRef)headerView, NewEventHandlerUPP(BOINCListAccessibilityEventHandler), 
+                                sizeof(myAccessibilityEvents) / sizeof(EventTypeSpec), myAccessibilityEvents, 
+                                                        &accessibilityHandlerData, &m_pHeaderAccessibilityEventHandlerRef); 
+}
+
+
+void CBOINCListCtrl::RemoveMacAccessibilitySupport() {
+    ::RemoveEventHandler(m_pBodyAccessibilityEventHandlerRef);
+    ::RemoveEventHandler(m_pHeaderAccessibilityEventHandlerRef);
+}
+#endif
+
+
+void CDlgEventLogListCtrl::SetupMacAccessibilitySupport() {
+#if !USE_NATIVE_LISTCONTROL
+    HIViewRef                       listControlView;
+    HIViewRef                       headerView;
+    HIViewRef                       bodyView;
+    SInt32                          response;
+    Boolean                         snowLeopard;
+    OSErr                           err;
+
+    err = Gestalt(gestaltSystemVersion, &response);
+    snowLeopard = (err == noErr) && (response >= 0x1060);
+
+    listControlView = (HIViewRef)GetHandle();
+     headerView = HIViewGetFirstSubview(listControlView);
+     bodyView = HIViewGetNextView(headerView);
+     err = HIViewSetEnabled(headerView, true);
+    
+    accessibilityHandlerData.pList = (wxGenericListCtrl*)this;
+    accessibilityHandlerData.pView = NULL;
+    accessibilityHandlerData.pEventLog = m_pParentView;
+    accessibilityHandlerData.bodyView = bodyView;
+    accessibilityHandlerData.headerView = headerView;
+    accessibilityHandlerData.snowLeopard = snowLeopard;
+
+    err = InstallHIObjectEventHandler((HIObjectRef)bodyView, NewEventHandlerUPP(BOINCListAccessibilityEventHandler), 
+                                sizeof(myAccessibilityEvents) / sizeof(EventTypeSpec), myAccessibilityEvents, 
+                                                        &accessibilityHandlerData, &m_pBodyAccessibilityEventHandlerRef); 
+
+    err = InstallHIObjectEventHandler((HIObjectRef)headerView, NewEventHandlerUPP(BOINCListAccessibilityEventHandler), 
+                                sizeof(myAccessibilityEvents) / sizeof(EventTypeSpec), myAccessibilityEvents, 
+                                                        &accessibilityHandlerData, &m_pHeaderAccessibilityEventHandlerRef); 
+#endif
+}
+
+
+void CDlgEventLogListCtrl::RemoveMacAccessibilitySupport() {
+#if !USE_NATIVE_LISTCONTROL
+    ::RemoveEventHandler(m_pBodyAccessibilityEventHandlerRef);
+    ::RemoveEventHandler(m_pHeaderAccessibilityEventHandlerRef);
+#endif
+}
+
+
+typedef struct {
+    CProjectListCtrlAccessible* pProjectListCtrlAccessible;
+    CNoticeListCtrlAccessible*  pNoticeListCtrlAccessible;
+} HTMLListAccessibilityHandlerData;
+
+
+void CProjectListCtrlAccessible::SetupMacAccessibilitySupport() {
+    static      HTMLListAccessibilityHandlerData userData;
+    OSErr       err;
+
+    CProjectListCtrl* pCtrl = wxDynamicCast(mp_win, CProjectListCtrl);
+    wxASSERT(pCtrl);
+    
+    if (pCtrl)
+    {
+        m_listView = (HIViewRef)pCtrl->GetHandle();
+        err = HIViewSetEnabled(m_listView, true);
+        userData.pProjectListCtrlAccessible = this;
+        userData.pNoticeListCtrlAccessible = NULL;
+    
+        err = InstallHIObjectEventHandler((HIObjectRef)m_listView, NewEventHandlerUPP(HTMLListAccessibilityEventHandler), 
+                                sizeof(myAccessibilityEvents) / sizeof(EventTypeSpec), myAccessibilityEvents, 
+                                                        &userData, &m_plistAccessibilityEventHandlerRef);
+    } else {
+        m_plistAccessibilityEventHandlerRef =  NULL;
+    }
+}
+
+
+void CProjectListCtrlAccessible::RemoveMacAccessibilitySupport() {
+    if (m_plistAccessibilityEventHandlerRef) {
+        ::RemoveEventHandler(m_plistAccessibilityEventHandlerRef);
+        m_plistAccessibilityEventHandlerRef = NULL;
+   }
+}
+
+
+void CNoticeListCtrlAccessible::SetupMacAccessibilitySupport() {
+    static      HTMLListAccessibilityHandlerData userData;
+    OSErr       err;
+
+    CNoticeListCtrl* pCtrl = wxDynamicCast(mp_win, CNoticeListCtrl);
+    wxASSERT(pCtrl);
+    
+    if (pCtrl)
+    {
+        m_listView = (HIViewRef)pCtrl->GetHandle();
+        err = HIViewSetEnabled(m_listView, true);
+        userData.pProjectListCtrlAccessible = NULL;
+        userData.pNoticeListCtrlAccessible = this;
+    
+        err = InstallHIObjectEventHandler((HIObjectRef)m_listView, NewEventHandlerUPP(HTMLListAccessibilityEventHandler), 
+                                sizeof(myAccessibilityEvents) / sizeof(EventTypeSpec), myAccessibilityEvents, 
+                                                        &userData, &m_plistAccessibilityEventHandlerRef);
+    } else {
+        m_plistAccessibilityEventHandlerRef =  NULL;
+    }
+}
+
+
+void CNoticeListCtrlAccessible::RemoveMacAccessibilitySupport() {
+    if (m_plistAccessibilityEventHandlerRef) {
+        ::RemoveEventHandler(m_plistAccessibilityEventHandlerRef);
+        m_plistAccessibilityEventHandlerRef = NULL;
+   }
+}
+
+
+void CSimplePanel::SetupMacAccessibilitySupport() {
+    OSStatus        err;
+    wxString        str = _("for accessibility support, please select advanced from the view menu or type command shift a");
+    HIViewRef       simple = (HIViewRef)GetHandle();
+    CFStringRef     description = CFStringCreateWithCString(NULL, str.char_str(), kCFStringEncodingUTF8);
+                                               
+    // Have the screen reader tell user to switch to advanced view.
+    HIObjectSetAuxiliaryAccessibilityAttribute((HIObjectRef)simple, 0, kAXDescriptionAttribute, description);
+    CFRelease( description );
+
+    err = InstallHIObjectEventHandler((HIObjectRef)simple, NewEventHandlerUPP(SimpleAccessibilityEventHandler), 
+                                sizeof(Simple_AccessibilityEvents) / sizeof(EventTypeSpec), Simple_AccessibilityEvents, 
+                                                        this, &m_pSGAccessibilityEventHandlerRef);
+}
+
+
+void CSimplePanel::RemoveMacAccessibilitySupport() {
+    if (m_pSGAccessibilityEventHandlerRef) {
+        ::RemoveEventHandler(m_pSGAccessibilityEventHandlerRef);
+        m_pSGAccessibilityEventHandlerRef = NULL;
+   }
+}
+
+
+void CTaskItemGroup::SetupMacAccessibilitySupport() {
+    OSStatus        err;
+    HIViewRef       boxView = (HIViewRef)m_pStaticBox->GetHandle();
+
+    if (m_pTaskGroupAccessibilityEventHandlerRef == NULL) {
+        err = InstallHIObjectEventHandler((HIObjectRef)boxView, NewEventHandlerUPP(SimpleAccessibilityEventHandler), 
+                                sizeof(Simple_AccessibilityEvents) / sizeof(EventTypeSpec), Simple_AccessibilityEvents, 
+                                                        this, &m_pTaskGroupAccessibilityEventHandlerRef);
+    }
+}
+
+
+void CTaskItemGroup::RemoveMacAccessibilitySupport() {
+    if (m_pTaskGroupAccessibilityEventHandlerRef) {
+        ::RemoveEventHandler(m_pTaskGroupAccessibilityEventHandlerRef);
+        m_pTaskGroupAccessibilityEventHandlerRef = NULL;
+   }
+}
+
+
+void CViewStatistics::SetupMacAccessibilitySupport() {
+    OSStatus        err;
+    HIViewRef       paintPanelView = (HIViewRef)m_PaintStatistics->GetHandle();
+    wxString        str = _("This panel contains graphs showing user totals for projects");
+    CFStringRef     description = CFStringCreateWithCString(NULL, str.char_str(), kCFStringEncodingUTF8);
+                                               
+    // Have the screen reader tell user to switch to advanced view.
+    HIObjectSetAuxiliaryAccessibilityAttribute((HIObjectRef)paintPanelView, 0, kAXDescriptionAttribute, description);
+    CFRelease( description );
+
+    err = InstallHIObjectEventHandler((HIObjectRef)paintPanelView, NewEventHandlerUPP(SimpleAccessibilityEventHandler), 
+                                sizeof(Simple_AccessibilityEvents) / sizeof(EventTypeSpec), Simple_AccessibilityEvents, 
+                                                        this, &m_pStatisticsAccessibilityEventHandlerRef);
+}
+
+
+void CViewStatistics::RemoveMacAccessibilitySupport() {
+    ::RemoveEventHandler(m_pStatisticsAccessibilityEventHandlerRef);
+}
+
+
+void wxPieCtrl::SetupMacAccessibilitySupport() {
+    OSStatus        err;
+    HIViewRef       pieControlView = (HIViewRef)GetHandle();
+
+    HIObjectSetAuxiliaryAccessibilityAttribute((HIObjectRef)pieControlView, 0, kAXDescriptionAttribute, CFSTR(""));
+
+    err = InstallHIObjectEventHandler((HIObjectRef)pieControlView, NewEventHandlerUPP(PieCtrlAccessibilityEventHandler), 
+                                sizeof(Simple_AccessibilityEvents) / sizeof(EventTypeSpec), Simple_AccessibilityEvents, 
+                                                        this, &m_pPieCtrlAccessibilityEventHandlerRef);
+}
+
+
+void wxPieCtrl::RemoveMacAccessibilitySupport() {
+    if (m_pPieCtrlAccessibilityEventHandlerRef) {
+        ::RemoveEventHandler(m_pPieCtrlAccessibilityEventHandlerRef);
+        m_pPieCtrlAccessibilityEventHandlerRef = NULL;
+   }
+}
+
+
+pascal OSStatus BOINCListAccessibilityEventHandler( EventHandlerCallRef inHandlerCallRef,
+                                    EventRef inEvent, void* pData) {
+    const UInt32        eventClass = GetEventClass(inEvent);
+    const UInt32        eventKind = GetEventKind(inEvent);
+    OSStatus            err;
+    wxGenericListCtrl*  pList = ((ListAccessData*)pData)->pList;
+    CBOINCBaseView*     pView = ((ListAccessData*)pData)->pView;
+    HIViewRef           headerView = ((ListAccessData*)pData)->headerView;
+    HIViewRef           bodyView = ((ListAccessData*)pData)->bodyView;
+    CDlgEventLog*       pEventLog = ((ListAccessData*)pData)->pEventLog;
+    Boolean             snowLeopard = ((ListAccessData*)pData)->snowLeopard;
+
+    if (eventClass != kEventClassAccessibility) {
+        return eventNotHandledErr;
+    }
+
+    AXUIElementRef	element;
+    UInt64		inIdentifier = 0;
+    UInt64              outIdentifier = 0;
+    SInt32              row = 0;
+    SInt32              col = 0;
+    Boolean             isHeader;
+    HIObjectRef         obj = NULL;
+    
+    err = GetEventParameter (inEvent, kEventParamAccessibleObject, 
+                typeCFTypeRef, NULL, sizeof(typeCFTypeRef), NULL, &element);
+    if (err) return err;
+    
+    AXUIElementGetIdentifier( element, &inIdentifier );
+    obj = AXUIElementGetHIObject(element);
+    
+    parseElementIdentifier(inIdentifier, row, col, isHeader);
+    if (obj == (HIObjectRef)headerView) {
+        isHeader = true;
+    }
+
+    switch (eventKind) {
+#pragma mark kEventAccessibleGetChildAtPoint
+        case kEventAccessibleGetChildAtPoint:
+        {
+            CFTypeRef	child = NULL;
+            HIPoint		where;
+            long        theRow = wxNOT_FOUND;
+            long        ignored;
+            int         hitflags;
+            int         x = 0;
+            
+            // Only the whole view or rows can be tested since the cells don't have sub-parts.
+            if (col >= 0) {
+                return noErr;
+            }
+
+            err = GetEventParameter (inEvent, kEventParamMouseLocation, 
+                        typeHIPoint, NULL, sizeof(HIPoint), NULL, &where);
+            if (err) return err;
+
+            wxPoint     p((int)where.x, (int)where.y);
+            pList->ScreenToClient(&p.x, &p.y);
+
+            int xoff = pList->GetScrollPos(wxHORIZONTAL);
+            if (xoff) {
+                int ppux, ppuy;
+                wxScrolledWindow * win = ((CBOINCListCtrl*)pList)->GetMainWin();
+                win->GetScrollPixelsPerUnit(&ppux, &ppuy);
+                x -= (xoff * ppux);
+            }
+
+            // HitTest returns the column only on wxMSW
+            int n = pList->GetColumnCount();
+            for (col=0; col<n; col++) {
+                x += pList->GetColumnWidth(col);
+                if (p.x < x) break;
+            }
+            
+            if (col >= n) {
+                return noErr;
+            }
+            
+            if (isHeader) {
+                outIdentifier = makeElementIdentifier(-1, col, true);
+            } else {
+                theRow = pList->HitTest(p, hitflags, &ignored);
+                if (theRow == wxNOT_FOUND) {
+                    return noErr;
+                }
+                // Child of body is a row
+                outIdentifier = (theRow + 1) * MAX_LIST_COL;
+                outIdentifier = makeElementIdentifier(theRow, -1, false);
+                if (row >= 0) {
+                    // Child of row is a cell
+                    outIdentifier = makeElementIdentifier(theRow, col, false);
+                }
+           }
+
+            child = AXUIElementCreateWithHIObjectAndIdentifier(obj, outIdentifier );
+            if (child == NULL) {
+                return eventNotHandledErr;
+            }
+            
+            err = SetEventParameter (inEvent, kEventParamAccessibleChild, typeCFTypeRef, 
+                                        sizeof(typeCFTypeRef), &child);
+            if (err) {
+                return eventNotHandledErr;
+            }
+            
+            return noErr;
+        }
+        break;
+
+#pragma mark kEventAccessibleGetFocusedChild
+        case kEventAccessibleGetFocusedChild:
+            return noErr;
+        break;
+
+#pragma mark kEventAccessibleGetAllAttributeNames
+        case kEventAccessibleGetAllAttributeNames:
+        {
+            CFMutableArrayRef	namesArray;
+
+            err = GetEventParameter (inEvent, kEventParamAccessibleAttributeNames, 
+                    typeCFMutableArrayRef, NULL, sizeof(typeCFMutableArrayRef), NULL, &namesArray);
+            if (err) 
+                return err;
+
+            CallNextEventHandler( inHandlerCallRef, inEvent );
+            
+            if ( (row < 0) && (col < 0) ) { // the whole view
+                // col < 0 means an entire row.
+                // Let accessibility know that this view has children and can
+                // return a list of them.
+                CFArrayAppendValue( namesArray, kAXChildrenAttribute );
+                if (!isHeader) {
+                    if (snowLeopard) {
+                        CFArrayAppendValue( namesArray, kAXVisibleChildrenAttribute );
+                        CFArrayAppendValue( namesArray, kAXSelectedChildrenAttribute );
+                        CFArrayAppendValue( namesArray, kAXOrientationAttribute );
+                    } else {
+                        CFArrayAppendValue( namesArray, kAXVisibleRowsAttribute );
+                        CFArrayAppendValue( namesArray, kAXRowsAttribute );
+                        CFArrayAppendValue( namesArray, kAXSelectedRowsAttribute );
+                        CFArrayAppendValue( namesArray, kAXColumnsAttribute );
+                        CFArrayAppendValue( namesArray, kAXSelectedColumnsAttribute );
+                        CFArrayAppendValue( namesArray, kAXHeaderAttribute );
+                        CFArrayAppendValue( namesArray, kAXVisibleColumnsAttribute );
+                    }
+                }
+            } else {
+                if (isHeader) {
+                    if (pView) {
+                        // Sortable list
+                        CFArrayAppendValue( namesArray, kAXSubroleAttribute );
+                        CFArrayAppendValue( namesArray, kAXTitleAttribute );
+                        if (snowLeopard) {
+                            CFArrayAppendValue( namesArray, kAXSortDirectionAttribute );
+                        }
+                    }else {
+                        // Event Log is not sortable
+                        CFArrayAppendValue( namesArray, kAXValueAttribute );
+                    }
+                 } else {
+                    if (col < 0) {
+                        // Row has children
+                        CFArrayAppendValue( namesArray, kAXChildrenAttribute );
+                        CFArrayAppendValue( namesArray, kAXSelectedAttribute );
+                        CFArrayAppendValue( namesArray, kAXIndexAttribute );
+                        CFArrayAppendValue( namesArray, kAXVisibleChildrenAttribute );
+                        CFArrayAppendValue( namesArray, kAXSubroleAttribute );
+                    } else {
+                        CFArrayAppendValue( namesArray, kAXValueAttribute );
+                    }
+                }
+                // Let accessibility know that this view's children can return description,
+                // size, position, parent window, top level element and isFocused attributes.
+                CFArrayAppendValue( namesArray, kAXWindowAttribute );
+                CFArrayAppendValue( namesArray, kAXTopLevelUIElementAttribute );
+                CFArrayAppendValue( namesArray, kAXSizeAttribute );
+                CFArrayAppendValue( namesArray, kAXPositionAttribute );
+                CFArrayAppendValue( namesArray, kAXEnabledAttribute );
+            }
+            
+            CFArrayAppendValue( namesArray, kAXFocusedAttribute );
+            CFArrayAppendValue( namesArray, kAXRoleAttribute );
+            CFArrayAppendValue( namesArray, kAXRoleDescriptionAttribute );
+            CFArrayAppendValue( namesArray, kAXDescriptionAttribute );
+            CFArrayAppendValue( namesArray, kAXParentAttribute );
+
+            return noErr;
+        }
+        break;
+            
+#pragma mark kEventAccessibleGetAllParameterizedAttributeNames
+        case kEventAccessibleGetAllParameterizedAttributeNames:
+        {
+            CFMutableArrayRef	namesArray;
+
+            err = GetEventParameter (inEvent, kEventParamAccessibleAttributeNames, 
+                    typeCFMutableArrayRef, NULL, sizeof(typeCFMutableArrayRef), NULL, &namesArray);
+            if (err) return err;
+
+            return noErr;
+        }
+        break;
+            
+#pragma mark kEventAccessibleGetNamedAttribute (Entire list or entire header)
+        case kEventAccessibleGetNamedAttribute:
+        {
+            CFStringRef			attribute;
+
+            err = GetEventParameter (inEvent, kEventParamAccessibleAttributeName, 
+                        typeCFStringRef, NULL, sizeof(typeCFStringRef), NULL, &attribute);
+            if (err) return err;
+
+            if ( CFStringCompare( attribute, kAXFocusedAttribute, 0 ) == kCFCompareEqualTo ) {
+                // Return whether or not this part is focused.
+//TODO: Add real kAXFocusedAttribute support?
+                Boolean				focused = false;
+                
+                SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeBoolean, sizeof( focused ), &focused );
+                return noErr;
+            }
+
+            if ( (row < 0) && (col < 0) ) { // Entire list or entire header
+                // String compare the incoming attribute name and return the appropriate accessibility
+                // information as an event parameter.
+            
+                if ( CFStringCompare( attribute, kAXChildrenAttribute, 0 ) == kCFCompareEqualTo ) {
+                    // Create and return an array of AXUIElements describing the children of this view.
+                    CFMutableArrayRef	children;
+                    AXUIElementRef		child;
+
+                    if (isHeader) {
+                        int             c, n = pList->GetColumnCount();
+                        children = CFArrayCreateMutable( kCFAllocatorDefault, n, &kCFTypeArrayCallBacks );
+
+                        for ( c = 0; c < n; c++ ) {
+                            // Header item for each column
+                            outIdentifier = makeElementIdentifier(-1, c, true);
+                            child = AXUIElementCreateWithHIObjectAndIdentifier( obj, outIdentifier );
+                            CFArrayAppendValue( children, child );
+                            CFRelease( child );
+                        }
+                    } else {        // ! isHeader
+                        int             r, m = pList->GetItemCount();
+                        children = CFArrayCreateMutable( kCFAllocatorDefault, m, &kCFTypeArrayCallBacks );
+
+                        // Data rows are each children of entire list
+                        for ( r = 0; r < m; r++ ) {
+                        // For each row
+                            outIdentifier = makeElementIdentifier(r, -1, false);
+                            child = AXUIElementCreateWithHIObjectAndIdentifier( obj, outIdentifier );
+                            CFArrayAppendValue( children, child );
+                            CFRelease( child );
+                        }
+                    }
+                    
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( children ), &children );
+                    CFRelease( children );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXHeaderAttribute, 0 ) == kCFCompareEqualTo ) {
+                    AXUIElementRef		child;
+
+                    outIdentifier = makeElementIdentifier(-1, -1, true);
+                    child = AXUIElementCreateWithHIObjectAndIdentifier( (HIObjectRef)headerView, outIdentifier );
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( child ), &child );
+                    CFRelease( child );
+                    return noErr;
+ 
+                } else if ( CFStringCompare( attribute, kAXRowsAttribute, 0 ) == kCFCompareEqualTo ) {
+                    CFMutableArrayRef	children;
+                    AXUIElementRef		child;
+
+                    int             r, m = pList->GetItemCount();
+                    children = CFArrayCreateMutable( kCFAllocatorDefault, m, &kCFTypeArrayCallBacks );
+
+                    // Data rows are each children of entire list
+                    for ( r = 0; r < m; r++ ) {
+                    // For each row
+                        outIdentifier = makeElementIdentifier(r, -1, false);
+                        child = AXUIElementCreateWithHIObjectAndIdentifier( obj, outIdentifier );
+                        CFArrayAppendValue( children, child );
+                        CFRelease( child );
+                    }
+
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( children ), &children );
+                    CFRelease( children );
+                    return noErr; 
+
+                } else if (( CFStringCompare( attribute, kAXVisibleRowsAttribute, 0 ) == kCFCompareEqualTo ) 
+                            || ( CFStringCompare( attribute, kAXVisibleChildrenAttribute, 0 ) == kCFCompareEqualTo )) {
+                    CFMutableArrayRef	children;
+                    AXUIElementRef		child;
+                    int                 numItems, topItem, numVisibleItems, r;
+
+                    children = CFArrayCreateMutable( kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks );
+
+                    numItems = pList->GetItemCount();
+                    if (numItems) {
+                        topItem = pList->GetTopItem();     // Doesn't work properly for Mac Native control in wxMac-2.8.7
+
+                        numVisibleItems = pList->GetCountPerPage();
+                        ++numVisibleItems;
+
+                        if (numItems <= (topItem + numVisibleItems)) numVisibleItems = numItems - topItem;
+                        for ( r = 0; r < numVisibleItems; r++ ) {     // For each visible row
+                            outIdentifier = makeElementIdentifier(r, -1, false);
+                            child = AXUIElementCreateWithHIObjectAndIdentifier( obj, outIdentifier );
+                            CFArrayAppendValue( children, child );
+                            CFRelease( child );
+                        }
+                    }
+
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( children ), &children );
+                    CFRelease( children );
+                    return noErr;
+
+                } else if (( CFStringCompare( attribute, kAXSelectedChildrenAttribute, 0 ) == kCFCompareEqualTo ) 
+                			|| ( CFStringCompare( attribute, kAXSelectedRowsAttribute, 0 ) == kCFCompareEqualTo )) {
+                    CFMutableArrayRef	children;
+                    AXUIElementRef		child;
+                    int                 r;
+                    
+                    children = CFArrayCreateMutable( kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks );
+
+                    r = -1;
+                    while (1) {
+                        // Step through all selected items
+                        r = pList->GetNextItem(r, wxLIST_NEXT_ALL, wxLIST_STATE_SELECTED);
+                        if (r < 0) break;
+                        outIdentifier = makeElementIdentifier(r, -1, false);
+                        child = AXUIElementCreateWithHIObjectAndIdentifier( obj, outIdentifier );
+                        CFArrayAppendValue( children, child );
+                        CFRelease( child );
+                    }
+             
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( children ), &children );
+                    CFRelease( children );
+                    return noErr;
+
+                } else if (( CFStringCompare( attribute, kAXColumnsAttribute, 0 ) == kCFCompareEqualTo )
+                            || ( CFStringCompare( attribute, kAXSelectedColumnsAttribute, 0 ) == kCFCompareEqualTo )
+                            || ( CFStringCompare( attribute, kAXVisibleColumnsAttribute, 0 ) == kCFCompareEqualTo )
+                            ) {
+                    CFMutableArrayRef	children;
+                    
+                    // Tell system we don't have any columns
+                    children = CFArrayCreateMutable( kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks );
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( children ), &children );
+                    CFRelease( children );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXOrientationAttribute, 0 ) == kCFCompareEqualTo ) {
+                    CFStringRef		orientation = kAXVerticalOrientationValue;
+                    
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( orientation ), &orientation );
+                    return noErr;
+
+
+                } else if ( CFStringCompare( attribute, kAXRoleAttribute, 0 ) == kCFCompareEqualTo ) {
+                    // Return a string indicating the role of this view. Using the table role doesn't work.
+                    CFStringRef		role = kAXGroupRole;
+                    if (!isHeader) {
+                    	role = snowLeopard ? kAXListRole : kAXOutlineRole;
+                    }
+                    
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( role ), &role );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXRoleDescriptionAttribute, 0 ) == kCFCompareEqualTo ) {
+                    // Return a string indicating the role of this part.
+
+                    CFStringRef		role = kAXGroupRole;
+                    if (!isHeader) {
+                    	role = snowLeopard ? kAXListRole : kAXOutlineRole;
+                    }
+                    CFStringRef roleDesc = HICopyAccessibilityRoleDescription( role, NULL );
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue , typeCFTypeRef, sizeof( roleDesc ), &roleDesc );
+                    CFRelease( roleDesc );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXDescriptionAttribute, 0 ) == kCFCompareEqualTo ) {
+                    // Return a string indicating the role of this part.
+                    wxString        str;
+                    int             n = pList->GetItemCount();
+
+                    if (isHeader) {
+                        str = _("list headers");
+                    } else {
+                        if (pEventLog) {
+                            // To allow localization, we can't just append string 
+                            // " is empty" because that assumes English word order.
+                            if (n) {
+                                str = _("list of events");
+                            } else {
+                                str = _("list of events is empty");
+                            }
+                        } else {
+                            if (pView) {
+                                if (n) {
+                                    str.Printf(_("list of %s"), pView->GetViewDisplayName().c_str());
+                                } else {
+                                    str.Printf(_("list of %s is empty"), pView->GetViewDisplayName().c_str());
+                                }
+                            }
+                        }
+                    }
+                    
+                    CFStringRef		description = CFStringCreateWithCString(NULL, str.char_str(), kCFStringEncodingUTF8);
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( description ), &description );
+                    CFRelease( description );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXParentAttribute, 0 ) == kCFCompareEqualTo ) {
+                    AXUIElementRef		parent;
+                    HIViewRef           parentView;
+                    
+                    parentView = (HIViewGetSuperview(isHeader ? headerView : bodyView));
+                    parent = AXUIElementCreateWithHIObjectAndIdentifier((HIObjectRef)parentView, 0);
+                    if (parent == NULL) {
+                        return eventNotHandledErr;
+                    }
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( parent ), &parent );
+                    CFRelease( parent );
+                    return noErr;
+                
+                } else if ( CFStringCompare( attribute, kAXSizeAttribute, 0 ) == kCFCompareEqualTo ) {
+                    HIRect          r;
+                    HISize          size;
+                    
+                    err = HIViewGetBounds(isHeader ? headerView : bodyView, &r);                    
+                    size = r.size;
+                    if (!isHeader) {
+                        size.height += pList->m_headerHeight;
+                    }
+                    
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeHISize, sizeof( HISize ), &size );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXPositionAttribute, 0 ) == kCFCompareEqualTo ) {
+                    HIRect          r;
+                    HIPoint         pt;
+                    int             x, y;
+
+                    err = HIViewGetBounds(isHeader ? headerView : bodyView, &r);
+                    x = r.origin.x;
+                    y = r.origin.y;
+                    
+                    // Now convert to global coordinates
+                    pList->ClientToScreen(&x, &y);
+                    pt.x = x;
+                    pt.y = y - pList->m_headerHeight;
+
+                    SetEventParameter(inEvent, kEventParamAccessibleAttributeValue, typeHIPoint, sizeof(HIPoint), &pt);
+                    return noErr;
+
+                } else {
+                    return CallNextEventHandler( inHandlerCallRef, inEvent );
+
+                }
+                
+#pragma mark kEventAccessibleGetNamedAttribute (row or item)
+            } else {        // End if ( (row < 0) && (col < 0) )
+            
+                if ( CFStringCompare( attribute, kAXChildrenAttribute, 0 ) == kCFCompareEqualTo ) {
+                    if (col >= 0) {
+                        return eventNotHandledErr;
+                    }
+                    // Create and return an array of AXUIElements describing the children of this view.
+                    CFMutableArrayRef	children;
+                    AXUIElementRef		child;
+                    int                 c, n = pList->GetColumnCount();
+                    
+                    children = CFArrayCreateMutable( kCFAllocatorDefault, n, &kCFTypeArrayCallBacks );
+
+                    for ( c = 0; c < n; c++ ) {
+                        // For each column
+                        outIdentifier = makeElementIdentifier(row, c, isHeader);
+                        child = AXUIElementCreateWithHIObjectAndIdentifier( obj, outIdentifier );
+                        CFArrayAppendValue( children, child );
+                        CFRelease( child );
+                    }
+                    
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( children ), &children );
+                    CFRelease( children );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXDescriptionAttribute, 0 ) == kCFCompareEqualTo ) {
+                    wxString        str, buf;
+                    int             rowCount;
+                    Boolean         isCurrentSortCol = false;
+
+                    if (isHeader) {
+                        wxListItem      headerItem;
+                        int             numCols = pList->GetColumnCount();
+
+                        pList->GetColumn(col, headerItem);
+                        if (pView) {
+                            if (col == pView->m_iSortColumn) {
+                                isCurrentSortCol = true;
+                            }
+                        }
+                        if (isCurrentSortCol) {
+                            if (pView->m_bReverseSort) {
+                                buf.Printf(_("; current sort column %d of %d; descending order; "), col+1, numCols);
+                            } else {
+                                buf.Printf(_("; current sort column %d of %d; ascending order; "), col+1, numCols);
+                            }
+                        } else {
+                            buf.Printf(_("; column %d of %d; "), col+1, numCols);
+                        }
+                        str = headerItem.GetText();
+                        str += buf;
+                    } else {    // ! isHeader
+                        rowCount = pList->GetItemCount();
+                        if (rowCount <= 0) {
+                            str = _("list is empty");                         
+                        } else {
+                            if (col < 0) {
+                                str.Printf(_("; row %d; "), row+1);
+                            } else {
+                                if (pList->GetItemState(row, wxLIST_STATE_SELECTED) & wxLIST_STATE_SELECTED) {
+                                    if (col == 0) {
+                                        buf.Printf(_("; selected row %d of %d; "), row+1, rowCount);
+                                    } else {
+                                        buf.Printf(_("; selected row %d ; "), row+1);
+                                    }
+                                } else {        // Row is not selected
+                                    if (col == 0) {
+                                        buf.Printf(_("; row %d of %d; "), row+1, rowCount);
+                                    } else {
+                                        buf.Printf(_("; row %d; "), row+1);
+                                    }
+                                }
+
+                                if (pEventLog) {
+                                    str = pEventLog->OnListGetItemText(row, col);
+                                } else {
+                                    str = pView->FireOnListGetItemText(row, col);
+                                }
+
+                                if (str.IsEmpty()) {
+                                    str = _("blank");
+                                }
+                                
+                                str += buf;
+                           }
+                        }
+                    }
+                    
+                    CFStringRef		description = CFStringCreateWithCString(NULL, str.char_str(), kCFStringEncodingUTF8);
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( description ), &description );
+                    CFRelease( description );
+                    return noErr;
+                    
+                } else if ( CFStringCompare( attribute, kAXValueAttribute, 0 ) == kCFCompareEqualTo ) {
+                    CFStringRef		value = CFSTR("");
+
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( value ), &value );
+                    CFRelease( value );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXParentAttribute, 0 ) == kCFCompareEqualTo ) {
+                    AXUIElementRef		parent;
+                    HIViewRef           parentView;
+
+                    parentView = isHeader ? headerView : bodyView;
+                    if (isHeader) {
+                        outIdentifier = 0;      // Parent is entire list
+                    } else {            // ! isHeader
+                        if (col < 0) {  // Data row
+                            outIdentifier = 0;      // Parent is entire list
+                        } else {
+                            outIdentifier = makeElementIdentifier(row, -1, isHeader);   // Parent of cell is data row
+                        }
+                    }
+                    parent = AXUIElementCreateWithHIObjectAndIdentifier((HIObjectRef)parentView, outIdentifier);
+                    if (parent == NULL) {
+                        return eventNotHandledErr;
+                    }
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( parent ), &parent );
+                    CFRelease( parent );
+                    return noErr;
+                
+                } else if ( CFStringCompare( attribute, kAXSubroleAttribute, 0 ) == kCFCompareEqualTo ) {
+                    CFStringRef		subRole;
+                    
+                    if (isHeader) {
+	                    if (pView) {
+                            subRole = kAXSortButtonSubrole;
+	                    } else {
+	                        return eventNotHandledErr;
+	                    }
+                    } else {    // ! isHeader
+                        if (col < 0) {
+                            subRole = kAXOutlineRowSubrole;     
+                        } else {
+                            return eventNotHandledErr;
+                        }
+                    }
+                    
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( subRole ), &subRole );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXRoleAttribute, 0 ) == kCFCompareEqualTo ) {
+                    // Return a string indicating the role of this part. The parts of the view behave like
+                    // buttons, so use that system role.
+
+                    CFStringRef		role;
+
+                    if (isHeader) {
+                        if (pView) {
+                            role = kAXButtonRole;
+                        } else {
+                            role = kAXStaticTextRole;
+                        }
+                    } else if (col < 0) {
+                        role = kAXRowRole;
+                    } else {
+                        role = kAXStaticTextRole;
+                    }
+
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( role ), &role );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXRoleDescriptionAttribute, 0 ) == kCFCompareEqualTo ) {
+                    // Return a string describing the role of this part. Use the system description.
+                    CFStringRef		roleDesc;
+                    
+                    if (isHeader) {
+                        if (pView) {
+                                roleDesc = HICopyAccessibilityRoleDescription( kAXButtonRole, kAXSortButtonSubrole );
+                        } else {
+                            roleDesc = HICopyAccessibilityRoleDescription( kAXStaticTextRole, NULL );
+                        }
+                    } else {    // ! isHeader
+                        CFStringRef		role = kAXStaticTextRole;
+                        if (col < 0) {
+                            if (snowLeopard) {
+                                role = kAXRowRole;
+                            } else {
+                                role = kAXOutlineRowSubrole;
+                            }
+                        }
+                        roleDesc = HICopyAccessibilityRoleDescription( role, NULL );
+                    }
+
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( roleDesc ), &roleDesc );
+                    CFRelease( roleDesc );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXSortDirectionAttribute, 0 ) == kCFCompareEqualTo ) {
+                    CFStringRef		sortDirection;
+
+                    if (col == pView->m_iSortColumn) {
+                        sortDirection = pView->m_bReverseSort ? kAXDescendingSortDirectionValue : kAXAscendingSortDirectionValue;
+                    } else {
+                        sortDirection = kAXUnknownSortDirectionValue;
+                    }
+
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( sortDirection ), &sortDirection );
+                    CFRelease( sortDirection );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXSizeAttribute, 0 ) == kCFCompareEqualTo ) {
+                    HISize          size;
+                    wxRect          r;
+                    
+                    // Return the size of this part as an HISize.
+                    size.width = pList->GetColumnWidth(col);
+                    if (isHeader) {
+                        size.height = pList->m_headerHeight;
+                    } else {    // ! isHeader
+                        pList->GetItemRect(row, r);
+                        size.height = r.height;
+                        if (col < 0) {
+                            size.width = r.width;
+                        }
+                    }
+
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeHISize, sizeof( HISize ), &size );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXPositionAttribute, 0 ) == kCFCompareEqualTo ) {
+                    HIPoint         pt;
+                    wxRect          r;
+                    int             i, x = 0, y = 0, xoff = 0, ppux, ppuy;
+                    
+                    // Return the position of this part as an HIPoint.
+                    // First get the position relative to the ListCtrl
+                    for (i=0; i<col; i++) {
+                        x += pList->GetColumnWidth(i);
+                    }
+                    
+                    if (!isHeader) {
+                        pList->GetItemRect(row, r);
+                        y = r.y - 1;
+                        if (col < 0) {
+                            x = r.x;
+                        }
+                    }
+                    xoff = pList->GetScrollPos(wxHORIZONTAL);
+                    if (xoff) {
+                        wxScrolledWindow * win = ((CBOINCListCtrl*)pList)->GetMainWin();
+                        win->GetScrollPixelsPerUnit(&ppux, &ppuy);
+                        x -= (xoff * ppux);
+                    }
+                    // Now convert to global coordinates
+                    pList->ClientToScreen(&x, &y);
+                    pt.x = x;
+                    pt.y = y - pList->m_headerHeight;
+
+                    SetEventParameter(inEvent, kEventParamAccessibleAttributeValue, typeHIPoint, sizeof(HIPoint), &pt);
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXWindowAttribute, 0 ) == kCFCompareEqualTo
+                        || CFStringCompare( attribute, kAXTopLevelUIElementAttribute, 0 ) == kCFCompareEqualTo ) {
+                    // Return the window or top level ui element for this part. They are both the same so re-use the code.
+                    AXUIElementRef		windOrTopUI;
+
+                    WindowRef win = GetControlOwner(bodyView);
+ 
+                    if (win == NULL) {
+                        return eventNotHandledErr;
+                    }
+                    
+                    windOrTopUI = AXUIElementCreateWithHIObjectAndIdentifier( (HIObjectRef)win, 0 );
+                    if (windOrTopUI == NULL) {
+                        return eventNotHandledErr;
+                    }
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( windOrTopUI ), &windOrTopUI );
+                    CFRelease( windOrTopUI );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXEnabledAttribute, 0 ) == kCFCompareEqualTo ) {
+                    Boolean				enabled = true;
+                    
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeBoolean, sizeof( enabled ), &enabled );
+                    return noErr;
+                
+//TODO: Add kAXFocusedAttribute support?
+#if 0
+                } else if ( CFStringCompare( attribute, kAXFocusedAttribute, 0 ) == kCFCompareEqualTo ) {
+                    // Return whether or not this part is focused.
+                    Boolean				focused = false;
+                    
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeBoolean, sizeof( focused ), &focused );
+                    return noErr;
+#endif
+
+                } else if ( CFStringCompare( attribute, kAXSelectedAttribute, 0 ) == kCFCompareEqualTo ) {
+                    if (col >= 0) {
+                        return eventNotHandledErr;
+                    }
+                    Boolean isSelected = pList->GetItemState(row, wxLIST_STATE_SELECTED) & wxLIST_STATE_SELECTED;
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeBoolean, sizeof( isSelected ), &isSelected );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXIndexAttribute, 0 ) == kCFCompareEqualTo ) {
+                    if (col >= 0) {
+                        return eventNotHandledErr;
+                    }
+                    int theRow = row + 1;
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeInteger, sizeof( theRow ), &theRow );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXVisibleChildrenAttribute, 0 ) == kCFCompareEqualTo ) {
+//TODO: Actually determine which columns are visible
+                    // Create and return an array of AXUIElements describing the children of this view.
+                    CFMutableArrayRef	children;
+                    AXUIElementRef	child;
+                    int                 c, n = pList->GetColumnCount();
+                    
+                    children = CFArrayCreateMutable( kCFAllocatorDefault, n, &kCFTypeArrayCallBacks );
+
+                    if (col >= 0) {
+                        return eventNotHandledErr;
+                    }
+
+                    for ( c = 0; c < n; c++ ) {
+                        // For each column
+                        outIdentifier = makeElementIdentifier(row, c, isHeader);
+                        child = AXUIElementCreateWithHIObjectAndIdentifier( obj, outIdentifier );
+                        CFArrayAppendValue( children, child );
+                        CFRelease( child );
+                    }
+                    
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( children ), &children );
+                    CFRelease( children );
+                    return noErr;
+                
+                } else if ( CFStringCompare( attribute, kAXTitleAttribute, 0 ) == kCFCompareEqualTo ) {
+                    // Return the item's text
+                    wxString        str;
+                    wxListItem      headerItem;
+
+                    if (pEventLog || !isHeader) {
+                        return eventNotHandledErr;
+                    }
+                    
+                    if (col < 0) {
+                        return eventNotHandledErr;
+                    }
+                    
+                    pList->GetColumn(col, headerItem);
+                    str = headerItem.GetText();
+                    
+                    CFStringRef		title = CFStringCreateWithCString(NULL, str.char_str(), kCFStringEncodingUTF8);
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( title ), &title );
+                    CFRelease( title );
+                    return noErr;
+
+                } else {
+                    return eventNotHandledErr;
+                }
+
+            } // End // End if (!( (row < 0) && (col < 0) ))
+        break;
+        }       // End case kEventAccessibleGetNamedAttribute:
+
+#pragma mark kEventAccessibleIsNamedAttributeSettable
+        case kEventAccessibleIsNamedAttributeSettable:
+        {
+            CFStringRef			attribute;
+            Boolean				isSettable = false;
+
+            err = GetEventParameter (inEvent, kEventParamAccessibleAttributeName, 
+                        typeCFStringRef, NULL, sizeof(typeCFStringRef), NULL, &attribute);
+            if (err) return err;
+
+            // The focused attribute is the only settable attribute for this view,
+            // and it can only be set on part (or subelements), not the whole view.
+            if ((row >= 0) || (col >= 0))
+            {
+                if ( CFStringCompare( attribute, kAXFocusedAttribute, 0 ) == kCFCompareEqualTo )
+                {
+                    isSettable = true;
+                }
+            }
+            SetEventParameter( inEvent, kEventParamAccessibleAttributeSettable, typeBoolean, sizeof( Boolean ), &isSettable );
+            return noErr;
+        }
+        break;
+
+#pragma mark kEventAccessibleSetNamedAttribute
+        case kEventAccessibleSetNamedAttribute:
+        {
+            return eventNotHandledErr;
+        }
+        break;
+
+#pragma mark kEventAccessibleGetAllActionNames
+        case kEventAccessibleGetAllActionNames:
+        {
+            CFMutableArrayRef	array;
+
+            err = GetEventParameter (inEvent, kEventParamAccessibleActionNames, 
+                        typeCFMutableArrayRef, NULL, sizeof(typeCFMutableArrayRef), NULL, &array);
+            if (err) return err;
+            
+            if (pEventLog && isHeader) {
+                return noErr;
+            } 
+            
+            if (isHeader && (col >= 0) ) {
+                // Sortable column header
+                CFArrayAppendValue( array, kAXPressAction );
+            }
+            return noErr;
+        }
+        break;
+        
+#pragma mark kEventAccessibleGetNamedActionDescription
+        case kEventAccessibleGetNamedActionDescription:
+        {
+            CFStringRef				action;
+            CFMutableStringRef		desc;
+            CFStringRef				selfDesc = NULL;
+            
+            if ( (row < 0) && (col < 0) ) {
+                return eventNotHandledErr;
+            }
+            
+            err = GetEventParameter (inEvent, kEventParamAccessibleActionName, 
+                        typeCFStringRef, NULL, sizeof(typeCFStringRef), NULL, &action);
+            if (err) return err;
+
+            err = GetEventParameter (inEvent, kEventParamAccessibleActionDescription, 
+                        typeCFMutableStringRef, NULL, sizeof(typeCFMutableStringRef), NULL, &desc);
+            if (err) return err;
+
+             selfDesc = HICopyAccessibilityActionDescription( action );
+
+            CFStringReplaceAll( desc, selfDesc );
+            CFRelease( selfDesc );
+            return noErr;
+        }
+        break;
+    
+#pragma mark kEventAccessiblePerformNamedAction
+        case kEventAccessiblePerformNamedAction:
+        {
+            CFStringRef				action;
+            wxWindowID              id = pList->GetId();
+                
+            if ( (row < 0) && (col < 0) ) {
+                return eventNotHandledErr;
+            }
+                
+            err = GetEventParameter (inEvent, kEventParamAccessibleActionName, 
+                        typeCFStringRef, NULL, sizeof(typeCFStringRef), NULL, &action);
+            if (err) return err;
+            
+            if ( CFStringCompare( action, kAXPressAction, 0 ) != kCFCompareEqualTo ) {
+                return eventNotHandledErr;
+            }
+            if (isHeader) {
+                wxListEvent event(wxEVT_COMMAND_LIST_COL_CLICK, id);
+                event.m_col = col;
+                pList->AddPendingEvent(event);
+            } else {
+                if (pView) {
+                    pView->ClearSelections();
+                }
+                pList->SetItemState(row,  wxLIST_STATE_SELECTED, wxLIST_STATE_SELECTED);
+            }
+            return noErr;
+        }
+        break;
+        
+        default:
+            return eventNotHandledErr;
+    }   // End switch(eventKind)
+    
+    return eventNotHandledErr;
+}
+
+
+pascal OSStatus HTMLListAccessibilityEventHandler( EventHandlerCallRef inHandlerCallRef,
+                                    EventRef inEvent, void* pData) {
+    const UInt32                eventClass = GetEventClass(inEvent);
+    const UInt32                eventKind = GetEventKind(inEvent);
+    CProjectListCtrlAccessible* pProjectListCtrlAccessible = NULL;
+    CProjectListCtrl*           pProjectListCtrl = NULL;
+    CNoticeListCtrlAccessible*  pNoticeListCtrlAccessible = NULL;
+    CNoticeListCtrl*            pNoticeListCtrl = NULL;
+    OSStatus                    err;
+    
+    pProjectListCtrlAccessible = ((HTMLListAccessibilityHandlerData*)pData)->pProjectListCtrlAccessible;
+    pNoticeListCtrlAccessible = ((HTMLListAccessibilityHandlerData*)pData)->pNoticeListCtrlAccessible;
+    if (pProjectListCtrlAccessible != NULL) {
+        pProjectListCtrl = wxDynamicCast(pProjectListCtrlAccessible->GetWindow(), CProjectListCtrl);
+        if (pProjectListCtrl == NULL) {
+            return eventNotHandledErr;
+        }
+    } else {
+        if (pNoticeListCtrlAccessible == NULL) {
+            return eventNotHandledErr;
+        }
+        pNoticeListCtrl = wxDynamicCast(pNoticeListCtrlAccessible->GetWindow(), CNoticeListCtrl);
+        if (pNoticeListCtrl == NULL) {
+            return eventNotHandledErr;
+        }
+    }
+    
+    if (eventClass != kEventClassAccessibility) {
+        return eventNotHandledErr;
+    }
+
+    AXUIElementRef		element;
+    UInt64				inIdentifier = 0;
+    UInt64              outIdentifier = 0;
+    SInt32              row = 0;
+    HIObjectRef         obj = NULL;
+    
+    err = GetEventParameter (inEvent, kEventParamAccessibleObject, 
+                typeCFTypeRef, NULL, sizeof(typeCFTypeRef), NULL, &element);
+    if (err) return err;
+    
+    AXUIElementGetIdentifier( element, &inIdentifier );
+    obj = AXUIElementGetHIObject(element);
+     
+    row = inIdentifier;
+
+    switch (eventKind) {
+#pragma mark kEventAccessibleGetChildAtPoint
+        case kEventAccessibleGetChildAtPoint:
+        {
+            CFTypeRef	child = NULL;
+            HIPoint		where;
+            int         hitRow;
+            
+            // Only the whole view can be tested since the parts don't have sub-parts.
+            if (inIdentifier != 0) {
+                return noErr;
+            }
+
+            err = GetEventParameter (inEvent, kEventParamMouseLocation, 
+                        typeHIPoint, NULL, sizeof(HIPoint), NULL, &where);
+            if (err) return err;
+
+            wxPoint     p((int)where.x, (int)where.y);
+            if (pProjectListCtrlAccessible) {
+                pProjectListCtrl->ScreenToClient(&p.x, &p.y);
+                err = pProjectListCtrlAccessible->HitTest(p, &hitRow, NULL);
+            } else {
+                pNoticeListCtrl->ScreenToClient(&p.x, &p.y);
+                err = pNoticeListCtrlAccessible->HitTest(p, &hitRow, NULL);
+            }
+            
+            if (err) {
+                return eventNotHandledErr;
+            }
+            
+            if (hitRow >= 0) {
+                outIdentifier = hitRow + 1;
+                child = AXUIElementCreateWithHIObjectAndIdentifier(obj, outIdentifier );
+                if (child == NULL) {
+                    return eventNotHandledErr;
+                }
+                
+                err = SetEventParameter (inEvent, kEventParamAccessibleChild, typeCFTypeRef, 
+                                            sizeof(typeCFTypeRef), &child);
+                if (err) {
+                    return eventNotHandledErr;
+                }
+            }
+            
+            return noErr;
+        }
+        break;
+
+#pragma mark kEventAccessibleGetFocusedChild
+        case kEventAccessibleGetFocusedChild:
+            return noErr;
+        break;
+
+#pragma mark kEventAccessibleGetAllAttributeNames
+        case kEventAccessibleGetAllAttributeNames:
+        {
+            CFMutableArrayRef	namesArray;
+
+            err = GetEventParameter (inEvent, kEventParamAccessibleAttributeNames, 
+                    typeCFMutableArrayRef, NULL, sizeof(typeCFMutableArrayRef), NULL, &namesArray);
+            if (err) 
+                return err;
+
+            CallNextEventHandler( inHandlerCallRef, inEvent );
+            
+            if ( inIdentifier == 0 )
+            {
+                // Identifier 0 means "the whole view".
+                // Let accessibility know that this view has children and can
+                // return a list of them.
+                CFArrayAppendValue( namesArray, kAXChildrenAttribute );
+            } else {
+                // Let accessibility know that this view's children can return description,
+                // size, position, parent window, top level element and isFocused attributes.
+                CFArrayAppendValue( namesArray, kAXWindowAttribute );
+                CFArrayAppendValue( namesArray, kAXTopLevelUIElementAttribute );
+                CFArrayAppendValue( namesArray, kAXDescriptionAttribute );
+                CFArrayAppendValue( namesArray, kAXSizeAttribute );
+                CFArrayAppendValue( namesArray, kAXPositionAttribute );
+                CFArrayAppendValue( namesArray, kAXTitleAttribute );
+                CFArrayAppendValue( namesArray, kAXEnabledAttribute );
+            }
+            
+            CFArrayAppendValue( namesArray, kAXFocusedAttribute );
+            CFArrayAppendValue( namesArray, kAXRoleAttribute );
+            CFArrayAppendValue( namesArray, kAXRoleDescriptionAttribute );
+            CFArrayAppendValue( namesArray, kAXParentAttribute );
+
+            return noErr;
+        }
+        break;
+            
+#pragma mark kEventAccessibleGetAllParameterizedAttributeNames
+        case kEventAccessibleGetAllParameterizedAttributeNames:
+        {
+            CFMutableArrayRef	namesArray;
+
+            err = GetEventParameter (inEvent, kEventParamAccessibleAttributeNames, 
+                    typeCFMutableArrayRef, NULL, sizeof(typeCFMutableArrayRef), NULL, &namesArray);
+            if (err) return err;
+
+            return noErr;
+        }
+        break;
+            
+#pragma mark kEventAccessibleGetNamedAttribute
+        case kEventAccessibleGetNamedAttribute:
+        {
+            CFStringRef			attribute;
+
+            err = GetEventParameter (inEvent, kEventParamAccessibleAttributeName, 
+                        typeCFStringRef, NULL, sizeof(typeCFStringRef), NULL, &attribute);
+            if (err) return err;
+
+            if ( CFStringCompare( attribute, kAXFocusedAttribute, 0 ) == kCFCompareEqualTo ) {
+                // Return whether or not this part is focused.
+//TODO: Add kAXFocusedAttribute support?
+                Boolean				focused = false;
+                
+                SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeBoolean, sizeof( focused ), &focused );
+                return noErr;
+                } else if ( CFStringCompare( attribute, kAXSizeAttribute, 0 ) == kCFCompareEqualTo ) {
+                    wxRect          r;
+                    HISize          theSize;
+                    
+                    if (pProjectListCtrlAccessible) {
+                        err = pProjectListCtrlAccessible->GetLocation(r, row);
+                    } else {
+                        err = pNoticeListCtrlAccessible->GetLocation(r, row);
+                    }
+                    if (err) {
+                        return eventNotHandledErr;
+                    }
+
+                    theSize.width = r.width;
+                    theSize.height = r.height;
+                    
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeHISize, sizeof( HISize ), &theSize );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXPositionAttribute, 0 ) == kCFCompareEqualTo ) {
+                    wxRect          r;
+                    HIPoint         pt;
+                    
+                    if (pProjectListCtrlAccessible) {
+                        err = pProjectListCtrlAccessible->GetLocation(r, row);
+                    } else {
+                        err = pNoticeListCtrlAccessible->GetLocation(r, row);
+                    }
+                    if (err) {
+                        return eventNotHandledErr;
+                    }
+                    
+                    pt.x = r.x;
+                    pt.y = r.y;
+
+                    SetEventParameter(inEvent, kEventParamAccessibleAttributeValue, typeHIPoint, sizeof(HIPoint), &pt);
+                    return noErr;
+            }
+
+            if ( inIdentifier == 0 ) {
+                // String compare the incoming attribute name and return the appropriate accessibility
+                // information as an event parameter.
+            
+                if ( CFStringCompare( attribute, kAXChildrenAttribute, 0 ) == kCFCompareEqualTo ) {
+                    // Create and return an array of AXUIElements describing the children of this view.
+                    CFMutableArrayRef	children;
+                    AXUIElementRef		child;
+                    int                 i, n;
+
+                    if (pProjectListCtrlAccessible) {
+                        err = pProjectListCtrlAccessible->GetChildCount(&n);
+                    } else {
+                        err = pNoticeListCtrlAccessible->GetChildCount(&n);
+                    }
+                    children = CFArrayCreateMutable( kCFAllocatorDefault, n, &kCFTypeArrayCallBacks );
+
+                    for ( i = 0; i < n; i++ ) {
+                        outIdentifier = i+1;
+                        child = AXUIElementCreateWithHIObjectAndIdentifier( obj, outIdentifier );
+                        CFArrayAppendValue( children, child );
+                        CFRelease( child );
+                    }
+                    
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( children ), &children );
+                    CFRelease( children );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXRoleAttribute, 0 ) == kCFCompareEqualTo ) {
+                    // Return a string indicating the role of this view. Using the table role doesn't work.
+                    CFStringRef		role = kAXListRole;
+                    
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( role ), &role );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXRoleDescriptionAttribute, 0 ) == kCFCompareEqualTo ) {
+                    // Return a string indicating the role of this part.
+//TODO: specify whether projects or account managers
+                    wxString        str;
+
+                    str = _("list of projects or account managers");
+                    CFStringRef		roleDesc = CFStringCreateWithCString(NULL, str.char_str(), kCFStringEncodingUTF8);
+
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( roleDesc ), &roleDesc );
+                    CFRelease( roleDesc );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXParentAttribute, 0 ) == kCFCompareEqualTo ) {
+                    AXUIElementRef		parent;
+                    HIViewRef           parentView;
+
+                    if (pProjectListCtrlAccessible) {
+                        parentView = HIViewGetSuperview(pProjectListCtrlAccessible->m_listView);
+                    } else {
+                        parentView = HIViewGetSuperview(pNoticeListCtrlAccessible->m_listView);
+                    }
+                    parent = AXUIElementCreateWithHIObjectAndIdentifier((HIObjectRef)parentView, 0);
+                    if (parent == NULL) {
+                        return eventNotHandledErr;
+                    }
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( parent ), &parent );
+                    CFRelease( parent );
+                    return noErr;
+                
+                } else {
+                    return CallNextEventHandler( inHandlerCallRef, inEvent );
+
+                }
+                
+            } else {        // End if ( inIdentifier == 0 )
+            
+                if ( CFStringCompare( attribute, kAXDescriptionAttribute, 0 ) == kCFCompareEqualTo ) {
+                    wxString        str, buf;
+                    int             n;
+                    Boolean         selected = false;
+
+                    if (pProjectListCtrlAccessible) {
+                        err = pProjectListCtrlAccessible->GetChildCount(&n);
+                    } else {
+                        err = pNoticeListCtrlAccessible->GetChildCount(&n);
+                    }
+                    if (err) {
+                        return eventNotHandledErr;
+                    }
+
+                    if (pProjectListCtrl) {
+                        selected = pProjectListCtrl->IsSelected(row - 1);
+                    } else {
+                        selected = pNoticeListCtrl->IsSelected(row - 1);
+                    }
+
+                    if (selected) {
+                        str.Printf(_("selected row %d of %d; "), row, n);
+                    } else {
+                        str.Printf(_("row %d of %d; "), row, n);
+                    }
+
+                    if (pProjectListCtrlAccessible) {
+                        err = pProjectListCtrlAccessible->GetDescription(row, &buf);
+                    } else {
+                        err = pNoticeListCtrlAccessible->GetDescription(row, &buf);
+                    }
+                    if (err) {
+                        return eventNotHandledErr;
+                    }
+                    str += buf;
+                    
+                    CFStringRef		description = CFStringCreateWithCString(NULL, str.char_str(), kCFStringEncodingUTF8);
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( description ), &description );
+                    CFRelease( description );
+                    return noErr;
+                    
+                } else if ( CFStringCompare( attribute, kAXParentAttribute, 0 ) == kCFCompareEqualTo ) {
+                    AXUIElementRef		parent;
+                    HIViewRef           parentView;
+
+                    if (pProjectListCtrlAccessible) {
+                        parentView = pProjectListCtrlAccessible->m_listView;
+                    } else {
+                        parentView = pNoticeListCtrlAccessible->m_listView;
+                    }
+                    parent = AXUIElementCreateWithHIObjectAndIdentifier((HIObjectRef)parentView, 0);
+                    if (parent == NULL) {
+                        return eventNotHandledErr;
+                    }
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( parent ), &parent );
+                    CFRelease( parent );
+                    return noErr;
+                
+                } else if ( CFStringCompare( attribute, kAXSubroleAttribute, 0 ) == kCFCompareEqualTo ) {
+                    return eventNotHandledErr;
+
+                } else if ( CFStringCompare( attribute, kAXRoleAttribute, 0 ) == kCFCompareEqualTo ) {
+                    // Return a string indicating the role of this part. The parts of the view behave like
+                    // buttons, so use that system role.
+
+                    CFStringRef		role = kAXStaticTextRole;       // kAXRowRole;
+
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( role ), &role );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXRoleDescriptionAttribute, 0 ) == kCFCompareEqualTo ) {
+                    // Return a string describing the role of this part. Use the system description.
+                    CFStringRef		roleDesc = HICopyAccessibilityRoleDescription( kAXRowRole, NULL );
+
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( roleDesc ), &roleDesc );
+                    CFRelease( roleDesc );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXWindowAttribute, 0 ) == kCFCompareEqualTo
+                        || CFStringCompare( attribute, kAXTopLevelUIElementAttribute, 0 ) == kCFCompareEqualTo ) {
+                    // Return the window or top level ui element for this part. They are both the same so re-use the code.
+                    AXUIElementRef		windOrTopUI;
+
+                    WindowRef win = GetControlOwner((HIViewRef)obj);
+                    if (win == NULL) {
+                        return eventNotHandledErr;
+                    }
+                    
+                    windOrTopUI = AXUIElementCreateWithHIObjectAndIdentifier( (HIObjectRef)win, 0 );
+                    if (windOrTopUI == NULL) {
+                        return eventNotHandledErr;
+                    }
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( windOrTopUI ), &windOrTopUI );
+                    CFRelease( windOrTopUI );
+                    return noErr;
+
+                } else if ( CFStringCompare( attribute, kAXEnabledAttribute, 0 ) == kCFCompareEqualTo ) {
+                    Boolean				enabled = true;
+                    
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeBoolean, sizeof( enabled ), &enabled );
+                    return noErr;
+                
+//TODO: Add kAXFocusedAttribute support?
+#if 0
+                } else if ( CFStringCompare( attribute, kAXFocusedAttribute, 0 ) == kCFCompareEqualTo ) {
+                    // Return whether or not this part is focused.
+                    Boolean				focused = false;
+                    
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeBoolean, sizeof( focused ), &focused );
+                    return noErr;
+#endif
+
+                } else if ( CFStringCompare( attribute, kAXTitleAttribute, 0 ) == kCFCompareEqualTo ) {
+                    // Return the item's text
+                    wxString        str;
+                    wxListItem      headerItem;
+
+                    if (pProjectListCtrlAccessible) {
+                        pProjectListCtrlAccessible->GetName(row, &str);
+                    } else {
+                        pNoticeListCtrlAccessible->GetName(row, &str);
+                    }
+                    
+                    CFStringRef		title = CFStringCreateWithCString(NULL, str.char_str(), kCFStringEncodingUTF8);
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( title ), &title );
+                    CFRelease( title );
+                    return noErr;
+
+                } else {
+                    return eventNotHandledErr;
+                }
+
+            } // End if ( inIdentifier != 0 )
+        break;
+        }       // End case kEventAccessibleGetNamedAttribute:
+
+#pragma mark kEventAccessibleIsNamedAttributeSettable
+        case kEventAccessibleIsNamedAttributeSettable:
+        {
+            CFStringRef			attribute;
+            Boolean				isSettable = false;
+
+            err = GetEventParameter (inEvent, kEventParamAccessibleAttributeName, 
+                        typeCFStringRef, NULL, sizeof(typeCFStringRef), NULL, &attribute);
+            if (err) return err;
+
+            // The focused attribute is the only settable attribute for this view,
+            // and it can only be set on part (or subelements), not the whole view.
+            if (inIdentifier != 0)
+            {
+                if ( CFStringCompare( attribute, kAXFocusedAttribute, 0 ) == kCFCompareEqualTo )
+                {
+                    isSettable = true;
+                }
+            }
+            SetEventParameter( inEvent, kEventParamAccessibleAttributeSettable, typeBoolean, sizeof( Boolean ), &isSettable );
+            return noErr;
+        }
+        break;
+
+#pragma mark kEventAccessibleSetNamedAttribute
+        case kEventAccessibleSetNamedAttribute:
+        {
+            return eventNotHandledErr;
+        }
+        break;
+
+#pragma mark kEventAccessibleGetAllActionNames
+        case kEventAccessibleGetAllActionNames:
+        {
+            CFMutableArrayRef	array;
+
+            err = GetEventParameter (inEvent, kEventParamAccessibleActionNames, 
+                        typeCFMutableArrayRef, NULL, sizeof(typeCFMutableArrayRef), NULL, &array);
+            if (err) return err;
+            
+            if (inIdentifier != 0) {
+                CFArrayAppendValue( array, kAXPressAction );
+            }
+            return noErr;
+        }
+        break;
+        
+#pragma mark kEventAccessibleGetNamedActionDescription
+        case kEventAccessibleGetNamedActionDescription:
+        {
+            CFStringRef				action;
+            CFMutableStringRef		desc;
+            CFStringRef				selfDesc = NULL;
+            
+            if (inIdentifier == 0) {
+                return eventNotHandledErr;
+            }
+            
+            err = GetEventParameter (inEvent, kEventParamAccessibleActionName, 
+                        typeCFStringRef, NULL, sizeof(typeCFStringRef), NULL, &action);
+            if (err) return err;
+
+            err = GetEventParameter (inEvent, kEventParamAccessibleActionDescription, 
+                        typeCFMutableStringRef, NULL, sizeof(typeCFMutableStringRef), NULL, &desc);
+            if (err) return err;
+
+             selfDesc = HICopyAccessibilityActionDescription( action );
+
+            CFStringReplaceAll( desc, selfDesc );
+            CFRelease( selfDesc );
+            return noErr;
+        }
+        break;
+    
+#pragma mark kEventAccessiblePerformNamedAction
+        case kEventAccessiblePerformNamedAction:
+        {
+            CFStringRef				action;
+                
+            if (inIdentifier == 0) {
+                return eventNotHandledErr;
+            }
+                
+            err = GetEventParameter (inEvent, kEventParamAccessibleActionName, 
+                        typeCFStringRef, NULL, sizeof(typeCFStringRef), NULL, &action);
+            if (err) return err;
+            
+            if ( CFStringCompare( action, kAXPressAction, 0 ) != kCFCompareEqualTo ) {
+                return eventNotHandledErr;
+            }
+            if (pProjectListCtrlAccessible) {
+                err = pProjectListCtrlAccessible->DoDefaultAction(inIdentifier);
+            } else {
+                err = pNoticeListCtrlAccessible->DoDefaultAction(inIdentifier);
+            }
+            if (err) {
+                return eventNotHandledErr;
+            }
+            
+            return noErr;
+        }
+        break;
+        
+        default:
+            return eventNotHandledErr;
+    }   // End switch(eventKind)
+    
+    return eventNotHandledErr;
+}
+
+
+
+pascal OSStatus SimpleAccessibilityEventHandler( EventHandlerCallRef inHandlerCallRef,
+                                    EventRef inEvent, void* pData) {
+    const UInt32                eventClass = GetEventClass(inEvent);
+    const UInt32                eventKind = GetEventKind(inEvent);
+    OSStatus                    err;
+    
+    if (eventClass != kEventClassAccessibility) {
+        return eventNotHandledErr;
+    }
+
+    switch (eventKind) {
+
+#pragma mark kEventAccessibleGetNamedAttribute
+        case kEventAccessibleGetNamedAttribute:
+            CFStringRef			attribute;
+
+            err = GetEventParameter (inEvent, kEventParamAccessibleAttributeName, 
+                        typeCFStringRef, NULL, sizeof(typeCFStringRef), NULL, &attribute);
+            if (err) return err;
+
+            if ( CFStringCompare( attribute, kAXRoleAttribute, 0 ) == kCFCompareEqualTo ) {
+                    CFStringRef		role = kAXStaticTextRole;
+
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( role ), &role );
+                    return noErr;
+            }
+
+        return CallNextEventHandler( inHandlerCallRef, inEvent );
+        return eventNotHandledErr;
+    break;
+
+    
+    default:
+    return CallNextEventHandler( inHandlerCallRef, inEvent );
+
+        return eventNotHandledErr;
+    }
+    
+    return eventNotHandledErr;
+}
+
+
+pascal OSStatus PieCtrlAccessibilityEventHandler( EventHandlerCallRef inHandlerCallRef,
+                                    EventRef inEvent, void* pData) {
+    const UInt32                eventClass = GetEventClass(inEvent);
+    const UInt32                eventKind = GetEventKind(inEvent);
+    OSStatus                    err;
+    wxPieCtrl*                  pPieCtrl = (wxPieCtrl*)pData;
+
+    if (eventClass != kEventClassAccessibility) {
+        return eventNotHandledErr;
+    }
+
+    switch (eventKind) {
+
+#pragma mark kEventAccessibleGetNamedAttribute
+        case kEventAccessibleGetNamedAttribute:
+            CFStringRef			attribute;
+
+            err = GetEventParameter (inEvent, kEventParamAccessibleAttributeName, 
+                        typeCFStringRef, NULL, sizeof(typeCFStringRef), NULL, &attribute);
+            if (err) return err;
+
+            if ( CFStringCompare( attribute, kAXRoleAttribute, 0 ) == kCFCompareEqualTo ) {
+                    CFStringRef		role = kAXStaticTextRole;
+
+                    SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( role ), &role );
+                    return noErr;
+
+            } else if ( CFStringCompare( attribute, kAXDescriptionAttribute, 0 ) == kCFCompareEqualTo ) {
+                // Return a string indicating the role of this part.
+                wxString            str;
+                CFStringRef         description;
+                unsigned int        i;
+                
+                str = pPieCtrl->GetLabel();
+                for(i=0; i<pPieCtrl->m_Series.Count(); i++) {
+                    str += wxT("; ");
+                    str += pPieCtrl->m_Series[i].GetLabel();
+                }
+                
+                description = CFStringCreateWithCString(NULL, str.char_str(), kCFStringEncodingUTF8);
+                SetEventParameter( inEvent, kEventParamAccessibleAttributeValue, typeCFTypeRef, sizeof( description ), &description );
+                CFRelease( description );
+                return noErr;
+            }
+
+        return CallNextEventHandler( inHandlerCallRef, inEvent );
+        return eventNotHandledErr;
+    break;
+
+    
+    default:
+    return CallNextEventHandler( inHandlerCallRef, inEvent );
+
+        return eventNotHandledErr;
+    }
+    
+    return eventNotHandledErr;
+}
+
diff --git a/clientgui/mac/MacAccessiblity.h b/clientgui/mac/MacAccessiblity.h
new file mode 100644
index 0000000..d835d49
--- /dev/null
+++ b/clientgui/mac/MacAccessiblity.h
@@ -0,0 +1,38 @@
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2009 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+//  macAccessiblity.h
+
+#ifndef _MACACCESSIBILITY_H_ 
+#define _MACACCESSIBILITY_H_ 
+
+#include "BOINCBaseView.h"
+#include "DlgEventLog.h"
+#include "wx/generic/listctrl.h"
+
+typedef struct {
+    wxGenericListCtrl*  pList;
+    CBOINCBaseView*     pView;
+    CDlgEventLog*       pEventLog;
+    HIViewRef           headerView;
+    HIViewRef           bodyView;
+    Boolean             snowLeopard;
+} ListAccessData;
+
+void AccessibilityIgnoreAllChildren(HIViewRef parent, int recursionLevel);
+
+#endif
\ No newline at end of file
diff --git a/clientgui/mac/MacBitmapComboBox.cpp b/clientgui/mac/MacBitmapComboBox.cpp
new file mode 100644
index 0000000..5037d1a
--- /dev/null
+++ b/clientgui/mac/MacBitmapComboBox.cpp
@@ -0,0 +1,307 @@
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2008 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+#include "stdwx.h"
+#include "MacBitmapComboBox.h"
+
+#define POPUPBUTTONCONTROLHEIGHT 20
+
+// wxChoice uses CreatePopupButtonControl
+
+const wxChar CBOINCBitmapChoiceNameStr[] = wxT("popup");
+const wxChar CBOINCBitmapComboBoxNameStr[] = wxT("combo");
+
+IMPLEMENT_DYNAMIC_CLASS(CBOINCBitmapChoice, wxChoice)
+
+BEGIN_EVENT_TABLE(CBOINCBitmapChoice, wxChoice)
+    EVT_LEFT_DOWN(CBOINCBitmapChoice::OnMouseDown)
+END_EVENT_TABLE()
+
+CBOINCBitmapChoice::CBOINCBitmapChoice() {}
+
+CBOINCBitmapChoice::CBOINCBitmapChoice(wxWindow *parent, wxWindowID id,
+            const wxString& value, 
+            const wxPoint& pos,
+            const wxSize& size,
+            int n, const wxString choices[],
+            long style,
+            const wxValidator& validator,
+            const wxString& name)
+{
+    Create(parent, id, pos, size, n, choices, style, validator, name);
+
+    if (! value.IsEmpty()) {
+        SetStringSelection(value);
+    }
+}
+
+CBOINCBitmapChoice::~CBOINCBitmapChoice() {
+}
+
+void CBOINCBitmapChoice::SetItemBitmap(unsigned int n, const wxBitmap& bitmap) {
+    MenuHandle mhandle = (MenuHandle) m_macPopUpMenuHandle;
+    unsigned int index = n + 1;
+    
+    if ( mhandle == NULL || index == 0)
+        return ;
+
+    if ( bitmap.Ok() )
+    {
+        CGImageRef imageRef = (CGImageRef)( bitmap.CGImageCreate() ) ;
+        SetMenuItemIconHandle( mhandle , index ,
+                    kMenuCGImageRefType , (Handle) imageRef ) ;
+
+#if 0// wxUSE_BMPBUTTON
+        ControlButtonContentInfo info ;
+        wxMacCreateBitmapButton( &info , bitmap ) ;
+        if ( info.contentType != kControlNoContent )
+        {
+            if ( info.contentType == kControlContentIconRef )
+                SetMenuItemIconHandle( mhandle , index ,
+                    kMenuIconRefType , (Handle) info.u.iconRef ) ;
+            else if ( info.contentType == kControlContentCGImageRef )
+               SetMenuItemIconHandle( mhandle , index ,
+                    kMenuCGImageRefType , (Handle) info.u.imageRef ) ;
+        }
+        wxMacReleaseBitmapButton( &info ) ;
+#endif
+    }
+}
+void CBOINCBitmapChoice::OnMouseDown(wxMouseEvent& event) {
+    wxToolTip::Enable(false);
+    event.Skip();
+}
+
+
+
+
+
+IMPLEMENT_DYNAMIC_CLASS(CBOINCBitmapComboBox, wxPanel)
+
+BEGIN_EVENT_TABLE(CBOINCBitmapComboBox, wxPanel)
+//	EVT_ERASE_BACKGROUND(CBOINCBitmapComboBox::OnEraseBackground)
+    EVT_PAINT(CBOINCBitmapComboBox::OnPaint)
+//    EVT_CHOICE(CBOINCBitmapComboBox::OnSelection)
+END_EVENT_TABLE()
+
+CBOINCBitmapComboBox::CBOINCBitmapComboBox() {}
+
+CBOINCBitmapComboBox::CBOINCBitmapComboBox(wxWindow *parent, wxWindowID id,
+            const wxString& value, 
+            const wxPoint& pos,
+            const wxSize& size,
+            int n, const wxString choices[],
+            long style,
+            const wxValidator& validator,
+            const wxString& name) :
+            wxPanel( parent, id, pos, size, wxCLIP_CHILDREN | wxBORDER_NONE )
+{
+    int i;
+
+    m_ChoiceControl = new CBOINCBitmapChoice(this, id, value, wxDefaultPosition, wxSize(size.x, POPUPBUTTONCONTROLHEIGHT), n, choices, style, validator);
+    m_bHaveLargeBitmaps = (size.y > 0);
+	wxBoxSizer* bSizer1;
+	bSizer1 = new wxBoxSizer( wxVERTICAL );
+    int margin = m_bHaveLargeBitmaps ? (size.y - POPUPBUTTONCONTROLHEIGHT)/2 : 0;
+	bSizer1->Add( m_ChoiceControl, 1, wxTOP | wxBOTTOM | wxEXPAND, margin);
+	this->SetSizer( bSizer1 );
+    Layout();
+    if (m_bHaveLargeBitmaps) {
+        for (i=0; i<n; ++i) {
+            m_BitmapCache.push_back(wxNullBitmap);
+        }
+    }
+        Connect(id, wxEVT_COMMAND_CHOICE_SELECTED,
+        (wxObjectEventFunction) (wxEventFunction) (wxCommandEventFunction) &CBOINCBitmapComboBox::OnSelection
+    );
+
+}
+
+CBOINCBitmapComboBox::~CBOINCBitmapComboBox() {
+    Clear();
+}
+
+void CBOINCBitmapComboBox::SetItemBitmap(unsigned int n, const wxBitmap& bitmap) {
+    unsigned int cacheSize, i;
+
+    if (m_bHaveLargeBitmaps) {
+        cacheSize = m_BitmapCache.size();
+        for (i=cacheSize; i<n; ++i) {
+            m_BitmapCache.push_back(wxNullBitmap);
+        }
+#if 0
+        if (m_BitmapCache.at(n) != NULL) {
+            delete m_BitmapCache.at(n);
+            m_BitmapCache.at(n) = NULL;
+        }
+#endif
+        wxBitmap* bm = new wxBitmap(bitmap);
+        m_BitmapCache.at(n) = *bm;
+        delete bm;
+    }
+    
+    m_ChoiceControl->SetItemBitmap(n, bitmap);
+    if (n == (unsigned int)m_ChoiceControl->GetSelection()) {
+        Refresh();
+    }
+}
+
+
+void CBOINCBitmapComboBox::SetStringSelection(const wxString& text) {
+    m_ChoiceControl->SetStringSelection(text);
+    Refresh();
+}
+
+
+void CBOINCBitmapComboBox::SetSelection(int sel) {
+    m_ChoiceControl->SetSelection(sel);
+    Refresh();
+}
+
+
+int CBOINCBitmapComboBox::Append(const wxString& item, const wxBitmap& bitmap) {
+    if (m_bHaveLargeBitmaps) {
+        m_BitmapCache.push_back(bitmap);
+    }
+    
+    int n = m_ChoiceControl->Append(item);
+    SetItemBitmap(n, bitmap);
+    return n;
+}
+
+
+int CBOINCBitmapComboBox::Append(const wxString& item, const wxBitmap& bitmap, void *clientData) {
+    if (m_bHaveLargeBitmaps) {
+        m_BitmapCache.push_back(bitmap);
+    }
+
+    int n = m_ChoiceControl->Append(item, clientData);
+    SetItemBitmap(n, bitmap);
+    return n;
+}
+
+
+int CBOINCBitmapComboBox::Insert(const wxString& item, const wxBitmap& bitmap, unsigned int pos) {
+    if (m_bHaveLargeBitmaps) {
+        std::vector<wxBitmap>::iterator insertionPoint = m_BitmapCache.begin();
+        wxBitmap* bm = new wxBitmap(bitmap);
+        m_BitmapCache.insert(insertionPoint + pos, *bm);
+        delete bm;
+    }
+    int n = m_ChoiceControl->Insert(item, pos);
+    SetItemBitmap(n, bitmap);
+    return n;
+}
+
+
+int CBOINCBitmapComboBox::Insert(const wxString& item, const wxBitmap& bitmap, unsigned int pos, void *clientData) {
+    if (m_bHaveLargeBitmaps) {
+        std::vector<wxBitmap>::iterator insertionPoint = m_BitmapCache.begin();
+        wxBitmap* bm = new wxBitmap(bitmap);
+        m_BitmapCache.insert(insertionPoint + pos, *bm);
+        delete bm;
+    }
+    
+    int n = m_ChoiceControl->Insert(item, pos, clientData);
+    SetItemBitmap(n, bitmap);
+    return n;
+}
+
+
+void CBOINCBitmapComboBox::Delete(unsigned int n) {
+    if (n < m_ChoiceControl->GetCount()) {
+        if (m_bHaveLargeBitmaps) {
+            std::vector<wxBitmap>::iterator deletionPoint = m_BitmapCache.begin();
+            m_BitmapCache.erase(deletionPoint + n);
+        }
+        
+        m_ChoiceControl->Delete(n);
+        Refresh();
+    }
+}
+
+
+void CBOINCBitmapComboBox::Clear() {
+    m_BitmapCache.clear();
+    int count = GetCount();
+	for(int j = count-1; j >=0; --j) {
+        wxASSERT(!m_ChoiceControl->GetClientData(j));
+        m_ChoiceControl->SetClientData(j, NULL);
+    }
+    m_ChoiceControl->Clear();
+}
+
+
+void CBOINCBitmapComboBox::OnSelection(wxCommandEvent& event) {
+    Refresh();      // To draw the bitmap
+    event.Skip();
+}
+
+
+void CBOINCBitmapComboBox::OnPaint(wxPaintEvent& event) {
+    int x, y;
+	wxPaintDC myDC(this);
+    unsigned int i = GetSelection();
+    if (m_BitmapCache.size() <= i) {
+        return;
+    }
+    
+    wxPen oldPen = myDC.GetPen();
+    wxBrush oldBrush = myDC.GetBrush();
+    int oldMode = myDC.GetBackgroundMode();
+
+    myDC.SetPen(*wxMEDIUM_GREY_PEN);
+    myDC.SetBrush(*wxTRANSPARENT_BRUSH);
+    myDC.SetBackgroundMode(wxSOLID);
+
+    GetSize(&x, &y);
+    if ((m_BitmapCache.at(i)).Ok()) {
+        myDC.DrawBitmap(m_BitmapCache.at(i), 9, 1, false);
+        myDC.DrawRectangle(8, 0, y, y);
+    }
+    
+    // Restore Mode, Pen and Brush 
+    myDC.SetBackgroundMode(oldMode);
+    myDC.SetPen(oldPen);
+    myDC.SetBrush(oldBrush);
+}
+
+
+void CBOINCBitmapComboBox::EmptyBitmapCache() {
+#if 0
+    unsigned int i, cacheSize;
+    
+    cacheSize = m_BitmapCache.size();
+    for (i=0; i<cacheSize; i++) {
+        if (m_BitmapCache.at(i) != NULL) {
+            delete m_BitmapCache.at(i);
+            m_BitmapCache.at(i) = NULL;
+        }
+    }
+#endif
+    m_BitmapCache.clear();
+}
+
+
+void CBOINCBitmapComboBox::SetToolTip(wxString& s) {
+    m_ChoiceControl->SetToolTip(s);
+}
+
+
+void CBOINCBitmapComboBox::SetToolTip(wxToolTip* tip) {
+    m_ChoiceControl->SetToolTip(tip);
+}
diff --git a/clientgui/mac/MacBitmapComboBox.h b/clientgui/mac/MacBitmapComboBox.h
new file mode 100644
index 0000000..4f91118
--- /dev/null
+++ b/clientgui/mac/MacBitmapComboBox.h
@@ -0,0 +1,100 @@
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2008 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+#ifndef __MACBITMAPCOMBOBOX__
+#define __MACBITMAPCOMBOBOX__
+
+#include <wx/choice.h>
+
+WXDLLEXPORT_DATA(extern const wxChar) CBOINCBitmapChoiceNameStr[];
+WXDLLEXPORT_DATA(extern const wxChar) CBOINCBitmapComboBoxNameStr[];
+
+#define EVT_BOINCBITMAPCOMBOBOX EVT_CHOICE
+
+class CBOINCBitmapChoice : public wxChoice 
+{
+    DECLARE_DYNAMIC_CLASS(CBOINCBitmapChoice )
+    DECLARE_EVENT_TABLE()
+
+public:
+    CBOINCBitmapChoice() ;
+
+    virtual ~CBOINCBitmapChoice();
+
+    CBOINCBitmapChoice(wxWindow *parent, wxWindowID id,
+            const wxString& value = wxT(""), 
+            const wxPoint& pos = wxDefaultPosition,
+            const wxSize& size = wxDefaultSize,
+            int n = 0, const wxString choices[] = NULL,
+            long style = 0,
+            const wxValidator& validator = wxDefaultValidator,
+            const wxString& name = CBOINCBitmapChoiceNameStr);
+
+    void OnMouseDown(wxMouseEvent& event);
+    void SetItemBitmap(unsigned int n, const wxBitmap& bitmap);
+};
+
+class CBOINCBitmapComboBox : public wxPanel 
+{
+    DECLARE_DYNAMIC_CLASS( CBOINCBitmapComboBox )
+    DECLARE_EVENT_TABLE()
+
+public:
+    CBOINCBitmapComboBox() ;
+
+    virtual ~CBOINCBitmapComboBox();
+
+    CBOINCBitmapComboBox(wxWindow *parent, wxWindowID id,
+            const wxString& value = wxT(""), 
+            const wxPoint& pos = wxDefaultPosition,
+            const wxSize& size = wxDefaultSize,
+            int n = 0, const wxString choices[] = NULL,
+            long style = 0,
+            const wxValidator& validator = wxDefaultValidator,
+            const wxString& name = CBOINCBitmapComboBoxNameStr);
+
+    void SetItemBitmap(unsigned int n, const wxBitmap& bitmap);
+    void SetStringSelection(const wxString& text);
+    void SetSelection(int sel);
+    int GetCount() { return m_ChoiceControl->GetCount(); }
+    void * GetClientData(unsigned int n) const { return m_ChoiceControl->GetClientData(n); }
+    void SetClientData(unsigned int n, void *data) { m_ChoiceControl->SetClientData(n, data); }
+    int GetSelection() { return m_ChoiceControl->GetCurrentSelection(); }
+    wxString GetValue() { return m_ChoiceControl->GetStringSelection(); }
+    wxString GetString(unsigned int n) const { return m_ChoiceControl->GetString(n); }
+    wxString GetStringSelection() { return m_ChoiceControl->GetStringSelection(); }
+
+    int Append(const wxString& item, const wxBitmap& bitmap);
+    int Append(const wxString& item, const wxBitmap& bitmap, void *clientData);
+    int Insert(const wxString& item, const wxBitmap& bitmap, unsigned int pos);
+    int Insert(const wxString& item, const wxBitmap& bitmap, unsigned int pos, void *clientData);
+    void Delete(unsigned int n);
+    void Clear();
+    void SetToolTip(wxString& s);
+    void SetToolTip(wxToolTip* tip);
+    
+private:
+    void OnPaint(wxPaintEvent& event);
+    void OnSelection(wxCommandEvent& event);
+    void EmptyBitmapCache();
+
+    CBOINCBitmapChoice      *m_ChoiceControl;
+    bool                    m_bHaveLargeBitmaps;
+    std::vector<wxBitmap>   m_BitmapCache;
+};
+
+#endif //__MACBITMAPCOMBOBOX__
diff --git a/clientgui/mac/MacGUI.pch b/clientgui/mac/MacGUI.pch
new file mode 100644
index 0000000..eb470ad
--- /dev/null
+++ b/clientgui/mac/MacGUI.pch
@@ -0,0 +1,90 @@
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2011 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+#ifndef _MACGUI_H_
+#define _MACGUI_H_
+/*
+ *  MacGUI.pch
+ *  BOINCManager precompiled headers file for Mac
+ */
+
+// To use the Development (Debug) build of wxMac (allows stepping into wxMac 
+//   source code, enables debug, trace, Asserts, etc.):
+// (1) Set USE_DEBUG_WXMAC to 1 in this source file
+// (2) In the Project menu, set the Active Build Configuration to "Development"
+// (3) In the Project menu, set the Active Target to "mgr_boinc"
+// (4) In Xcode's main project window, control-click on the title "Groups & Files" at the 
+//      top of the left-hand pane and select "Target Membership" from the contextual menu.
+// (5) In the XCode project's Groups and Files column:
+//      uncheck "External Frameworks and Libraries/libwx_mac_static.a"
+// (6) In the XCode project's Groups and Files column:
+//      check "External Frameworks and Libraries/wxMac-BOINC.xcodeproj/libwx_mac_static.a"
+//
+// This will have no effect on the BOINC Manager Deployment build, which will still 
+//  use the wxMac Deployment build.
+//
+// To use the wxMac Deployment build even in BOINC Manager Development builds, reverse 
+// the above steps (setting USE_DEBUG_WXMAC to 0, etc.)
+
+#define USE_DEBUG_WXMAC 0
+ 
+#define WX_PRECOMP
+
+#define HAVE_SSIZE_T
+
+#include <wx/version.h> // For wxCHECK_VERSION
+
+#define TARGET_CARBON 1
+#define wxUSE_UNICODE 1
+#define HAVE_WCSLEN 1
+
+#include <wchar.h>
+
+#if ((defined(__i386__) || defined(__x86_64__)) && wxCHECK_VERSION(2,8,2))
+// platform.h erroneously #defines __POWERPC__, so we include platform.h first 
+// and then #undef __POWERPC__ before including the other wxMac header files.
+// It's unclear if this affects non-CodeWarrior builds, but do it to be safe.
+#include <wx/platform.h>
+#ifdef __POWERPC__
+#undef __POWERPC__
+#endif
+#endif
+
+#if (defined(_DEBUG) && (! USE_DEBUG_WXMAC))
+
+#undef _DEBUG       // so we can link with Deployment Wx libs
+#undef __WXDEBUG__
+
+#include "stdwx.h"
+
+#define  _DEBUG     // Redefine _DEBUG for the rest of the code
+#define __WXDEBUG__
+
+#else   // ! (defined(_DEBUG) && (! USE_DEBUG_WXMAC))
+
+#include "stdwx.h"
+
+#endif  // ! (defined(_DEBUG) && (! USE_DEBUG_WXMAC))
+
+#include "config.h"
+
+// Prototypes for Mac_GUI.cpp
+Boolean Mac_Authorize(void);
+void MacLocalizeBOINCMenu();
+Boolean IsWindowOnScreen(int iLeft, int iTop, int iWidth, int iHeight);
+
+#endif
diff --git a/clientgui/mac/MacSysMenu.cpp b/clientgui/mac/MacSysMenu.cpp
new file mode 100644
index 0000000..b4c6b41
--- /dev/null
+++ b/clientgui/mac/MacSysMenu.cpp
@@ -0,0 +1,453 @@
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2008 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+#if defined(__GNUG__) && !defined(__APPLE__)
+#pragma implementation "MacSysMenu.h"
+#endif
+
+#include "stdwx.h"
+#include "BOINCGUIApp.h"
+#include "BOINCBaseFrame.h"
+#include "MainDocument.h"
+#include "MacSysMenu.h"
+#include "DlgAbout.h"
+#include "Events.h"
+#include "miofile.h"
+#include "SkinManager.h"
+
+pascal OSStatus SysMenuEventHandler( EventHandlerCallRef inHandlerCallRef,
+                                    EventRef inEvent, void* pData);
+
+    EventTypeSpec myEvents[] = { {kEventClassCommand, kEventCommandProcess},
+                                    { kEventClassApplication, kEventAppHidden},
+                                    { kEventClassApplication, kEventAppShown},
+                                    {kEventClassMenu, kEventMenuOpening} };
+
+
+#if wxCHECK_VERSION(2,8,0)
+
+// Class declarations copied from wxMac-2.8.0/src/mac/carbon/taskbar.cpp
+// We had to copy these because they are not in a header file.
+
+class wxTaskBarIconImpl
+{
+public:
+    wxTaskBarIconImpl(wxTaskBarIcon* parent);
+    virtual ~wxTaskBarIconImpl();
+
+    virtual bool IsIconInstalled() const = 0;
+    virtual bool SetIcon(const wxIcon& icon) = 0;
+    virtual bool RemoveIcon() = 0;
+    virtual bool PopupMenu(wxMenu *menu) = 0;
+
+    wxMenu * CreatePopupMenu()
+    { return m_parent->CreatePopupMenu(); }
+
+    wxTaskBarIcon *m_parent;
+    class wxTaskBarIconWindow *m_menuEventWindow;
+
+    DECLARE_NO_COPY_CLASS(wxTaskBarIconImpl)
+};
+
+//-----------------------------------------------------------------------------
+//
+//  wxTaskBarIconWindow
+//
+//  Event handler for menus
+//  NB: Since wxWindows in Mac HAVE to have parents we need this to be
+//  a top level window...
+//-----------------------------------------------------------------------------
+
+class wxTaskBarIconWindow : public wxTopLevelWindow
+{
+public:
+    wxTaskBarIconWindow(wxTaskBarIconImpl *impl)
+        : wxTopLevelWindow(NULL, wxID_ANY, wxEmptyString), m_impl(impl)
+    {
+        Connect(
+            -1, wxEVT_COMMAND_MENU_SELECTED,
+            wxCommandEventHandler(wxTaskBarIconWindow::OnMenuEvent) );
+    }
+
+    void OnMenuEvent(wxCommandEvent& event)
+    {
+        m_impl->m_parent->ProcessEvent(event);
+    }
+
+private:
+    wxTaskBarIconImpl *m_impl;
+};
+
+class wxDockTaskBarIcon : public wxTaskBarIconImpl
+{
+public:
+    wxDockTaskBarIcon(wxTaskBarIcon* parent);
+    virtual ~wxDockTaskBarIcon();
+
+    virtual bool IsIconInstalled() const;
+    virtual bool SetIcon(const wxIcon& icon);
+    virtual bool RemoveIcon();
+    virtual bool PopupMenu(wxMenu *menu);
+
+    wxMenu* DoCreatePopupMenu();
+
+    EventHandlerRef     m_eventHandlerRef;
+    EventHandlerUPP     m_eventupp;
+    wxWindow           *m_eventWindow;
+    wxMenu             *m_pMenu;
+    MenuRef             m_theLastMenu;
+    bool                m_iconAdded;
+};
+
+#endif
+
+
+CMacSystemMenu::CMacSystemMenu(wxString title, wxIcon* icon, wxIcon* iconDisconnected, wxIcon* iconSnooze)
+                                : CTaskBarIcon(title, icon, iconDisconnected, iconSnooze) {
+     CFBundleRef	SysMenuBundle	= NULL;
+
+    m_bOpeningAboutDlg = false;
+    m_bNeedRebuildMenu = false;
+    
+    LoadPrivateFrameworkBundle( CFSTR("SystemMenu.bundle"), &SysMenuBundle );
+    if ( SysMenuBundle != NULL )
+    {
+        SetUpSystemMenu = (SetUpSystemMenuProc) 
+                            CFBundleGetFunctionPointerForName( SysMenuBundle, CFSTR("SetUpSystemMenu") );
+        SetSystemMenuIcon = (SetSystemMenuIconProc) 
+                            CFBundleGetFunctionPointerForName( SysMenuBundle, CFSTR("SetSystemMenuIcon") );
+        
+        BuildMenu();
+
+        // The base class wxTaskBarIcon will install the wxDockEventHandler for 
+        // each instance of the derived classes CTaskBarIcon and CMacSystemMenu.
+        // We remove that handler and substitute our own.
+#if wxCHECK_VERSION(2,8,0)
+        RemoveEventHandler((EventHandlerRef&)(((wxDockTaskBarIcon*)m_impl)->m_eventHandlerRef));
+        
+        InstallApplicationEventHandler(NewEventHandlerUPP(SysMenuEventHandler), 
+                                sizeof(myEvents) / sizeof(EventTypeSpec), myEvents, 
+                                                        this, (EventHandlerRef*)&(((wxDockTaskBarIcon*)m_impl)->m_eventHandlerRef)); 
+#else
+        RemoveEventHandler((EventHandlerRef&)m_pEventHandlerRef);
+
+        InstallApplicationEventHandler(NewEventHandlerUPP(SysMenuEventHandler), 
+                                sizeof(myEvents) / sizeof(EventTypeSpec), myEvents, 
+                                                        this, (EventHandlerRef*)&m_pEventHandlerRef); 
+#endif
+    }
+}
+
+
+CMacSystemMenu::~CMacSystemMenu() {
+    // Remove the System Menu (StatusItem) from menu bar
+    if (SetSystemMenuIcon != NULL )
+        SetSystemMenuIcon(NULL);
+}
+
+
+// Set the System Menu Icon from XPM data
+bool CMacSystemMenu::SetMacMenuIcon(const wxIcon& icon) {
+    wxBitmap theBits;
+
+    // For unknown reasons, menus won't work if we call BuildMenu() directly 
+    // from CTaskBarIcon::OnReloadSkin(), so it sets a flag to call it here
+    if (m_bNeedRebuildMenu) {
+        CMainDocument*     pDoc = wxGetApp().GetDocument();
+        wxASSERT(pDoc);
+        wxASSERT(wxDynamicCast(pDoc, CMainDocument));
+        if (pDoc->IsConnected() && m_bNeedRebuildMenu) {
+            // For unknown reasons, Menubar Icon menu doesn't work without this
+            BuildMenu();
+        }
+    }
+    m_bNeedRebuildMenu = false;
+    
+    theBits.CopyFromIcon(icon);
+    CGImageRef imageRef = (CGImageRef)theBits.CGImageCreate();
+    if ( (SetSystemMenuIcon != NULL) && (imageRef != NULL) ) { 
+        SetSystemMenuIcon(imageRef);
+        CGImageRelease( imageRef );
+        return true;
+    }
+    
+    if(imageRef != NULL) CGImageRelease( imageRef );
+                
+    return false;
+}
+
+
+void CMacSystemMenu::BuildMenu() {
+    wxBitmap theBits;
+    wxMenu *themenu;
+    CSkinAdvanced* pSkinAdvanced = wxGetApp().GetSkinManager()->GetAdvanced();
+
+    wxASSERT(pSkinAdvanced);
+    wxASSERT(wxDynamicCast(pSkinAdvanced, CSkinAdvanced));
+
+    m_iconTaskBarNormal = *pSkinAdvanced->GetApplicationIcon();
+    m_iconTaskBarDisconnected = *pSkinAdvanced->GetApplicationDisconnectedIcon();
+    m_iconTaskBarSnooze = *pSkinAdvanced->GetApplicationSnoozeIcon();
+
+    theBits.CopyFromIcon(m_iconTaskBarNormal);
+    CGImageRef imageRef = (CGImageRef)theBits.CGImageCreate();                
+    if ( (SetUpSystemMenu != NULL ) && (imageRef != NULL) ) {
+        // Currently, the system menu is the same as the Dock menu with the addition of 
+        // the Quit menu item.  If in the future you wish to make the system menu different 
+        // from the Dock menu, override CTaskBarIcon::BuildContextMenu() and 
+        // CTaskBarIcon::AdjustMenuItems().
+#if wxCHECK_VERSION(2,8,0)
+        delete ((wxDockTaskBarIcon*)m_impl)->m_pMenu;
+        ((wxDockTaskBarIcon*)m_impl)->m_pMenu = BuildContextMenu();
+        themenu = ((wxDockTaskBarIcon*)m_impl)->m_pMenu;
+#else
+        delete m_pMenu;
+        m_pMenu = BuildContextMenu();
+        themenu = m_pMenu;
+#endif
+
+        // These should appear in the Mac System Menu but not the Dock
+        themenu->AppendSeparator();
+        themenu->Append( wxID_EXIT, _("E&xit"), wxEmptyString );
+        
+        themenu->SetEventHandler(this);
+
+        SetUpSystemMenu((MenuRef)(themenu->GetHMenu()), imageRef);
+    }
+    if(imageRef != NULL) CGImageRelease( imageRef );
+}
+
+
+#if wxCHECK_VERSION(2,8,0)
+
+wxMenu* CMacSystemMenu::GetCurrentMenu() {
+    return ((wxDockTaskBarIcon*)m_impl)->m_pMenu;
+}
+
+#endif
+
+
+//	Utility routine to load a bundle from the application's Frameworks folder.
+//	i.e. : "BOINC.app/Contents/Frameworks/SystemMenu.bundle"
+void CMacSystemMenu::LoadPrivateFrameworkBundle( CFStringRef framework, CFBundleRef *bundlePtr ) {
+	CFURLRef	baseURL			= NULL;
+	CFURLRef	bundleURL		= NULL;
+	CFBundleRef	myAppsBundle	= NULL;
+
+	if ( bundlePtr == NULL )	goto Bail;
+	*bundlePtr = NULL;
+	
+	myAppsBundle	= CFBundleGetMainBundle();					//	Get our application's main bundle from Core Foundation
+	if ( myAppsBundle == NULL )	goto Bail;
+	
+	baseURL	= CFBundleCopyPrivateFrameworksURL( myAppsBundle );
+	if ( baseURL == NULL )	goto Bail;
+
+	bundleURL = CFURLCreateCopyAppendingPathComponent( kCFAllocatorSystemDefault, baseURL, framework, false );
+	if ( bundleURL == NULL )	goto Bail;
+
+	*bundlePtr = CFBundleCreate( kCFAllocatorSystemDefault, bundleURL );
+	if ( *bundlePtr == NULL )	goto Bail;
+
+	if ( ! CFBundleLoadExecutable( *bundlePtr ) )
+	{
+		CFRelease( *bundlePtr );
+		*bundlePtr	= NULL;
+	}
+
+Bail:															// Clean up.
+	if ( bundleURL != NULL )	CFRelease( bundleURL );
+	if ( baseURL != NULL )		CFRelease( baseURL );
+}
+
+
+pascal OSStatus SysMenuEventHandler( EventHandlerCallRef inHandlerCallRef,
+                                    EventRef inEvent, void* pData) {
+    HICommand command;
+    MenuRef baseMenuRef, sysMenuRef;
+    Str255 theMenuTitle;
+    short i, n, m;
+    CharParameter markChar;
+    const UInt32 eventClass = GetEventClass(inEvent);
+    const UInt32 eventKind = GetEventKind(inEvent);
+    CMacSystemMenu* pMSM;
+    wxMenu* baseMenu;
+    MenuCommand commandID;
+    MenuItemIndex menuItemIndex;
+    wxMenuItem* item = NULL;
+    OSStatus err;
+
+    switch (eventClass) {
+        case kEventClassCommand:
+            if (eventKind != kEventCommandProcess)
+                return eventNotHandledErr;
+            
+            GetEventParameter (inEvent, kEventParamDirectObject, 
+                                    typeHICommand, NULL, sizeof(HICommand), NULL, &command);
+
+            commandID = command.commandID;
+            if (commandID == 0)
+                return eventNotHandledErr;
+
+             pMSM = wxGetApp().GetMacSystemMenu();
+             if (!pMSM) break;
+                
+           // wxMac "helpfully" converts wxID_ABOUT to kHICommandAbout, wxID_EXIT to kHICommandQuit, 
+            //  wxID_PREFERENCES to kHICommandPreferences
+            switch (commandID) {
+            case kHICommandAbout:
+                commandID = wxID_ABOUT;
+                break;
+            case kHICommandPreferences:
+                {
+                    CBOINCBaseFrame* pFrame = wxGetApp().GetFrame();
+                    wxCommandEvent evt(wxEVT_COMMAND_MENU_SELECTED, ID_PREFERENCES);
+                    pFrame->AddPendingEvent(evt);
+                    return noErr ;
+                }
+            case kHICommandQuit:
+                if (wxGetApp().ConfirmExit()) {
+                    commandID = wxID_EXIT;
+                } else {
+                    commandID = 0;
+                    return noErr;
+                }
+                break;
+            }
+                
+            if (commandID == wxID_ABOUT)
+                pMSM->SetOpeningAboutDlg(true);
+                
+            // If not our system menu, pass event on to next event handler
+           if (command.menu.menuRef != (MenuRef)'BNC!') {           // Used only in OS 10.5
+                if (PLstrcmp("\pBOINC!", (GetMenuTitle((command.menu.menuRef), theMenuTitle) ))) {
+                    return eventNotHandledErr;
+                }
+            }
+            
+            // The following code is adapted from wxTaskBarIcon's wxDockEventHandler().
+            // Work with our base menu instead of the cloned System Menu
+            baseMenu = (pMSM->GetCurrentMenu());
+            baseMenuRef = (MenuRef)(baseMenu->GetHMenu());
+        
+            err = GetIndMenuItemWithCommandID(baseMenuRef, command.commandID, 1, NULL, &menuItemIndex);
+            if (err)
+                return eventNotHandledErr;  // Command not found in our menu
+                
+            GetMenuItemRefCon( baseMenuRef, menuItemIndex, (UInt32*) &item ) ;
+
+            if ( item )
+            {
+                if (item->IsCheckable())
+                    item->Check( !item->IsChecked() );
+
+                item->GetMenu()->SendEvent( commandID , item->IsCheckable() ? item->IsChecked() : -1 );
+                
+                // Under wxWidgets 2.8.0, the task bar icons must be deleted for app to 
+                // exit its main loop
+                // Note that if the main window is open, CBOINCBaseFrame::OnExit() will be 
+                // called and SysMenuEventHandler() (i.e., this code) will not be called.
+                if (commandID == wxID_EXIT) {
+                    wxGetApp().DeleteMacSystemMenu();
+                    wxGetApp().DeleteTaskBarIcon();
+                }
+                return noErr ;
+            }
+
+            return eventNotHandledErr;
+
+        case kEventClassMenu:
+            if (eventKind != kEventMenuOpening)
+                return eventNotHandledErr;
+
+            GetEventParameter (inEvent, kEventParamDirectObject, 
+                        typeMenuRef, NULL, sizeof(sysMenuRef), NULL, &sysMenuRef);
+
+            // If not our system menu, pass event on to next event handler
+            if (PLstrcmp("\pBOINC!", (GetMenuTitle((sysMenuRef), theMenuTitle) )))
+                return eventNotHandledErr;
+
+            pMSM = wxGetApp().GetMacSystemMenu();
+            baseMenu = (pMSM->GetCurrentMenu());
+            pMSM->AdjustMenuItems(baseMenu);
+            
+            // Copy checkmark and enabled status of each item from Dock menu
+            baseMenuRef = (MenuRef)(baseMenu->GetHMenu());
+            n = CountMenuItems(sysMenuRef);
+            m = CountMenuItems(baseMenuRef);
+            if (m < n)
+                n = m;
+            for (i=1; i<=n; i++)
+            {
+                GetMenuItemCommandID(baseMenuRef, i, &commandID);
+                SetMenuItemCommandID(sysMenuRef, i, commandID);
+                GetMenuItemText(baseMenuRef, i, theMenuTitle);
+                SetMenuItemText(sysMenuRef, i, theMenuTitle);
+                GetItemMark(baseMenuRef, i, &markChar);
+                SetItemMark(sysMenuRef, i, markChar);
+                if( IsMenuItemEnabled(baseMenuRef, i) )
+                    EnableMenuItem(sysMenuRef, i);
+                else
+                    DisableMenuItem(sysMenuRef, i);
+            }
+
+            return noErr;
+
+        // Event handling to open or close our main window when applicaiton 
+        // is shown or hidden.  This probably should go in BOINCGUIApp.cpp 
+        // or MainFrame.cpp, but it is more eficient to put it here since 
+        // we already have this Mac Event Handler installed.
+        case kEventClassApplication:
+            CBOINCBaseFrame* pFrame = wxGetApp().GetFrame();
+            pMSM = wxGetApp().GetMacSystemMenu();
+            switch (eventKind) {
+                case kEventAppHidden:
+                    if (pFrame)
+                        pFrame->Hide();
+                        pMSM->SetOpeningAboutDlg(false);
+                    break;
+
+                case kEventAppShown:
+                    // Don't open main window if "About" Dialog from task bar menu. 
+                    if (pMSM->IsOpeningAboutDlg()) {
+                        pMSM->SetOpeningAboutDlg(false);
+                        break;
+                    }
+                    if (ActiveNonFloatingWindow())  // Prevent infinite loop
+                        break;
+                    if (pFrame) {
+                        pFrame->Show();
+                        pFrame->SendSizeEvent();
+                    }
+                    // If a modal dialog was open, make sure it remains in front
+                    WindowRef win = GetWindowList();
+                    WindowModality modality = kWindowModalityNone;
+                    while (win) {
+                        GetWindowModality(win, &modality, NULL);
+                        if (modality == kWindowModalityAppModal)
+                            BringToFront(win);
+                        win = GetNextWindow(win);
+                    }
+                    break;
+            }
+            
+            return eventNotHandledErr;
+            
+    }   // End switch (eventClass)
+    
+    return eventNotHandledErr;
+}
diff --git a/clientgui/mac/MacSysMenu.h b/clientgui/mac/MacSysMenu.h
new file mode 100644
index 0000000..12fe479
--- /dev/null
+++ b/clientgui/mac/MacSysMenu.h
@@ -0,0 +1,62 @@
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2008 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+#ifndef _MACSYSMENU_H_
+#define _MACSYSMENU_H_
+
+#if defined(__GNUG__) && !defined(__APPLE__)
+#pragma interface "MacSysMenu.cpp"
+#endif
+
+#include <Carbon/Carbon.h>
+
+#include "BOINCTaskBar.h"
+
+class CMacSystemMenu : public CTaskBarIcon
+{
+public:
+    CMacSystemMenu(wxString title, wxIcon* icon, wxIcon* iconDisconnected, wxIcon* iconSnooze);
+    ~CMacSystemMenu();
+
+    bool SetMacMenuIcon(const wxIcon& icon);
+
+    void LoadPrivateFrameworkBundle( CFStringRef framework, CFBundleRef *bundlePtr );
+    //	Function pointer prototypes to the Mach-O Cocoa wrappers
+    typedef void	(*SetUpSystemMenuProc)(MenuRef menuToCopy, CGImageRef theIcon);
+    typedef void	(*SetSystemMenuIconProc)(CGImageRef theIcon);
+
+    SetUpSystemMenuProc         SetUpSystemMenu;
+    SetSystemMenuIconProc       SetSystemMenuIcon;
+    
+    bool                        IsOpeningAboutDlg() { return m_bOpeningAboutDlg; }
+    void                        SetOpeningAboutDlg(bool b) { m_bOpeningAboutDlg = b; }
+    void                        SetNeedToRebuildMenu() { m_bNeedRebuildMenu = true; }
+    void                        BuildMenu(void);
+#if wxCHECK_VERSION(2,8,0)
+    wxMenu                      *GetCurrentMenu();
+#endif
+
+private:
+    
+    bool                        m_bOpeningAboutDlg;
+    bool                        m_bNeedRebuildMenu;
+
+};
+
+
+#endif
+
diff --git a/clientgui/mac/Mac_GUI.cpp b/clientgui/mac/Mac_GUI.cpp
new file mode 100644
index 0000000..e867d8b
--- /dev/null
+++ b/clientgui/mac/Mac_GUI.cpp
@@ -0,0 +1,236 @@
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2011 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+//  Mac_GUI.cpp
+
+#include <Security/Authorization.h>
+#include <Security/AuthorizationTags.h>
+
+#include <unistd.h>
+#include "sandbox.h"
+#include "miofile.h"
+#include "BOINCGUIApp.h"
+#include "SkinManager.h"
+
+using std::min;
+using std::max;
+
+
+// Determine if the currently logged-in user is auhorized to 
+// perform operations which have potential security risks.  
+// An example is "Attach to Project", where a dishonest user might
+// attach to a rogue project which could then read private files 
+// belonging to the user who owns the BOINC application.  This 
+// would be possible because the BOINC Manager runs with the 
+// effectve user ID of its owner on the Mac.
+
+Boolean Mac_Authorize()
+{
+    static Boolean      sIsAuthorized = false;
+    AuthorizationRef	ourAuthRef = NULL;
+    AuthorizationRights	ourAuthRights;
+    AuthorizationFlags	ourAuthFlags;
+    AuthorizationItem	ourAuthItem[1];
+    OSStatus		err = noErr;
+    
+    if (sIsAuthorized)
+        return true;
+        
+    // User is not the owner, so require admin authentication
+    ourAuthItem[0].name = kAuthorizationRightExecute;
+    ourAuthItem[0].value = NULL;
+    ourAuthItem[0].valueLength = 0;
+    ourAuthItem[0].flags = 0;
+
+    ourAuthRights.count = 1;
+    ourAuthRights.items = ourAuthItem;
+    
+    ourAuthFlags = kAuthorizationFlagInteractionAllowed | kAuthorizationFlagExtendRights;
+
+    err = AuthorizationCreate (&ourAuthRights, kAuthorizationEmptyEnvironment, ourAuthFlags, &ourAuthRef);
+
+    if (err == noErr) {
+        sIsAuthorized = true;
+        // We have authenticated user's credentials; we won't actually use the 
+        // privileges / rights so destroy / discard them.
+        err = AuthorizationFree(ourAuthRef, kAuthorizationFlagDestroyRights);
+    }
+        
+    return sIsAuthorized;
+}
+
+
+// Localize the items in the Mac's BOINC menu
+void MacLocalizeBOINCMenu() {
+    MenuRef BOINCMenu;
+    MenuItemIndex itemIndex;
+    wxString originalText = wxEmptyString;
+    char originalCharStr[1024];
+    CFStringRef localizedText;
+    CFStringRef menuItemString;
+    OSStatus err;
+    UInt16 count;
+    CSkinAdvanced*     pSkinAdvanced = wxGetApp().GetSkinManager()->GetAdvanced();
+    wxASSERT(pSkinAdvanced);
+    
+    const wxChar *shortName = pSkinAdvanced->GetApplicationShortName().c_str();
+    if (!shortName) return;     // Should never happen
+    
+    err = GetIndMenuItemWithCommandID(NULL, kHICommandAbout, 1, &BOINCMenu, &itemIndex);
+    if (!err) {
+        originalText.Printf(_("About %s"), shortName);
+        strlcpy(originalCharStr, originalText.utf8_str(), sizeof(originalCharStr));
+        if (originalCharStr[0]) {
+            localizedText = CFStringCreateWithCString(NULL, originalCharStr, kCFStringEncodingUTF8);
+            if (localizedText) {
+                SetMenuItemTextWithCFString(BOINCMenu, itemIndex, localizedText);
+                CFRelease( localizedText );
+            }
+        }
+    }
+    
+    originalText.Clear();
+    err = GetIndMenuItemWithCommandID(NULL, kHICommandPreferences, 1, &BOINCMenu, &itemIndex);
+    if (!err) {
+        originalText = _("Preferences…");
+        strlcpy(originalCharStr, originalText.utf8_str(), sizeof(originalCharStr));
+        if (originalCharStr[0]) {
+            localizedText = CFStringCreateWithCString(NULL, originalCharStr, kCFStringEncodingUTF8);
+            if (localizedText) {
+                SetMenuItemTextWithCFString(BOINCMenu, itemIndex, localizedText);
+                CFRelease( localizedText );
+            }
+        }
+    }
+    
+    originalText.Clear();
+    originalText = _("Services");
+        strlcpy(originalCharStr, originalText.utf8_str(), sizeof(originalCharStr));
+        if (originalCharStr[0]) {
+        localizedText = CFStringCreateWithCString(NULL, originalCharStr, kCFStringEncodingUTF8);
+        count = CountMenuItems(BOINCMenu);
+        if (localizedText) {
+            for (itemIndex=1; itemIndex<=count; ++itemIndex) {
+                err = CopyMenuItemTextAsCFString(BOINCMenu, itemIndex, &menuItemString);
+                if (err == noErr) {
+                    if (CFStringCompare(menuItemString, CFSTR("Services"), 0) == kCFCompareEqualTo) {
+                        SetMenuItemTextWithCFString(BOINCMenu, itemIndex, localizedText);
+                        break;
+                    }
+                }
+            }
+            CFRelease( localizedText );
+        }
+    }
+    
+    originalText.Clear();
+    err = GetIndMenuItemWithCommandID(NULL, kHICommandHide, 1, &BOINCMenu, &itemIndex);
+    if (!err) {
+        originalText.Printf(_("Hide %s"), shortName);
+        strlcpy(originalCharStr, originalText.utf8_str(), sizeof(originalCharStr));
+        if (originalCharStr[0]) {
+            localizedText = CFStringCreateWithCString(NULL, originalCharStr, kCFStringEncodingUTF8);
+            if (localizedText) {
+                SetMenuItemTextWithCFString(BOINCMenu, itemIndex, localizedText);
+                CFRelease( localizedText );
+            }
+        }
+    }
+
+    originalText.Clear();
+    err = GetIndMenuItemWithCommandID(NULL, kHICommandHideOthers, 1, &BOINCMenu, &itemIndex);
+    if (!err) {
+        originalText = _("Hide Others");
+        strlcpy(originalCharStr, originalText.utf8_str(), sizeof(originalCharStr));
+        if (originalCharStr[0]) {
+            localizedText = CFStringCreateWithCString(NULL, originalCharStr, kCFStringEncodingUTF8);
+            if (localizedText) {
+                SetMenuItemTextWithCFString(BOINCMenu, itemIndex, localizedText);
+                CFRelease( localizedText );
+            }
+        }
+    }
+    
+    originalText.Clear();
+    err = GetIndMenuItemWithCommandID(NULL, kHICommandShowAll, 1, &BOINCMenu, &itemIndex);
+    if (!err) {
+        originalText = _("Show All");
+        strlcpy(originalCharStr, originalText.utf8_str(), sizeof(originalCharStr));
+        if (originalCharStr[0]) {
+            localizedText = CFStringCreateWithCString(NULL, originalCharStr, kCFStringEncodingUTF8);
+            if (localizedText) {
+                SetMenuItemTextWithCFString(BOINCMenu, itemIndex, localizedText);
+                CFRelease( localizedText );
+            }
+        }
+    }
+    
+    originalText.Clear();
+    err = GetIndMenuItemWithCommandID(NULL, kHICommandQuit, 1, &BOINCMenu, &itemIndex);
+    if (!err) {
+        originalText.Printf(_("Quit %s"), shortName);
+        strlcpy(originalCharStr, originalText.utf8_str(), sizeof(originalCharStr));
+        if (originalCharStr[0]) {
+            localizedText = CFStringCreateWithCString(NULL, originalCharStr, kCFStringEncodingUTF8);
+            if (localizedText) {
+                SetMenuItemTextWithCFString(BOINCMenu, itemIndex, localizedText);
+                CFRelease( localizedText );
+            }
+        }
+    }
+}
+
+
+#define MAX_DISPLAYS 32
+
+// Returns true if at least a 5 X 5 pixel area of the 
+// window's title bar is entirely on the displays
+// Note: Arguments are Quickdraw-style coordinates, 
+// but CGDisplayBounds() sets top left corner as (0, 0)
+Boolean IsWindowOnScreen(int iLeft, int iTop, int iWidth, int iHeight) {
+    CGDirectDisplayID displays[MAX_DISPLAYS];
+    CGDisplayCount numDisplays;
+    CGDisplayCount i;
+    CGRect displayRect, intersectedRect;
+    CGFloat mBarHeight = GetMBarHeight();
+
+    CGRect titleRect = CGRectMake(iLeft, iTop, iWidth, 22);
+    // Make sure at least a 5X5 piece of title bar is visible
+    titleRect = CGRectInset(titleRect, 5, 5);   
+
+    CGGetActiveDisplayList (MAX_DISPLAYS, displays, &numDisplays);
+ 
+    // The geometries of windows and display arangements are such
+    // that even if the title bar spans multiple windows, a 5X5
+    // section is on-screen only if at least one 5X5 section is
+    // entirely on one or more displays, so this test is sufficient.
+    for (i = 0; i < numDisplays; i++)
+    {
+        displayRect = CGDisplayBounds(displays[i]);
+        if (i == 0) {   // CGDisplayBounds returns main display first
+            displayRect.origin.y += mBarHeight;
+            displayRect.size.height -= mBarHeight;
+        }
+    
+        intersectedRect = CGRectIntersection(displayRect, titleRect);
+        if (! CGRectIsNull(intersectedRect)) {
+            return true;
+        }
+    }
+
+    return false;
+}
diff --git a/clientgui/mac/ProgThruProc.tiff b/clientgui/mac/ProgThruProc.tiff
new file mode 100644
index 0000000..e1ec44c
Binary files /dev/null and b/clientgui/mac/ProgThruProc.tiff differ
diff --git a/clientgui/mac/SecurityUtility.cpp b/clientgui/mac/SecurityUtility.cpp
new file mode 100644
index 0000000..c0c586a
--- /dev/null
+++ b/clientgui/mac/SecurityUtility.cpp
@@ -0,0 +1,53 @@
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2008 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+//  SecurityUtility.cpp
+
+#include <sys/param.h>  // for MAXPATHLEN
+#include <unistd.h>     // for getwd, getlogin
+
+#include <Carbon/Carbon.h>
+
+#include "SetupSecurity.h"
+
+// Standalone utility to set up BOINC security owners, groups, permissions
+
+int main(int argc, char *argv[]) {
+    OSStatus            err;
+    char boincPath[MAXPATHLEN];
+    
+    err = CreateBOINCUsersAndGroups();
+    if (err != noErr)
+        return err;
+
+    err = AddAdminUserToGroups(getlogin());
+    if (err != noErr)
+        return err;
+    
+    boincPath[0] = 0;
+    getwd(boincPath);
+    //ShowSecurityError("Current Working Directory is %s", wd);
+
+    strlcat(boincPath, "/BOINCManager.app", sizeof(boincPath));
+    err = SetBOINCAppOwnersGroupsAndPermissions(boincPath);
+    if (err != noErr)
+        return err;
+
+    err = SetBOINCDataOwnersGroupsAndPermissions();
+    return err;
+}
+
diff --git a/clientgui/mac/SetVersion.cpp b/clientgui/mac/SetVersion.cpp
new file mode 100644
index 0000000..8a7cd39
--- /dev/null
+++ b/clientgui/mac/SetVersion.cpp
@@ -0,0 +1,325 @@
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2008 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+/*
+ *  SetVersion.c
+ *  boinc
+ *
+ *  Created by Charlie Fenton on 3/29/05.
+ *
+ */
+
+// Set STAND_ALONE TRUE if testing as a separate applicaiton
+#define STAND_ALONE 0
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include "version.h"
+
+int IsFileCurrent(char* filePath);
+int FixInfoPlistFile(char* myPath);
+int FixInfoPlist_Strings(char* myPath, char* name);
+int MakeBOINCPackageInfoPlistFile(char* myPath, char* brand);
+int MakeMetaPackageInfoPlistFile(char* myPath, char* brand);
+
+int main(int argc, char** argv) {
+    int retval = 0, err;
+
+#if STAND_ALONE
+    char myPath[1024];
+    getcwd(myPath, sizeof(myPath));
+    printf("%s\n", myPath);       // For debugging
+    err = chdir("../");
+    getcwd(myPath, sizeof(myPath));
+    printf("%s\n", myPath);       // For debugging
+#endif
+
+    // BOINC Manager
+    err = FixInfoPlist_Strings("./English.lproj/InfoPlist.strings", "BOINC Manager");
+    if (err) retval = err;
+    err = FixInfoPlistFile("./Info.plist");
+    if (err) retval = err;
+    
+    // BOINC Installer
+    err = FixInfoPlist_Strings("./English.lproj/Installer-InfoPlist.strings", "BOINC Installer");
+    if (err) retval = err;
+    err = FixInfoPlistFile("./Installer-Info.plist");
+    if (err) retval = err;
+    
+    // BOINC PostInstall app
+    err = FixInfoPlist_Strings("./English.lproj/PostInstall-InfoPlist.strings", "Install BOINC");
+    if (err) retval = err;
+    err = FixInfoPlistFile("./PostInstall-Info.plist");
+    if (err) retval = err;
+    
+    // BOINC Screen Saver
+    err = FixInfoPlist_Strings("./English.lproj/ScreenSaver-InfoPlist.strings", "BOINC Screen Saver");
+    if (err) retval = err;
+    err = FixInfoPlistFile("./ScreenSaver-Info.plist");
+    if (err) retval = err;
+    
+    // BOINC Uninstaller
+    err = FixInfoPlist_Strings("./English.lproj/Uninstaller-InfoPlist.strings", "Uninstall BOINC");
+    if (err) retval = err;
+    err = FixInfoPlistFile("./Uninstaller-Info.plist");
+    if (err) retval = err;
+    
+    err = FixInfoPlistFile("./SystemMenu-Info.plist");
+    if (err) retval = err;
+
+    // WaitPermissions is not currently used
+    err = FixInfoPlistFile("./WaitPermissions-Info.plist");
+    if (err) retval = err;
+    
+    err = MakeBOINCPackageInfoPlistFile("./Pkg-Info.plist", "BOINC Manager");
+    if (err) retval = err;
+    
+    err = MakeMetaPackageInfoPlistFile("./Mpkg-Info.plist", "BOINC Manager");
+    return retval;
+}
+
+
+int IsFileCurrent(char* filePath) {
+    FILE *f;
+    char *c, buf[1024];
+    
+    f = fopen(filePath, "r");
+    if (f == 0)
+        return false;
+    for (;;) {
+        c = fgets(buf, sizeof(buf), f);
+        if (c == NULL)
+            break;   // EOF reached without finding correct version string
+        c = strstr(buf, BOINC_VERSION_STRING);
+        if (c) {
+            fclose(f);
+            return true;  // File contains current version string
+        }
+    }
+    fclose(f);
+    return false;  // File does not contain current version string
+}
+
+
+int FixInfoPlist_Strings(char* myPath, char* name) {
+    int retval = 0;
+    FILE *f;
+    
+    if (IsFileCurrent(myPath))
+        return 0;
+
+    f = fopen(myPath, "w");
+    if (f)
+    {
+        fprintf(f, "/* Localized versions of Info.plist keys */\n\n");
+        fprintf(f, "CFBundleName = \"%s\";\n", name);
+        fprintf(f, "CFBundleShortVersionString = \"%s version %s\";\n", name, BOINC_VERSION_STRING);
+        fprintf(f, "CFBundleGetInfoString = \"%s version %s, Copyright 2012 University of California.\";\n", name, BOINC_VERSION_STRING);
+        fflush(f);
+        retval = fclose(f);
+    }
+    else {
+        puts("Error updating version number in file InfoPlist.strings\n");
+        retval = -1;
+    }
+        
+    return retval;
+}
+
+
+int FixInfoPlistFile(char* myPath) {
+    int retval = 0;
+    FILE *fin = NULL, *fout = NULL;
+    char *c, a, buf[1024];
+    
+    if (IsFileCurrent(myPath))
+        return 0;
+
+    rename(myPath, "./temp");
+//    sprintf(buf, "mv -f %s temp", myPath);
+//    retval = system(buf);
+
+    fin = fopen("temp", "r");
+    if (fin == NULL)
+        goto bail;
+
+    fout = fopen(myPath, "w");
+    if (fout == NULL) {
+        goto bail;
+    }
+
+    // Copy everything up to version number
+    for (;;) {
+        c = fgets(buf, sizeof(buf), fin);
+        if (c == NULL)
+            goto bail;   // EOF
+        c = strstr(buf, "CFBundleVersion</key>");
+        if (c)
+            break;  // Found "CFBundleVersion</key>"
+        fputs(buf, fout);
+    }
+        
+    c = strstr(buf, "<string>");
+    if (c == NULL) {
+        fputs(buf, fout);
+        c = fgets(buf, sizeof(buf), fin);
+        if (c == NULL)
+            goto bail;   // EOF
+        c = strstr(buf, "<string>");
+        if (c == NULL)
+            goto bail;   // "CFBundleVersion</key>" not followed by "<string>"
+    }
+    
+    a = *(c+8);
+    *(c+8) = '\0';                      // Put terminator after "<string>"
+    fputs(buf, fout);                   // Copy up to end of "<string>"
+    fputs(BOINC_VERSION_STRING, fout);  // Write the current version number
+    *(c+8) = a;                         // Undo terminator we inserted
+    c = strstr(buf, "</string>");       // Skip over old version number in input
+    fputs(c, fout);                     // Copy rest of input line
+
+    // Copy rest of file
+    for (;;) {
+        c = fgets(buf, sizeof(buf), fin);
+        if (c == NULL)
+            break;   // EOF
+        fputs(buf, fout);
+    }
+
+    fclose(fin);
+    fflush(fout);
+    fclose(fout);
+    
+    unlink("temp");
+    
+    return retval;
+
+bail:
+    if (fin)
+        fclose(fin);
+    if (fout)
+        fclose(fout);
+
+    rename("./temp", myPath);
+//    sprintf(buf, "mv -f temp %s", myPath);
+//    retval = system(buf);
+    
+    printf("Error updating version number in file %s\n", myPath);
+    return -1;
+}
+
+
+int MakeBOINCPackageInfoPlistFile(char* myPath, char* brand) {
+    int retval = 0;
+    FILE *f;
+    
+    if (IsFileCurrent(myPath))
+        return 0;
+
+    f = fopen(myPath, "w");
+    if (f)
+    {
+        fprintf(f, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");
+        fprintf(f, "<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n");
+        fprintf(f, "<plist version=\"1.0\">\n<dict>\n");
+        fprintf(f, "\t<key>CFBundleGetInfoString</key>\n");
+        fprintf(f, "\t<string>%s %s</string>\n", brand, BOINC_VERSION_STRING);
+        fprintf(f, "\t<key>CFBundleIdentifier</key>\n\t<string>edu.berkeley.boinc</string>\n");
+        fprintf(f, "\t<key>CFBundleShortVersionString</key>\n");
+        fprintf(f, "\t<string>%s</string>\n", BOINC_VERSION_STRING);
+        fprintf(f, "\t<key>IFPkgFlagAllowBackRev</key>\n\t<integer>1</integer>\n");
+        fprintf(f, "\t<key>IFPkgFlagAuthorizationAction</key>\n\t<string>AdminAuthorization</string>\n");
+        fprintf(f, "\t<key>IFPkgFlagDefaultLocation</key>\n\t<string>/</string>\n");
+        fprintf(f, "\t<key>IFPkgFlagFollowLinks</key>\n\t<integer>0</integer>\n");
+        fprintf(f, "\t<key>IFPkgFlagInstallFat</key>\n\t<integer>0</integer>\n");
+        fprintf(f, "\t<key>IFPkgFlagInstalledSize</key>\n\t<integer>6680</integer>\n");
+        fprintf(f, "\t<key>IFPkgFlagIsRequired</key>\n\t<integer>0</integer>\n");
+        fprintf(f, "\t<key>IFPkgFlagOverwritePermissions</key>\n\t<integer>0</integer>\n");
+        fprintf(f, "\t<key>IFPkgFlagRelocatable</key>\n\t<integer>0</integer>\n");
+        fprintf(f, "\t<key>IFPkgFlagRestartAction</key>\n\t<string>NoRestart</string>\n");
+        fprintf(f, "\t<key>IFPkgFlagRootVolumeOnly</key>\n\t<integer>1</integer>\n");
+        fprintf(f, "\t<key>IFPkgFlagUpdateInstalledLanguages</key>\n\t<integer>0</integer>\n");
+        fprintf(f, "\t<key>IFPkgFormatVersion</key>\n\t<real>0.10000000149011612</real>\n");
+        fprintf(f, "</dict>\n</plist>\n");
+
+        fflush(f);
+        retval = fclose(f);
+    }
+    else {
+        puts("Error creating file Pkg-Info.plist\n");
+        retval = -1;
+    }
+        
+    return retval;
+}
+
+
+int MakeMetaPackageInfoPlistFile(char* myPath, char* brand) {
+    int retval = 0;
+    FILE *f;
+    
+    if (IsFileCurrent(myPath))
+        return 0;
+
+    f = fopen(myPath, "w");
+    if (f)
+    {
+        fprintf(f, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");
+        fprintf(f, "<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n");
+        fprintf(f, "<plist version=\"1.0\">\n<dict>\n");
+        fprintf(f, "\t<key>CFBundleGetInfoString</key>\n");
+        fprintf(f, "\t<string>%s %s + VirtualBox</string>\n", brand, BOINC_VERSION_STRING);
+        fprintf(f, "\t<key>CFBundleIdentifier</key>\n\t<string>edu.berkeley.boinc+vbox</string>\n");
+        fprintf(f, "\t<key>CFBundleShortVersionString</key>\n");
+        fprintf(f, "\t<string>%s</string>\n", BOINC_VERSION_STRING);
+        fprintf(f, "\t<key>IFMajorVersion</key>\n\t<integer>%d</integer>\n", BOINC_MAJOR_VERSION);
+        fprintf(f, "\t<key>IFMinorVersion</key>\n\t<integer>%d</integer>\n", BOINC_MINOR_VERSION);
+        fprintf(f, "\t<key>IFPkgFlagAllowBackRev</key>\n\t<integer>1</integer>\n");
+        fprintf(f, "\t<key>IFPkgFlagAuthorizationAction</key>\n\t<string>RootAuthorization</string>\n");
+        fprintf(f, "\t<key>IFPkgFlagComponentDirectory</key>\n\t<string>../</string>\n");
+
+        fprintf(f, "\t<key>IFPkgFlagPackageList</key>\n");
+        
+        fprintf(f, "\t<array>\n");
+        fprintf(f, "\t\t<dict>\n");
+        fprintf(f, "\t\t\t<key>IFPkgFlagPackageLocation</key>\n\t\t\t<string>BOINC.pkg</string>\n");
+        fprintf(f, "\t\t\t<key>IFPkgFlagPackageSelection</key>\n\t\t\t<string>required</string>\n");
+        fprintf(f, "\t\t</dict>\n");
+
+        fprintf(f, "\t\t<dict>\n");
+        fprintf(f, "\t\t\t<key>IFPkgFlagPackageLocation</key>\n\t\t\t<string>VirtualBox.pkg</string>\n");
+        fprintf(f, "\t\t\t<key>IFPkgFlagPackageSelection</key>\n\t\t\t<string>selected</string>\n");
+        fprintf(f, "\t\t</dict>\n");
+        fprintf(f, "\t</array>\n");
+
+        fprintf(f, "\t<key>IFPkgFormatVersion</key>\n\t<real>0.10000000149011612</real>\n");
+        fprintf(f, "</dict>\n</plist>\n");
+
+        fflush(f);
+        retval = fclose(f);
+    }
+    else {
+        puts("Error creating file Mpkg-Info.plist\n");
+        retval = -1;
+    }
+        
+    return retval;
+}
+
+
diff --git a/clientgui/mac/SetupSecurity.cpp b/clientgui/mac/SetupSecurity.cpp
new file mode 100644
index 0000000..0ce4b72
--- /dev/null
+++ b/clientgui/mac/SetupSecurity.cpp
@@ -0,0 +1,1163 @@
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2008 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+// SetupSecurity.cpp
+
+#include <Security/Authorization.h>
+#include <Security/AuthorizationTags.h>
+
+#include <grp.h>	// getgrname, getgrgid
+#include <pwd.h>	// getpwnam, getpwuid, getuid
+#include <unistd.h>     // usleep
+#include <sys/param.h>  // for MAXPATHLEN
+#include <sys/stat.h>
+#include <dirent.h>
+
+#include <Carbon/Carbon.h>
+
+#include "file_names.h"
+#include "SetupSecurity.h"
+
+static OSStatus UpdateNestedDirectories(char * basepath);
+static OSStatus MakeXMLFilesPrivate(char * basepath);
+static OSStatus GetAuthorization(void);
+OSStatus DoPrivilegedExec(const char *pathToTool, char *arg1, char *arg2, char *arg3, char *arg4, char *arg5, char *arg6);
+#ifndef __x86_64__
+static pascal Boolean ErrorDlgFilterProc(DialogPtr theDialog, EventRecord *theEvent, short *theItemHit);
+#endif
+static void SleepTicks(UInt32 ticksToSleep);
+#ifdef _DEBUG
+static OSStatus SetFakeMasterNames(void);
+#endif
+static OSStatus CreateUserAndGroup(char * user_name, char * group_name);
+static OSStatus ResynchSystem(void);
+
+static AuthorizationRef        gOurAuthRef = NULL;
+
+#define DELAY_TICKS 3
+#define DELAY_TICKS_R 10
+
+#define REAL_BOINC_MASTER_NAME "boinc_master"
+#define REAL_BOINC_PROJECT_NAME "boinc_project"
+
+#ifdef _DEBUG
+// GDB can't attach to applications which are running as a diferent user or group so 
+//  it ignores the S_ISUID and S_ISGID permisison bits when launching an application.
+// To work around this, the _DEBUG version uses the current user and group.
+//
+// NOTE: The Manager and Client call these routines only "#ifdef _DEBUG" (i.e., 
+// only from the DEVELOPMENT BUILD), never from the Deployment build.
+//
+static char boinc_master_user_name[64];
+static char boinc_master_group_name[64];
+static char boinc_project_user_name[64];
+static char boinc_project_group_name[64];
+#else
+#define boinc_master_user_name REAL_BOINC_MASTER_NAME
+#define boinc_master_group_name REAL_BOINC_MASTER_NAME
+#define boinc_project_user_name REAL_BOINC_PROJECT_NAME
+#define boinc_project_group_name REAL_BOINC_PROJECT_NAME
+#endif
+
+#define MIN_ID 501   /* Minimum user ID / Group ID to create */
+
+static char                    dsclPath[] = "/usr/bin/dscl";
+static char                    chmodPath[] = "/bin/chmod";
+static char                    chownPath[] = "/usr/sbin/chown";
+#define RIGHTS_COUNT 3          /* Count of the 3 above items */
+
+int CreateBOINCUsersAndGroups() {
+    OSStatus        err = noErr;
+
+    err = CreateUserAndGroup(REAL_BOINC_MASTER_NAME, REAL_BOINC_MASTER_NAME);
+    if (err != noErr)
+        return err;
+
+    err = CreateUserAndGroup(REAL_BOINC_PROJECT_NAME, REAL_BOINC_PROJECT_NAME);
+    if (err != noErr)
+        return err;
+        
+    err = ResynchSystem();
+    if (err != noErr)
+        return err;
+    
+    return noErr;
+}
+
+
+// Pass NULL for path when calling this routine from within BOINC Manager
+int SetBOINCAppOwnersGroupsAndPermissions(char *path) {
+    char                    fullpath[MAXPATHLEN];
+    char                    dir_path[MAXPATHLEN];
+    char                    buf1[80];
+    ProcessSerialNumber     ourPSN;
+    FSRef                   ourFSRef, ref;
+    char                    *p;
+    Boolean                 isDirectory;
+    OSStatus                err = noErr;
+    
+#define NUMBRANDS 3
+
+char *saverName[NUMBRANDS];
+
+saverName[0] = "BOINCSaver";
+saverName[1] = "GridRepublic";
+saverName[2] = "Progress Thru Processors";
+
+#ifdef _DEBUG
+    err = SetFakeMasterNames();
+    if (err)
+        return err;
+#endif
+
+    if (path == NULL) {        // NULL means we were called from within BOINC Manager
+        // Get the full path to this application's bundle (BOINC Manager's bundle)
+        err = GetCurrentProcess (&ourPSN);
+        if (err)
+            return err;          // Should never happen
+
+        err = GetProcessBundleLocation(&ourPSN, &ourFSRef);
+        if (err)
+            return err;          // Should never happen
+        
+        err = FSRefMakePath (&ourFSRef, (UInt8*)dir_path, sizeof(dir_path));
+        if (err)
+            return err;          // Should never happen
+    } else
+        strlcpy(dir_path, path, MAXPATHLEN);    // Path to BOINC Manager's bundle was passed as argument
+        
+    if (strlen(fullpath) >= (MAXPATHLEN-1)) {
+        ShowSecurityError("SetBOINCAppOwnersGroupsAndPermissions: path to Manager is too long");
+        return -1;
+    }
+
+    strlcpy(fullpath, dir_path, sizeof(fullpath));
+
+#ifdef _DEBUG
+    // chmod -R u=rwx,g=rwx,o=rx path/BOINCManager.app
+    // 0775 = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH
+    // Set read, write permission for user;  read and execute permission for group and others
+    err = DoPrivilegedExec(chmodPath, "-R", "u=rwx,g=rwx,o=rx", fullpath, NULL, NULL, NULL);
+#else
+    // chmod -R u=rx,g=rx,o=rx path/BOINCManager.app
+    // 0555 = S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH
+    // Set read, write permission for user;  read and execute permission for group and others
+    err = DoPrivilegedExec(chmodPath, "-R", "u=rx,g=rx,o=rx", fullpath, NULL, NULL, NULL);
+#endif
+    if (err)
+        return err;
+
+    // Get the full path to BOINC Manager executable inside this application's bundle
+    strlcat(fullpath, "/Contents/MacOS/", sizeof(fullpath));
+    // To allow for branding, assume name of executable inside bundle is same as name of bundle
+    p = strrchr(dir_path, '/');         // Assume name of executable inside bundle is same as name of bundle
+    if (p == NULL)
+        p = dir_path - 1;
+    strlcat(fullpath, p+1, sizeof(fullpath));
+    p = strrchr(fullpath, '.');         // Strip off  bundle extension (".app")
+    if (p)
+        *p = '\0'; 
+
+    sprintf(buf1, "%s:%s", boinc_master_user_name, boinc_master_group_name);
+    // chown boinc_master:boinc_master path/BOINCManager.app/Contents/MacOS/BOINCManager
+    err = DoPrivilegedExec(chownPath, buf1, fullpath, NULL, NULL, NULL, NULL);
+    if (err)
+        return err;
+
+#ifdef _DEBUG
+        // chmod u=rwx,g=rwx,o=rx path/BOINCManager.app/Contents/MacOS/BOINCManager
+        // 0775 = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IXOTH
+        // Set read, write and execute permission for user & group, read & execute for others
+        err = DoPrivilegedExec(chmodPath, "u=rwx,g=rwx,o=rx", fullpath, NULL, NULL, NULL, NULL);
+#else
+        // chmod u=rx,g=rx,o=rx path/BOINCManager.app/Contents/MacOS/BOINCManager
+        // 0555 = S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH
+        // Set read and execute permission for user, group & others
+        err = DoPrivilegedExec(chmodPath, "u=rx,g=rx,o=rx", fullpath, NULL, NULL, NULL, NULL);
+#endif
+    if (err)
+        return err;
+
+    // Get the full path to BOINC Clients inside this application's bundle
+    strlcpy(fullpath, dir_path, sizeof(fullpath));
+    strlcat(fullpath, "/Contents/Resources/boinc", sizeof(fullpath));
+    if (strlen(fullpath) >= (MAXPATHLEN-1)) {
+        ShowSecurityError("SetBOINCAppOwnersGroupsAndPermissions: path to client is too long");
+        return -1;
+    }
+    
+    sprintf(buf1, "%s:%s", boinc_master_user_name, boinc_master_group_name);
+    // chown boinc_master:boinc_master path/BOINCManager.app/Contents/Resources/boinc
+    err = DoPrivilegedExec(chownPath, buf1, fullpath, NULL, NULL, NULL, NULL);
+    if (err)
+        return err;
+
+#ifdef _DEBUG
+        // chmod u=rwsx,g=rwsx,o=rx path/BOINCManager.app/Contents/Resources/boinc
+        // 06775 = S_ISUID | S_ISGID | S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IXOTH
+        // Set setuid-on-execution, setgid-on-execution plus read, write and execute permission for user & group, read & execute for others
+        err = DoPrivilegedExec(chmodPath, "u=rwsx,g=rwsx,o=rx", fullpath, NULL, NULL, NULL, NULL);
+#else
+        // chmod u=rsx,g=rsx,o=rx path/BOINCManager.app/Contents/Resources/boinc
+        // 06555 = S_ISUID | S_ISGID | S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH
+        // Set setuid-on-execution, setgid-on-execution plus read and execute permission for user, group & others
+        err = DoPrivilegedExec(chmodPath, "u=rsx,g=rsx,o=rx", fullpath, NULL, NULL, NULL, NULL);
+#endif
+    if (err)
+        return err;
+
+    for (int i=0; i<NUMBRANDS; i++) {
+        // Version 6 screensaver has its own embedded switcher application, but older versions don't.
+        // We don't allow unauthorized users to run the switcher application in the BOINC Data directory 
+        // because they could use it to run as user & group boinc_project and damage project files.
+        // The screensaver's switcher application runs as user and group "nobody" to avoid this risk.
+
+        // Does switcher exist in screensaver bundle?
+        sprintf(fullpath, "/Library/Screen Savers/%s.saver/Contents/Resources/gfx_switcher", saverName[i]);
+        err = FSPathMakeRef((StringPtr)fullpath, &ref, &isDirectory);   // Does it exist?
+        if ((err == noErr) && (! isDirectory)) {
+#ifdef _DEBUG
+            sprintf(buf1, "%s:%s", boinc_master_user_name, boinc_master_group_name);
+            // chown boinc_master:boinc_master "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/gfx_switcher"
+            err = DoPrivilegedExec(chownPath, buf1, fullpath, NULL, NULL, NULL, NULL);
+            if (err)
+                return err;
+
+            // chmod u=rwx,g=rwx,o=rx "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/gfx_switcher"
+            // 0775 = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IXOTH
+            // Set read, write and execute permission for user & group;  read and execute permission for others
+            err = DoPrivilegedExec(chmodPath, "u=rwx,g=rwx,o=rx", fullpath, NULL, NULL, NULL, NULL);
+            if (err)
+                return err;
+#else
+            sprintf(buf1, "root:%s", boinc_master_group_name);
+            // chown root:boinc_master "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/gfx_switcher"
+            err = DoPrivilegedExec(chownPath, buf1, fullpath, NULL, NULL, NULL, NULL);
+            if (err)
+                return err;
+
+            // chmod u=rsx,g=rx,o=rx "/Library/Screen Savers/BOINCSaver.saver/Contents/Resources/gfx_switcher"
+            // 04555 = S_ISUID | S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH
+            // Set setuid-on-execution plus read and execute permission for user, group & others
+            err = DoPrivilegedExec(chmodPath, "u=rsx,g=rx,o=rx", fullpath, NULL, NULL, NULL, NULL);
+            if (err)
+                return err;
+#endif
+        }
+    }
+    
+    return noErr;
+}
+
+
+int SetBOINCDataOwnersGroupsAndPermissions() {
+    FSRef           ref;
+    Boolean         isDirectory;
+    char            fullpath[MAXPATHLEN];
+    char            buf1[80];
+    OSStatus        err = noErr;
+    OSStatus        result;
+    char            *BOINCDataDirPath = "/Library/Application Support/BOINC Data";
+
+#ifdef _DEBUG
+    err = SetFakeMasterNames();
+    if (err)
+        return err;
+#endif
+    
+    strlcpy(fullpath, BOINCDataDirPath, MAXPATHLEN);
+
+    // Does BOINC Data directory exist?
+    result = FSPathMakeRef((StringPtr)BOINCDataDirPath, &ref, &isDirectory);
+    if ((result != noErr) || (! isDirectory))
+        return dirNFErr;                    // BOINC Data Directory does not exist
+
+    // Set owner and group of BOINC Data directory's contents
+    sprintf(buf1, "%s:%s", boinc_master_user_name, boinc_master_group_name);
+    // chown -R boinc_master:boinc_master "/Library/Application Support/BOINC Data"
+    err = DoPrivilegedExec(chownPath, "-R", buf1, BOINCDataDirPath, NULL, NULL, NULL);
+    if (err)
+        return err;
+
+#if 0   // Redundant if we already set BOINC Data directory to boinc_master:boinc_master
+    // Set owner and group of BOINC Data directory itself
+    sprintf(buf1, "%s:%s", boinc_master_user_name, boinc_master_group_name);
+    // chown boinc_master:boinc_master "/Library/Application Support/BOINC Data"
+    err = DoPrivilegedExec(chownPath, buf1, BOINCDataDirPath, NULL, NULL, NULL, NULL);
+    if (err)
+        return err;
+#endif
+
+    // Set permissions of BOINC Data directory's contents:
+    //   ss_config.xml is world-readable so screensaver coordinator can read it
+    //   all other *.xml are not world-readable to keep authenticators private
+    //   gui_rpc_auth.cfg is not world-readable to keep RPC password private
+    //   all other files are world-readable so default screensaver can read them
+    
+    // First make all files world-readable (temporarily)
+    // chmod -R u+rw,g+rw,o+r-w "/Library/Application Support/BOINC Data"
+    // 0661 = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH
+    // Set read and write permission for user and group, read-only for others (leaves execute bits unchanged)
+    err = DoPrivilegedExec(chmodPath, "-R", "u+rw,g+rw,o+r-w", BOINCDataDirPath, NULL, NULL, NULL);
+    if (err)
+        return err;
+    
+    // Next make gui_rpc_auth.cfg not world-readable to keep RPC password private
+    // Does gui_rpc_auth.cfg file exist?
+    strlcpy(fullpath, BOINCDataDirPath, MAXPATHLEN);
+    strlcat(fullpath, "/", MAXPATHLEN);
+    strlcat(fullpath, GUI_RPC_PASSWD_FILE, MAXPATHLEN);
+
+    result = FSPathMakeRef((StringPtr)fullpath, &ref, &isDirectory);
+    if ((result == noErr) && (! isDirectory)) {
+        // Make gui_rpc_auth.cfg file readable and writable only by user boinc_master and group boinc_master
+
+        // Set owner and group of gui_rpc_auth.cfg file
+        sprintf(buf1, "%s:%s", boinc_master_user_name, boinc_master_group_name);
+        // chown boinc_master:boinc_master "/Library/Application Support/BOINC Data/gui_rpc_auth.cfg"
+        err = DoPrivilegedExec(chownPath, buf1, fullpath, NULL, NULL, NULL, NULL);
+        if (err)
+            return err;
+
+        // chmod u=rw,g=rw,o= "/Library/Application Support/BOINC Data/gui_rpc_auth.cfg"
+        // 0660 = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP
+        // Set read and write permission for user and group, no access for others
+        err = DoPrivilegedExec(chmodPath, "u=rw,g=rw,o=", fullpath, NULL, NULL, NULL, NULL);
+        if (err)
+            return err;
+    }           // gui_rpc_auth.cfg
+
+    // Next make all *.xml files not world-readable to keep authenticators private
+    err = MakeXMLFilesPrivate(BOINCDataDirPath);
+    if (err)
+        return err;
+
+    // Next make ss_config.xml world-readable so screensaver coordinator can read it
+    // Does screensaver config file ss_config.xml exist?
+    strlcpy(fullpath, BOINCDataDirPath, MAXPATHLEN);
+    strlcat(fullpath, "/", MAXPATHLEN);
+    strlcat(fullpath, SS_CONFIG_FILE, MAXPATHLEN);
+
+    result = FSPathMakeRef((StringPtr)fullpath, &ref, &isDirectory);
+    if ((result == noErr) && (! isDirectory)) {
+        // Make ss_config.xml file world readable but writable only by user boinc_master and group boinc_master
+
+        // Set owner and group of ss_config.xml file
+        sprintf(buf1, "%s:%s", boinc_master_user_name, boinc_master_group_name);
+        // chown boinc_master:boinc_master "/Library/Application Support/BOINC Data/ss_config.xml"
+        err = DoPrivilegedExec(chownPath, buf1, fullpath, NULL, NULL, NULL, NULL);
+        if (err)
+            return err;
+
+        // chmod u=rw,g=rw,o=r "/Library/Application Support/BOINC Data/ss_config.xml"
+        // 0664 = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH
+        // Set read and write permission for user and group, read-only for others
+        err = DoPrivilegedExec(chmodPath, "u=rw,g=rw,o=r", fullpath, NULL, NULL, NULL, NULL);
+        if (err)
+            return err;
+    }           // ss_config.xml
+
+
+    // Set permissions of BOINC Data directory itself
+    // chmod u=rwx,g=rwx,o=x "/Library/Application Support/BOINC Data"
+    // 0771 = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IXOTH
+    // Set read, write and execute permission for user & group; execute-only permission for others
+    err = DoPrivilegedExec(chmodPath, "u=rwx,g=rwx,o=x", BOINCDataDirPath, NULL, NULL, NULL, NULL);
+    if (err)
+        return err;
+
+
+    // Does projects directory exist?
+    strlcpy(fullpath, BOINCDataDirPath, MAXPATHLEN);
+    strlcat(fullpath, "/", MAXPATHLEN);
+    strlcat(fullpath, PROJECTS_DIR, MAXPATHLEN);
+
+    result = FSPathMakeRef((StringPtr)fullpath, &ref, &isDirectory);
+    if ((result == noErr) && (isDirectory)) {
+        // Set owner and group of projects directory and it's contents
+        sprintf(buf1, "%s:%s", boinc_master_user_name, boinc_project_group_name);
+        // chown -R boinc_master:boinc_project "/Library/Application Support/BOINC Data/projects"
+        err = DoPrivilegedExec(chownPath, "-Rh", buf1, fullpath, NULL, NULL, NULL);
+        if (err)
+            return err;
+
+#if 0       // Redundant if the same as projects directory's contents
+        // Set owner and group of projects directory itself
+        sprintf(buf1, "%s:%s", boinc_master_user_name, boinc_project_group_name);
+        // chown -R boinc_master:boinc_project "/Library/Application Support/BOINC Data/projects"
+        err = DoPrivilegedExec(chownPath, buf1, fullpath, NULL, NULL, NULL, NULL);
+        if (err)
+            return err;
+#endif
+
+        // Set permissions of project directories' contents
+        // Contents of project directories must be world-readable so BOINC Client can read 
+        // files written by projects which have user boinc_project and group boinc_project
+        // chmod -R u+rw,g+rw,o+r-w "/Library/Application Support/BOINC Data/projects"
+        // 0664 = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH
+        // set read and write permission for user and group, no access for others (leaves execute bits unchanged)
+        err = DoPrivilegedExec(chmodPath, "-R", "u+rw,g+rw,o+r-w", fullpath, NULL, NULL, NULL);
+        if (err)
+            return err;
+
+        // Set permissions for projects directory itself (not its contents)
+        // chmod u=rwx,g=rwx,o= "/Library/Application Support/BOINC Data/projects"
+        // 0770 = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP
+        // Set read, write and execute permission for user & group, no access for others
+        err = DoPrivilegedExec(chmodPath, "u=rwx,g=rwx,o=", fullpath, NULL, NULL, NULL, NULL);
+        if (err)
+            return err;
+
+        // Set execute permissions for project subdirectories
+        err = UpdateNestedDirectories(fullpath);    // Sets execute for user, group and others
+        if (err)
+            return err;
+    }       // projects directory
+    
+    // Does slots directory exist?
+    strlcpy(fullpath, BOINCDataDirPath, MAXPATHLEN);
+    strlcat(fullpath, "/", MAXPATHLEN);
+    strlcat(fullpath, SLOTS_DIR, MAXPATHLEN);
+
+    result = FSPathMakeRef((StringPtr)fullpath, &ref, &isDirectory);
+    if ((result == noErr) && (isDirectory)) {
+        // Set owner and group of slots directory and it's contents
+        sprintf(buf1, "%s:%s", boinc_master_user_name, boinc_project_group_name);
+        // chown -R boinc_master:boinc_project "/Library/Application Support/BOINC Data/slots"
+        err = DoPrivilegedExec(chownPath, "-Rh", buf1, fullpath, NULL, NULL, NULL);
+        if (err)
+            return err;
+
+#if 0       // Redundant if the same as slots directory's contents
+        // Set owner and group of slots directory itself
+        sprintf(buf1, "%s:%s", boinc_master_user_name, boinc_project_group_name);
+        // chown boinc_master:boinc_project "/Library/Application Support/BOINC Data/slots"
+        err = DoPrivilegedExec(chownPath, buf1, fullpath, NULL, NULL, NULL, NULL);
+        if (err)
+            return err;
+#endif
+
+        // Set permissions of slot directories' contents
+        // Contents of slot directories must be world-readable so BOINC Client can read 
+        // files written by projects which have user boinc_project and group boinc_project
+        // chmod -R u+rw,g+rw,o+r-w "/Library/Application Support/BOINC Data/slots"
+        // 0664 = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH
+        // set read and write permission for user and group, no access for others (leaves execute bits unchanged)
+        err = DoPrivilegedExec(chmodPath, "-R", "u+rw,g+rw,o+r-w", fullpath, NULL, NULL, NULL);
+        if (err)
+            return err;
+
+        // Set permissions for slots directory itself (not its contents)
+        // chmod u=rwx,g=rwx,o= "/Library/Application Support/BOINC Data/slots"
+        // 0770 = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP
+        // Set read, write and execute permission for user & group, no access for others
+        err = DoPrivilegedExec(chmodPath, "u=rwx,g=rwx,o=", fullpath, NULL, NULL, NULL, NULL);
+        if (err)
+            return err;
+
+        // Set execute permissions for slot subdirectories
+        err = UpdateNestedDirectories(fullpath);    // Sets execute for user, group and others
+        if (err)
+            return err;
+    }       // slots directory
+
+    // Does locale directory exist?
+    strlcpy(fullpath, BOINCDataDirPath, MAXPATHLEN);
+    strlcat(fullpath, "/locale", MAXPATHLEN);
+
+    result = FSPathMakeRef((StringPtr)fullpath, &ref, &isDirectory);
+    if ((result == noErr) && (isDirectory)) {
+#if 0   // Redundant if we already set contents of BOINC Data directory to boinc_master:boinc_master
+        // Set owner and group of locale directory and all its contents
+        sprintf(buf1, "%s:%s", boinc_master_user_name, boinc_master_group_name);
+        // chown -R boinc_master:boinc_master "/Library/Application Support/BOINC Data/locale"
+        err = DoPrivilegedExec(chownPath, "-R", buf1, fullpath, NULL, NULL, NULL);
+        if (err)
+            return err;
+#endif
+
+        // chmod -R u+r-w,g+r-w,o+r-w "/Library/Application Support/BOINC Data/locale"
+        // 0550 = S_IRUSR | S_IXUSR | S_IRGRP | S_IXUSR | S_IROTH | S_IXOTH 
+        // Set execute permission for user, group, and others if it was set for any
+        err = DoPrivilegedExec(chmodPath, "-R", "+X", fullpath, NULL, NULL, NULL);
+        // Set read-only permission for user, group, and others (leaves execute bits unchanged)
+        err = DoPrivilegedExec(chmodPath, "-R", "u+r-w,g+r-w,o+r-w", fullpath, NULL, NULL, NULL);
+        if (err)
+            return err;
+    }       // locale directory
+    
+    // Does switcher directory exist?
+    strlcpy(fullpath, BOINCDataDirPath, MAXPATHLEN);
+    strlcat(fullpath, "/", MAXPATHLEN);
+    strlcat(fullpath, SWITCHER_DIR, MAXPATHLEN);
+
+    result = FSPathMakeRef((StringPtr)fullpath, &ref, &isDirectory);
+    if ((result == noErr) && (isDirectory)) {
+#if 0   // Redundant if we already set contents of BOINC Data directory to boinc_master:boinc_master
+        // Set owner and group of switcher directory
+        sprintf(buf1, "%s:%s", boinc_master_user_name, boinc_master_group_name);
+        // chown boinc_master:boinc_master "/Library/Application Support/BOINC Data/switcher"
+        err = DoPrivilegedExec(chownPath, buf1, fullpath, NULL, NULL, NULL, NULL);
+        if (err)
+            return err;
+#endif
+
+        // chmod u=rx,g=rx,o= "/Library/Application Support/BOINC Data/switcher"
+        // 0550 = S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP
+        // Set read and execute permission for user and group, no access for others
+        err = DoPrivilegedExec(chmodPath, "u=rx,g=rx,o=", fullpath, NULL, NULL, NULL, NULL);
+        if (err)
+            return err;
+    }       // switcher directory
+
+    strlcat(fullpath, "/", MAXPATHLEN);
+    strlcat(fullpath, SWITCHER_FILE_NAME, MAXPATHLEN);
+        result = FSPathMakeRef((StringPtr)fullpath, &ref, &isDirectory);
+    if ((result == noErr) && (! isDirectory)) {
+        // Set owner and group of switcher application
+        sprintf(buf1, "root:%s", boinc_master_group_name);
+        // chown root:boinc_master "/Library/Application Support/BOINC Data/switcher/switcher"
+        err = DoPrivilegedExec(chownPath, buf1, fullpath, NULL, NULL, NULL, NULL);
+        if (err)
+            return err;
+
+        // Set permissions of switcher application
+        // chmod u=s,g=rx,o= "/Library/Application Support/BOINC Data/switcher/switcher"
+        // 04050 = S_ISUID | S_IRGRP | S_IXGRP
+        // Set setuid-on-execution plus read and execute permission for group boinc_master only
+        err = DoPrivilegedExec(chmodPath, "u=s,g=rx,o=", fullpath, NULL, NULL, NULL, NULL);
+        if (err)
+            return err;
+    }       // switcher application
+    
+    strlcpy(fullpath, BOINCDataDirPath, MAXPATHLEN);
+    strlcat(fullpath, "/", MAXPATHLEN);
+    strlcat(fullpath, SWITCHER_DIR, MAXPATHLEN);
+    strlcat(fullpath, "/", MAXPATHLEN);
+    strlcat(fullpath, SETPROJECTGRP_FILE_NAME, MAXPATHLEN);
+        result = FSPathMakeRef((StringPtr)fullpath, &ref, &isDirectory);
+    if ((result == noErr) && (! isDirectory)) {
+        // Set owner and group of setprojectgrp application
+        sprintf(buf1, "%s:%s", boinc_master_user_name, boinc_project_group_name);
+        // chown boinc_master:boinc_project "/Library/Application Support/BOINC Data/switcher/setprojectgrp"
+        err = DoPrivilegedExec(chownPath, buf1, fullpath, NULL, NULL, NULL, NULL);
+        if (err)
+            return err;
+
+        // Set permissions of setprojectgrp application
+        // chmod u=rx,g=s,o= "/Library/Application Support/BOINC Data/switcher/setprojectgrp"
+        // 02500 = S_ISGID | S_IRUSR | S_IXUSR
+        // Set setgid-on-execution plus read and execute permission for user only
+        err = DoPrivilegedExec(chmodPath, "u=rx,g=s,o=", fullpath, NULL, NULL, NULL, NULL);
+        if (err)
+            return err;
+    }       // setprojectgrp application
+
+#ifdef __APPLE__
+#if 0       // AppStats is deprecated as of version 5.8.15
+    strlcpy(fullpath, BOINCDataDirPath, MAXPATHLEN);
+    strlcat(fullpath, "/", MAXPATHLEN);
+    strlcat(fullpath, SWITCHER_DIR, MAXPATHLEN);
+    strlcat(fullpath, "/", MAXPATHLEN);
+    strlcat(fullpath, APP_STATS_FILE_NAME, MAXPATHLEN);
+        result = FSPathMakeRef((StringPtr)fullpath, &ref, &isDirectory);
+    if ((result == noErr) && (! isDirectory)) {
+        // Set owner and group of AppStats application (must be setuid root)
+        sprintf(buf1, "root:%s", boinc_master_group_name);
+        // chown root:boinc_project "/Library/Application Support/BOINC Data/switcher/AppStats"
+        err = DoPrivilegedExec(chownPath, buf1, fullpath, NULL, NULL, NULL, NULL);
+        if (err)
+            return err;
+
+        // Set permissions of AppStats application
+        // chmod u=rsx,g=rx,o= "/Library/Application Support/BOINC Data/switcher/AppStats"
+        // 04550 = S_ISUID | S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP
+        // Set setuid-on-execution plus read and execute permission for user and group
+        err = DoPrivilegedExec(chmodPath, "u=rsx,g=rx,o=", fullpath, NULL, NULL, NULL, NULL);
+        if (err)
+            return err;
+    }       // setprojectgrp application
+#endif
+#endif  // __APPLE__
+
+    return noErr;
+}
+
+
+// make all *.xml files not world-readable to keep authenticators private
+static OSStatus MakeXMLFilesPrivate(char * basepath) {
+    char            fullpath[MAXPATHLEN];
+    OSStatus        retval = 0;
+    DIR             *dirp;
+    int             len;
+    dirent          *dp;
+
+    dirp = opendir(basepath);
+    if (dirp == NULL)           // Should never happen
+        return -1;
+        
+    while (true) {
+        dp = readdir(dirp);
+        if (dp == NULL)
+            break;                  // End of list
+        
+        if (dp->d_name[0] == '.')
+            continue;               // Ignore names beginning with '.'
+        
+        len = strlen(dp->d_name);
+        if (len < 5)
+            continue;
+        
+        if (strcmp(dp->d_name+len-4, ".xml"))
+            continue;
+
+        strlcpy(fullpath, basepath, sizeof(fullpath));
+        strlcat(fullpath, "/", sizeof(fullpath));
+        strlcat(fullpath, dp->d_name, sizeof(fullpath));
+
+        // chmod u+rw,g+rw,o= "/Library/Application Support/BOINC Data/????.xml"
+        // 0660 = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP0
+        // Set read and write permission for user and group, no access for others
+        retval = DoPrivilegedExec(chmodPath, "u+rw,g+rw,o=", fullpath, NULL, NULL, NULL, NULL);
+        if (retval)
+            break;
+    }       // End while (true)
+    
+    closedir(dirp);
+
+    return retval;
+}
+
+
+static OSStatus UpdateNestedDirectories(char * basepath) {
+    Boolean         isDirectory;
+    char            fullpath[MAXPATHLEN];
+    struct stat     sbuf;
+    OSStatus        retval = 0;
+    DIR             *dirp;
+    dirent          *dp;
+
+    dirp = opendir(basepath);
+    if (dirp == NULL)           // Should never happen
+        return -1;
+        
+    while (true) {
+        dp = readdir(dirp);
+        if (dp == NULL)
+            break;                  // End of list
+            
+        if (dp->d_name[0] == '.')
+            continue;               // Ignore names beginning with '.'
+
+        strlcpy(fullpath, basepath, sizeof(fullpath));
+        strlcat(fullpath, "/", sizeof(fullpath));
+        strlcat(fullpath, dp->d_name, sizeof(fullpath));
+
+        retval = stat(fullpath, &sbuf);
+        if (retval) {
+            if (lstat(fullpath, &sbuf) == 0) {
+                // A broken symlink in a slot directory may be OK if slot is no longer in use
+                if (S_ISLNK(sbuf.st_mode)) {
+                    retval = 0;
+                    continue;
+                }
+            }
+            break;              // Should never happen
+        }
+        isDirectory = S_ISDIR(sbuf.st_mode);
+
+        if (isDirectory) {
+            // chmod u=rwx,g=rwx,o=rx fullpath
+            // 0775 = S_IRUSR | S_IWUSR | S_IXUSR | S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IXOTH
+            // Set read, write and execute permission for user & group;  read and execute permission for others
+            retval = DoPrivilegedExec(chmodPath, "u=rwx,g=rwx,o=rx", fullpath, NULL, NULL, NULL, NULL);
+            if (retval)
+                break;
+
+            retval = UpdateNestedDirectories(fullpath);
+            if (retval)
+                break;
+        } else {
+            // Since we are changing ownership from boinc_project to boinc_master, 
+            // make sure executable-by-group bit is set if executable-by-owner is set 
+            if ((sbuf.st_mode & 0110) == 0100) {    // If executable by owner but not by group
+                retval = DoPrivilegedExec(chmodPath, "g+x", fullpath, NULL, NULL, NULL, NULL);
+            }
+        }
+            
+    }       // End while (true)
+    
+    closedir(dirp);
+
+    return retval;
+}
+
+
+static OSStatus CreateUserAndGroup(char * user_name, char * group_name) {
+    OSStatus        err = noErr;
+    passwd          *pw = NULL;
+    group           *grp = NULL;
+    uid_t           userid = 0;
+    gid_t           groupid = 0;
+    gid_t           usergid = 0;
+    Boolean         userExists = false;
+    Boolean         groupExists = false;
+    short           i;
+    static short    start_id = MIN_ID;
+    char            buf1[80];
+    char            buf2[80];
+    char            buf3[80];
+    char            buf4[80];
+    SInt32          response;
+   
+    err = Gestalt(gestaltSystemVersion, &response);
+    if (err) return err;
+    
+    // OS 10.4 has problems with Accounts pane if we create uid or gid > 501
+    if (response < 0x1050) {
+        start_id = 25;
+    }
+    
+    pw = getpwnam(user_name);
+    if (pw) {
+        userid = pw->pw_uid;
+        userExists = true;
+    }
+
+    grp = getgrnam(group_name);
+    if (grp) {
+        groupid = grp->gr_gid;
+        groupExists = true;
+    }
+    
+    sprintf(buf1, "/groups/%s", group_name);
+    sprintf(buf2, "/users/%s", user_name);
+
+    if ( userExists && groupExists )
+        goto setRealName;       // User and group already exist
+
+    // If only user or only group exists, try to use the same ID for the one we create
+    if (userExists) {      // User exists but group does not
+        usergid = pw->pw_gid;
+        if (usergid) {
+            grp = getgrgid(usergid);
+            if (grp == NULL)    // Set the group ID = users existing group if this group ID is available
+                groupid = usergid;
+        }
+        if (groupid == 0) {
+            grp = getgrgid(userid);
+            if (grp == NULL)    // Set the group ID = user ID if this group ID is available
+                groupid = userid;
+        }
+    } else {
+        if (groupExists) {      // Group exists but user does not
+           pw = getpwuid(groupid);
+            if (pw == NULL)    // Set the user ID = group ID if this user ID is available
+                userid = groupid;
+        }
+    }
+    
+    // We need to find an available user ID, group ID, or both.  Find a value that is currently 
+    // neither a user ID or a group ID.
+    // If we need both a new user ID and a new group ID, finds a value that can be used for both.
+    if ( (userid == 0) || (groupid == 0) ) {
+        for(i=start_id; ; i++) {
+           if ((uid_t)i != userid) {
+                pw = getpwuid((uid_t)i);
+                if (pw)
+                    continue;               // Already exists as a user ID of a different user
+            }
+            
+            if ((gid_t)i != groupid) {
+                grp = getgrgid((gid_t)i);
+                if (grp)
+                    continue;               // Already exists as a group ID of a different group
+            }
+            
+            if (! userExists)
+                userid = (uid_t)i;
+            if (! groupExists)
+                groupid = (gid_t)i;
+
+            start_id = i + 1;               // Start with next higher value next time
+                
+            break;                          // Success!
+        }
+    }
+    
+    sprintf(buf3, "%d", groupid);
+    sprintf(buf4, "%d", userid);
+
+    if (! groupExists) {             // If we need to create group
+        // Something like "dscl . -create /groups/boinc_master"
+        err = DoPrivilegedExec(dsclPath, ".", "-create", buf1, NULL, NULL, NULL);
+        if (err)
+            return err;
+ 
+        // Something like "dscl . -create /groups/boinc_master gid 33"
+        err = DoPrivilegedExec(dsclPath, ".", "-create", buf1, "gid", buf3, NULL);
+        if (err)
+            return err;
+    }           // if (! groupExists)
+        
+    if (! userExists) {             // If we need to create user
+        // Something like "dscl . -create /users/boinc_master"
+        err = DoPrivilegedExec(dsclPath, ".", "-create", buf2, NULL, NULL, NULL);
+        if (err)
+            return err;
+
+        // Something like "dscl . -create /users/boinc_master uid 33"
+        err = DoPrivilegedExec(dsclPath, ".", "-create", buf2, "uid", buf4, NULL);
+        if (err)
+            return err;
+
+        // Prevent a security hole by not allowing a login from this user
+        // Something like "dscl . -create /users/boinc_master shell /usr/bin/false"
+        err = DoPrivilegedExec(dsclPath, ".", "-create", buf2, "shell", "/usr/bin/false", NULL);
+        if (err)
+            return err;
+
+        // Something like "dscl . -create /users/boinc_master home /var/empty"
+        err = DoPrivilegedExec(dsclPath, ".", "-create", buf2, "home", "/var/empty", NULL);
+        if (err)
+            return err;
+    }           // if (! userExists)
+
+    // Always set the user gid if we created either the user or the group or both
+    // Something like "dscl . -create /users/boinc_master gid 33"
+    err = DoPrivilegedExec(dsclPath, ".", "-create", buf2, "gid", buf3, NULL);
+    if (err)
+        return err;
+
+setRealName:
+    // Always set the RealName field to an empty string
+    // Note: create RealName with empty string fails under OS 10.7, but 
+    // creating it with non-empty string and changing to empty string does work.
+    //
+    // Something like "dscl . -create /users/boinc_master RealName tempName"
+    err = DoPrivilegedExec(dsclPath, ".", "-create", buf2, "RealName", user_name, NULL);
+    if (err)
+        return err;
+
+    // Something like 'dscl . -change /users/boinc_master RealName ""'
+    err = DoPrivilegedExec(dsclPath, ".", "-change", buf2, "RealName", user_name, "");
+    if (err)
+        return err;
+
+    err = ResynchSystem();
+    if (err != noErr)
+        return err;
+
+    SleepTicks(120);
+
+    return noErr;
+}
+
+
+int AddAdminUserToGroups(char *user_name, bool add_to_boinc_project) {        
+#ifndef _DEBUG
+    char            buf1[80];
+    OSStatus        err = noErr;
+
+    sprintf(buf1, "/groups/%s", boinc_master_group_name);
+
+    // "dscl . -merge /groups/boinc_master users user_name"
+    err = DoPrivilegedExec(dsclPath, ".", "-merge", buf1, "users", user_name, NULL);
+    if (err)
+        return err;
+
+    if (add_to_boinc_project)  {
+        sprintf(buf1, "/groups/%s", boinc_project_group_name);
+
+        // "dscl . -merge /groups/boinc_project users user_name"
+        err = DoPrivilegedExec(dsclPath, ".", "-merge", buf1, "users", user_name, NULL);
+        if (err)
+            return err;
+    }
+    
+    err = ResynchSystem();
+    if (err != noErr)
+        return err;
+
+#endif          // ! _DEBUG    
+    return noErr;
+}
+
+
+static OSStatus ResynchSystem() {
+    SInt32          response;
+    OSStatus        err = noErr;
+   
+    err = Gestalt(gestaltSystemVersion, &response);
+    if (err) return err;
+    
+    if (response >= 0x1050) {
+        // OS 10.5
+        err = system("dscacheutil -flushcache");
+        err = system("dsmemberutil flushcache");
+        return noErr;
+    }
+    
+    err = system("lookupd -flushcache");
+
+    err = Gestalt(gestaltSystemVersion, &response);
+    if ((err == noErr) && (response >= 0x1040))
+        err = system("memberd -r");           // Available only in OS 10.4
+
+    return noErr;
+}
+
+
+#ifdef _DEBUG
+// GDB can't attach to applications which are running as a diferent user or group so 
+//  it ignores the S_ISUID and S_ISGID permisison bits when launching an application.
+// To work around this, the _DEBUG version uses the current user and group.
+static OSStatus SetFakeMasterNames() {
+    passwd              *pw;
+    group               *grp;
+    gid_t               boinc_master_gid;
+    uid_t               boinc_master_uid;
+    long                response;
+    OSStatus            err = noErr;
+
+    boinc_master_uid = geteuid();
+    pw = getpwuid(boinc_master_uid);
+    if (pw == NULL)
+        return -1;      // Should never happen
+    strlcpy(boinc_master_user_name, pw->pw_name, sizeof(boinc_master_user_name));
+
+    boinc_master_gid = getegid();
+    grp = getgrgid(boinc_master_gid);
+    if (grp == NULL)
+        return -1;
+    strlcpy(boinc_master_group_name, grp->gr_name, sizeof(boinc_master_group_name));
+    
+    err = Gestalt(gestaltSystemVersion, (SInt32*)&response);
+#ifndef DEBUG_WITH_FAKE_PROJECT_USER_AND_GROUP
+    if ((err == noErr) && (response >= 0x1040)) {
+        // For better debugging of SANDBOX permissions logic
+        strlcpy(boinc_project_user_name, REAL_BOINC_PROJECT_NAME, sizeof(boinc_project_user_name));
+        strlcpy(boinc_project_group_name, REAL_BOINC_PROJECT_NAME, sizeof(boinc_project_group_name));
+    } else 
+#endif
+    {
+        // For easier debugging of project applications; required under OS 10.3.x
+        strlcpy(boinc_project_user_name, pw->pw_name, sizeof(boinc_project_user_name));
+        strlcpy(boinc_project_group_name, grp->gr_name, sizeof(boinc_project_group_name));
+     }
+     
+    return noErr;
+}
+#endif
+
+
+static OSStatus GetAuthorization (void) {
+    static Boolean              sIsAuthorized = false;
+    AuthorizationRights         ourAuthRights;
+    AuthorizationFlags          ourAuthFlags;
+    AuthorizationItem           ourAuthRightsItem[RIGHTS_COUNT];
+    AuthorizationEnvironment    ourAuthEnvironment;
+    AuthorizationItem           ourAuthEnvItem[1];
+    char                        prompt[] = "BOINC needs to have certain permissions set up.\n\n";
+    OSStatus                    err = noErr;
+
+    if (sIsAuthorized)
+        return noErr;
+        
+    ourAuthRights.count = 0;
+    ourAuthRights.items = NULL;
+
+    err = AuthorizationCreate (&ourAuthRights, kAuthorizationEmptyEnvironment, kAuthorizationFlagDefaults, &gOurAuthRef);
+    if (err != noErr) {
+        ShowSecurityError("AuthorizationCreate returned error %d", err);
+        return err;
+    }
+     
+    ourAuthRightsItem[0].name = kAuthorizationRightExecute;
+    ourAuthRightsItem[0].value = dsclPath;
+    ourAuthRightsItem[0].valueLength = strlen (dsclPath);
+    ourAuthRightsItem[0].flags = 0;
+
+    ourAuthRightsItem[1].name = kAuthorizationRightExecute;
+    ourAuthRightsItem[1].value = chmodPath;
+    ourAuthRightsItem[1].valueLength = strlen (chmodPath);
+    ourAuthRightsItem[1].flags = 0;
+
+    ourAuthRightsItem[2].name = kAuthorizationRightExecute;
+    ourAuthRightsItem[2].value = chownPath;
+    ourAuthRightsItem[2].valueLength = strlen (chownPath);
+    ourAuthRightsItem[2].flags = 0;
+
+#if AUTHORIZE_LOOKUPD_MEMBERD
+    ourAuthRightsItem[3].name = kAuthorizationRightExecute;
+    ourAuthRightsItem[3].value = lookupdPath;
+    ourAuthRightsItem[3].valueLength = strlen (lookupdPath);
+    ourAuthRightsItem[3].flags = 0;
+
+    ourAuthRightsItem[4].name = kAuthorizationRightExecute;
+    ourAuthRightsItem[4].value = memberdPath;
+    ourAuthRightsItem[4].valueLength = strlen (memberdPath);
+    ourAuthRightsItem[4].flags = 0;
+#endif
+
+    ourAuthRights.count = RIGHTS_COUNT;
+    ourAuthRights.items = ourAuthRightsItem;
+
+    ourAuthEnvItem[0].name = kAuthorizationEnvironmentPrompt;
+    ourAuthEnvItem[0].value = prompt;
+    ourAuthEnvItem[0].valueLength = strlen (prompt);
+    ourAuthEnvItem[0].flags = 0;
+
+    ourAuthEnvironment.count = 1;
+    ourAuthEnvironment.items = ourAuthEnvItem;
+
+    
+    ourAuthFlags = kAuthorizationFlagInteractionAllowed | kAuthorizationFlagExtendRights;
+    
+    // When this is called from the installer, the installer has already authenticated.  
+    // In that case we are already running with full root privileges so AuthorizationCopyRights() 
+    // does not request a password from the user again.
+    err = AuthorizationCopyRights (gOurAuthRef, &ourAuthRights, &ourAuthEnvironment, ourAuthFlags, NULL);
+    
+    if (err == noErr)
+        sIsAuthorized = true;
+    
+    return err;
+}
+
+OSStatus DoPrivilegedExec(const char *pathToTool, char *arg1, char *arg2, char *arg3, char *arg4, char *arg5, char *arg6) {
+    short               i;
+    char                *args[8];
+    OSStatus            err;
+    FILE                *ioPipe = NULL;
+    char                *p, junk[256];
+
+    err = GetAuthorization();
+    if (err != noErr) {
+        if (err == errAuthorizationCanceled)
+            return err;
+        ShowSecurityError("GetAuthorization returned error %d", err);
+    } else {
+        for (i=0; i<5; i++) {       // Retry 5 times if error
+            args[0] = arg1;
+            args[1] = arg2;
+            args[2] = arg3;
+            args[3] = arg4;
+            args[4] = arg5;
+            args[5] = arg6;
+            args[6] = NULL;
+
+            err = AuthorizationExecuteWithPrivileges (gOurAuthRef, pathToTool, 0, args, &ioPipe);
+            if (ioPipe) {
+                // We use the pipe to signal us when the command has completed
+                do {
+                    p = fgets(junk, sizeof(junk), ioPipe);
+                } while (p);
+                
+                fclose (ioPipe);
+            }
+
+            // AuthorizationExecuteWithPrivileges() does a fork() and so 
+            // leaves a zombie process.  Clear these so we don't exceed 
+            // the system-imposed limit of processes per user (MAXUPRC).
+            while (waitpid(-1, 0, WNOHANG) > 0);
+#if 0
+            if (strcmp(arg2, "-R") == 0)
+                SleepTicks(DELAY_TICKS_R);
+            else
+                SleepTicks(DELAY_TICKS);
+#endif
+            if (err == noErr)
+                break;
+        }
+    }
+    if (err != noErr)
+        ShowSecurityError("\"%s %s %s %s %s %s\" returned error %d", pathToTool, 
+                            arg1 ? arg1 : "", arg2 ? arg2 : "", arg3 ? arg3 : "", 
+                            arg4 ? arg4 : "", arg5 ? arg5 : "", err);
+
+       return err;
+}
+
+
+
+void ShowSecurityError(const char *format, ...) {
+    va_list                 args;
+
+#ifdef __x86_64__
+    va_start(args, format);
+    vfprintf(stderr, format, args);
+    va_end(args);
+#else
+    char                    s[1024];
+    short                   itemHit;
+    AlertStdAlertParamRec   alertParams;
+    ModalFilterUPP          ErrorDlgFilterProcUPP;
+    
+    ProcessSerialNumber	ourProcess;
+
+    va_start(args, format);
+    s[0] = vsprintf(s+1, format, args);
+    va_end(args);
+
+    ErrorDlgFilterProcUPP = NewModalFilterUPP(ErrorDlgFilterProc);
+
+    alertParams.movable = true;
+    alertParams.helpButton = false;
+    alertParams.filterProc = ErrorDlgFilterProcUPP;
+    alertParams.defaultText = "\pOK";
+    alertParams.cancelText = NULL;
+    alertParams.otherText = NULL;
+    alertParams.defaultButton = kAlertStdAlertOKButton;
+    alertParams.cancelButton = 0;
+    alertParams.position = kWindowDefaultPosition;
+
+    ::GetCurrentProcess (&ourProcess);
+    ::SetFrontProcess(&ourProcess);
+
+    StandardAlert (kAlertStopAlert, (StringPtr)s, NULL, &alertParams, &itemHit);
+
+    DisposeModalFilterUPP(ErrorDlgFilterProcUPP);
+#endif
+}
+
+
+#ifndef __x86_64__
+static pascal Boolean ErrorDlgFilterProc(DialogPtr theDialog, EventRecord *theEvent, short *theItemHit) {
+    // We need this because this is a command-line application so it does not get normal events
+    if (Button()) {
+        *theItemHit = kStdOkItemIndex;
+        return true;
+    }
+    
+    return StdFilterProc(theDialog, theEvent, theItemHit);
+}
+#endif
+
+// Uses usleep to sleep for full duration even if a signal is received
+static void SleepTicks(UInt32 ticksToSleep) {
+    UInt32 endSleep, timeNow, ticksRemaining;
+
+    timeNow = TickCount();
+    ticksRemaining = ticksToSleep;
+    endSleep = timeNow + ticksToSleep;
+    while ( (timeNow < endSleep) && (ticksRemaining <= ticksToSleep) ) {
+        usleep(16667 * ticksRemaining);
+        timeNow = TickCount();
+        ticksRemaining = endSleep - timeNow;
+    } 
+}
diff --git a/clientgui/mac/SetupSecurity.h b/clientgui/mac/SetupSecurity.h
new file mode 100644
index 0000000..a17f174
--- /dev/null
+++ b/clientgui/mac/SetupSecurity.h
@@ -0,0 +1,31 @@
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2008 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+// SetupSecurity.h
+
+#ifdef _DEBUG
+// Comment out this #define for easier debugging of project applications.
+// Make it active for better debugging of SANDBOX permissions logic.
+// #define DEBUG_WITH_FAKE_PROJECT_USER_AND_GROUP
+#endif
+
+
+int CreateBOINCUsersAndGroups(void);
+int SetBOINCAppOwnersGroupsAndPermissions(char *path);
+int SetBOINCDataOwnersGroupsAndPermissions(void);
+int AddAdminUserToGroups(char *user_name, bool add_to_boinc_project=true);
+void ShowSecurityError(const char *format, ...);
diff --git a/clientgui/mac/SystemMenu.m b/clientgui/mac/SystemMenu.m
new file mode 100644
index 0000000..2124164
--- /dev/null
+++ b/clientgui/mac/SystemMenu.m
@@ -0,0 +1,293 @@
+/* SystemMenu.m */
+
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2008 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+/* Cocoa routines for BOINC Manager OS X System Icon Menu.
+    Written by Charlie Fenton for UC Berkeley Space Sciences Laboratory 2005
+    
+    Adapted from Apple Developer Tech Support sample code, including:
+      SpellingChecker-CarbonCocoa
+      MenuMadness
+*/
+
+#include <Carbon/Carbon.h>
+#include <Cocoa/Cocoa.h>
+
+ at interface SystemMenu : NSObject {
+}
+- (void)BuildSysMenu:(MenuRef)menuToCopy;
+- (void)postEvent:(id)sender;
+ at end
+
+
+
+
+SystemMenu *gSystemMenu = NULL;
+NSStatusItem *gStatusItem = NULL;
+
+void SetSystemMenuIcon(CGImageRef theIcon);
+static OSStatus LoadFrameworkBundle(CFStringRef framework, CFBundleRef *bundlePtr);
+
+/*
+	Needed to make sure the Cocoa framework has a chance to initialize things in a Carbon app.
+	
+	NSApplicationLoad() is an API introduced in 10.2 which is a startup function to call when
+	running Cocoa code from a Carbon application.
+
+	Because NSApplicationLoad() is not available pre 10.2, we load the function pointer through
+	CFBundle.  If we encounter an error during this process, (i.e. it's not there), we fall back
+	to calling NSApplication *NSApp=[NSApplication sharedApplication];
+	The fallback method does have bugs with regard to window activation seen when hiding and showing
+	the main application.
+*/
+typedef BOOL (*NSApplicationLoadFuncPtr)( void );
+
+void	InitializeCocoa() {
+	CFBundleRef 				appKitBundleRef;
+	NSApplicationLoadFuncPtr                myNSApplicationLoad;
+	OSStatus				err;
+	
+	//	Load the "AppKit.framework" bundl to locate NSApplicationLoad
+	err = LoadFrameworkBundle( CFSTR("AppKit.framework"), &appKitBundleRef );
+	if (err != noErr) goto FallbackMethod;
+	
+	//	Manually load the Mach-O function pointers for the routines we will be using.
+	myNSApplicationLoad	= (NSApplicationLoadFuncPtr) CFBundleGetFunctionPointerForName( appKitBundleRef, CFSTR("NSApplicationLoad") );
+	if ( myNSApplicationLoad == NULL ) goto FallbackMethod;
+
+	(void) myNSApplicationLoad();
+	return;
+
+FallbackMethod:
+	{   /* NSApplication *NSApp = */ [NSApplication sharedApplication]; }
+}
+
+
+
+/*
+*/
+void	SetUpSystemMenu(MenuRef menuToCopy, CGImageRef theIcon) {
+    NSAutoreleasePool* pool;
+    
+    if (gSystemMenu == NULL)
+        InitializeCocoa();
+        
+    pool	= [[NSAutoreleasePool alloc] init];
+    
+    if (gSystemMenu)
+        [gSystemMenu release];
+        
+    gSystemMenu = [[SystemMenu alloc] init];
+    [gSystemMenu retain];
+    
+    [gSystemMenu BuildSysMenu:menuToCopy];
+//    [gStatusItem setImage: [NSImage imageNamed:@"Icon0"]];
+    SetSystemMenuIcon(theIcon);
+
+    [pool release];
+}
+
+
+ at implementation SystemMenu
+
+- (void)BuildSysMenu:(MenuRef)menuToCopy {
+    NSStatusBar *bar;
+    NSMenuItem *newItem;
+    NSMenu *sysMenu;
+    int i, n;
+    Str255 s;
+    CFStringRef CFText;
+    UInt32 tag;
+    OSErr err;
+
+    // Add the submenu
+    newItem = [[NSMenuItem allocWithZone:[NSMenu menuZone]] initWithTitle:@"BOINC!" action:NULL keyEquivalent:@""];
+    sysMenu = [[NSMenu allocWithZone:[NSMenu menuZone]] initWithTitle:@"BOINC!"];
+    [newItem setSubmenu:sysMenu];
+
+    if (gStatusItem == NULL) {
+        bar = [NSStatusBar systemStatusBar];
+
+        gStatusItem = [bar statusItemWithLength:NSSquareStatusItemLength];
+        [gStatusItem retain];
+    }
+    
+    [gStatusItem setTitle: NSLocalizedString(@"",@"")];
+    [gStatusItem setHighlightMode:YES];
+    [gStatusItem setMenu:sysMenu];
+
+    [sysMenu release];
+    [newItem release];
+
+    n = CountMenuItems(menuToCopy);
+    // Add the items
+    for (i=1; i<=n; i++)
+    {
+        GetMenuItemText(menuToCopy, i, s); 
+        err = GetMenuItemCommandID(menuToCopy, i, &tag);
+        
+       if ((PLstrcmp(s, "\p-") == 0) || (tag == 0))
+        {
+            [sysMenu addItem:[NSMenuItem separatorItem]];
+            continue;
+        }
+        
+        CFText = CFStringCreateWithPascalString(kCFAllocatorDefault, s, kCFStringEncodingMacRoman);
+        if (CFText != NULL)
+        {
+            newItem = [[NSMenuItem allocWithZone:[NSMenu menuZone]] initWithTitle:(NSString*)CFText action:NULL keyEquivalent:@""];
+           if (err == noErr) {
+                [newItem setTarget:self];
+                [sysMenu addItem:newItem];
+                if( IsMenuItemEnabled(menuToCopy, i) )
+                    [newItem setEnabled:YES];
+                else
+                    [newItem setEnabled:NO];
+                
+                // setTag and setAction are needed only in OS 10.5
+                [newItem setTag:tag];
+                [newItem setAction:@selector(postEvent:)];
+
+            }
+            [newItem release];
+            CFRelease(CFText);
+        }
+    }
+    
+    [sysMenu setAutoenablesItems:NO];
+    return;
+}
+
+
+// postEvent is needed only in OS 10.5
+- (void)postEvent:(id)sender {
+    HICommand commandStruct;
+    EventRef theEvent;
+    OSStatus err;
+
+    // Build a kEventClassCommand CarbonEvent and set the CommandId 
+    //  to the value of the menu item's tag
+    err = CreateEvent(NULL, kEventClassCommand, kEventCommandProcess, 
+                                0, kEventAttributeUserEvent, &theEvent);
+    commandStruct.commandID = [sender tag];
+    commandStruct.attributes = kHICommandFromMenu;
+    commandStruct.menu.menuRef = (MenuRef)'BNC!';
+        
+    if (err == noErr)
+        err = SetEventParameter(theEvent, kEventParamDirectObject, 
+                                typeHICommand, sizeof(HICommand), &commandStruct);
+    if (err == noErr)
+        SendEventToEventTarget(theEvent, GetApplicationEventTarget());
+//    SysBeep(4);
+}
+
+
+void SetSystemMenuIcon(CGImageRef theIcon)
+{
+    if (theIcon == NULL) 
+    {
+        // A NULL icon handle is a request to remove the status item from the menu bar
+        [[gStatusItem statusBar] removeStatusItem:gStatusItem];
+        [gStatusItem release];
+        [gSystemMenu release];
+        gStatusItem = NULL;
+        gSystemMenu = NULL;
+        
+        return;
+    }
+        
+    NSRect imageRect = NSMakeRect(0.0, 0.0, 0.0, 0.0);
+    CGContextRef imageContext = nil;
+    NSImage* theImage = nil;
+ 
+    // Get the image dimensions.
+    imageRect.size.height = CGImageGetHeight(theIcon);
+    imageRect.size.width = CGImageGetWidth(theIcon);
+ 
+    // Create a new image to receive the Quartz image data.
+    theImage = [[NSImage alloc] initWithSize:imageRect.size];
+    [theImage lockFocus];
+ 
+    // Get the Quartz context and draw.
+    imageContext = (CGContextRef)[[NSGraphicsContext currentContext] graphicsPort];
+    CGContextDrawImage(imageContext, *(CGRect*)&imageRect, theIcon);
+    [theImage unlockFocus];
+
+    [gStatusItem setImage:theImage];
+    
+    [theImage release];
+    
+    return;
+}
+
+
+static OSStatus LoadFrameworkBundle(CFStringRef framework, CFBundleRef *bundlePtr)
+{
+	OSStatus 	err;
+	FSRef 		frameworksFolderRef;
+	CFURLRef	baseURL;
+	CFURLRef	bundleURL;
+	
+	if ( bundlePtr == nil )	return( -1 );
+	
+	*bundlePtr = nil;
+	
+	baseURL = nil;
+	bundleURL = nil;
+	
+	err = FSFindFolder(kOnAppropriateDisk, kFrameworksFolderType, true, &frameworksFolderRef);
+	if (err == noErr) {
+		baseURL = CFURLCreateFromFSRef(kCFAllocatorSystemDefault, &frameworksFolderRef);
+		if (baseURL == nil) {
+			err = coreFoundationUnknownErr;
+		}
+	}
+	if (err == noErr) {
+		bundleURL = CFURLCreateCopyAppendingPathComponent(kCFAllocatorSystemDefault, baseURL, framework, false);
+		if (bundleURL == nil) {
+			err = coreFoundationUnknownErr;
+		}
+	}
+	if (err == noErr) {
+		*bundlePtr = CFBundleCreate(kCFAllocatorSystemDefault, bundleURL);
+		if (*bundlePtr == nil) {
+			err = coreFoundationUnknownErr;
+		}
+	}
+	if (err == noErr) {
+	    if ( ! CFBundleLoadExecutable( *bundlePtr ) ) {
+			err = coreFoundationUnknownErr;
+	    }
+	}
+
+	// Clean up.
+	if (err != noErr && *bundlePtr != nil) {
+		CFRelease(*bundlePtr);
+		*bundlePtr = nil;
+	}
+	if (bundleURL != nil) {
+		CFRelease(bundleURL);
+	}	
+	if (baseURL != nil) {
+		CFRelease(baseURL);
+	}	
+	
+	return err;
+}
+
+ at end
diff --git a/clientgui/mac/SystemMenu_Prefix.pch b/clientgui/mac/SystemMenu_Prefix.pch
new file mode 100644
index 0000000..dbe0747
--- /dev/null
+++ b/clientgui/mac/SystemMenu_Prefix.pch
@@ -0,0 +1,27 @@
+// Berkeley Open Infrastructure for Network Computing
+// http://boinc.berkeley.edu
+// Copyright (C) 2005 University of California
+//
+// This is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// either version 2.1 of the License, or (at your option) any later version.
+//
+// This software is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// To view the GNU Lesser General Public License visit
+// http://www.gnu.org/copyleft/lesser.html
+// or write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+//
+// Prefix header for all source files of the 'SystemMenu' target in the 'BOINC' project.
+//
+
+#ifdef __OBJC__
+    #import <Foundation/Foundation.h>
+    #import <AppKit/AppKit.h>
+#endif
diff --git a/clientgui/mac/browser_safari.mm b/clientgui/mac/browser_safari.mm
new file mode 100644
index 0000000..7de262f
--- /dev/null
+++ b/clientgui/mac/browser_safari.mm
@@ -0,0 +1,82 @@
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2008 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+#include "str_util.h"
+#include "browser.h"
+
+#include <Cocoa/Cocoa.h>
+
+bool detect_cookie_safari(std::string& project_url, std::string& name, std::string& value)
+{    
+    NSHTTPCookieStorage *cookieStorage;
+    NSArray *theCookies;
+    NSHTTPCookie *aCookie;
+    NSURL *theURL;
+    NSString *theURLString, *theValueString, *theNameString;
+    NSDate *expirationDate;
+    unsigned int i, n;
+    bool retval = false;
+
+    NSAutoreleasePool* pool;
+    
+    pool = [[NSAutoreleasePool alloc] init];
+    
+    
+    theURLString = [ NSString stringWithCString:project_url.c_str() ];
+    
+    theURL = [ NSURL URLWithString:theURLString ];
+
+    cookieStorage = [ NSHTTPCookieStorage sharedHTTPCookieStorage ];
+    
+    if (cookieStorage == NULL)
+        goto bail;
+    
+    theCookies = [ cookieStorage cookiesForURL:theURL ];
+
+    if (theCookies == NULL)
+        goto bail;
+
+    n = [ theCookies count ];
+    for (i=0; i<n; i++) {
+        aCookie = (NSHTTPCookie*)[ theCookies objectAtIndex:i ];
+
+        // has the cookie expired?
+        expirationDate = [ aCookie expiresDate ];
+        if ([ expirationDate compare:[ NSDate date ]] == NSOrderedAscending)
+            continue;
+            
+        theNameString = [ aCookie name ];
+        // is this the right cookie?
+#ifdef cStringUsingEncoding     // Available only is OS 10.4 and later
+        if (!starts_with([ theNameString cStringUsingEncoding:NSMacOSRomanStringEncoding ], name.c_str()))
+            continue;
+        theValueString = [ aCookie value ];
+        value = [ theValueString cStringUsingEncoding:NSMacOSRomanStringEncoding ];
+#else
+        if (!starts_with([ theNameString cString ], name.c_str()))
+            continue;
+        theValueString = [ aCookie value ];
+        value = [ theValueString cString ];
+#endif
+        retval = true;
+    }
+
+bail:
+    [pool release];
+
+    return retval;
+}
\ No newline at end of file
diff --git a/clientgui/mac/config.h b/clientgui/mac/config.h
new file mode 100644
index 0000000..c902324
--- /dev/null
+++ b/clientgui/mac/config.h
@@ -0,0 +1,377 @@
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2008 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+/* config.h  - Prebuilt configuration info for Macintosh BOINC */
+/* Adapted from config.h generated by configure.  */
+
+
+/* double-inclusion protection for config.h */
+#ifndef BOINC_CONFIG_H
+#define BOINC_CONFIG_H
+
+/* Version defines are now in version.h */
+#include "version.h"
+
+
+
+/* Define to the type pointed to by the 5th parameter of getsockopt */
+#define BOINC_SOCKLEN_T socklen_t
+
+/* Use the Apple OpenGL framework. */
+#define HAVE_APPLE_OPENGL_FRAMEWORK 1
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#define HAVE_ARPA_INET_H 1
+
+/* Define to 1 if you have the <dirent.h> header file. */
+#define HAVE_DIRENT_H 1
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#define HAVE_DLFCN_H 1
+
+/* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */
+/* #undef HAVE_DOPRNT */
+
+/* Define to 1 if you have the <errno.h> header file. */
+#define HAVE_ERRNO_H 1
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#define HAVE_FCNTL_H 1
+
+/* Define to 1 if you have the `flock' function. */
+#define HAVE_FLOCK 1
+
+/* Define to 1 if you have the `getutent' function. */
+/* #undef HAVE_GETUTENT */
+
+/* Define to 1 if you have the <glaux.h> header file. */
+/* #undef HAVE_GLAUX_H */
+
+/* Define to 1 if you have the <GLUT/glut.h> header file. */
+#define HAVE_GLUT_GLUT_H 1
+
+/* Define to 1 if you have the <glut.h> header file. */
+/* #undef HAVE_GLUT_H */
+
+/* Define to 1 if you have the <glu.h> header file. */
+/* #undef HAVE_GLU_H */
+
+/* Define to 1 if you have the <GL/glaux.h> header file. */
+/* #undef HAVE_GL_GLAUX_H */
+
+/* Define to 1 if you have the <GL/glut.h> header file. */
+/* #undef HAVE_GL_GLUT_H */
+
+/* Define to 1 if you have the <GL/glu.h> header file. */
+/* #undef HAVE_GL_GLU_H */
+
+/* Define to 1 if you have the <GL/gl.h> header file. */
+/* #undef HAVE_GL_GL_H */
+
+/* Define to 1 if you have the <gl.h> header file. */
+/* #undef HAVE_GL_H */
+
+/* Define to 1 if you have the <ieeefp.h> header file. */
+/* #undef HAVE_IEEEFP_H */
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#define HAVE_INTTYPES_H 1
+
+/* Define to 1 if you have the c library */
+#define HAVE_LIBC 1
+
+/* Define to 1 if you have the gcc library */
+#define HAVE_LIBGCC 1
+
+/* Define to 1 if you have the gcc_eh library */
+#define HAVE_LIBGCC_EH 1
+
+/* Define to 1 if you have the math library */
+#define HAVE_LIBM 1
+
+/* Define to 1 if you have the pthread library */
+#define HAVE_LIBPTHREAD 1
+
+/* Define to 1 if you have the stdc++ library */
+#define HAVE_LIBSTDC__ 1
+
+/* Define to 1 if you have the `lockf' function. */
+#define HAVE_LOCKF 1
+
+/* Define to 1 if you have the <malloc.h> header file. */
+/* #undef HAVE_MALLOC_H */
+
+/* Define to 1 if you have the <memory.h> header file. */
+#define HAVE_MEMORY_H 1
+
+/* Define to 1 if you have the <MesaGL/glaux.h> header file. */
+/* #undef HAVE_MESAGL_GLAUX_H */
+
+/* Define to 1 if you have the <MesaGL/glut.h> header file. */
+/* #undef HAVE_MESAGL_GLUT_H */
+
+/* Define to 1 if you have the <MesaGL/glu.h> header file. */
+/* #undef HAVE_MESAGL_GLU_H */
+
+/* Define to 1 if you have the <MesaGL/gl.h> header file. */
+/* #undef HAVE_MESAGL_GL_H */
+
+/* Define if your C++ compiler supports namespaces */
+#define HAVE_NAMESPACES 1
+
+/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
+/* #undef HAVE_NDIR_H */
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#define HAVE_NETDB_H 1
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#define HAVE_NETINET_IN_H 1
+
+/* Define to 1 if you have the <netinet/tcp.h> header file. */
+#define HAVE_NETINET_TCP_H 1
+
+/* Define to 1 if you have the <OpenGL/glaux.h> header file. */
+/* #undef HAVE_OPENGL_GLAUX_H */
+
+/* Define to 1 if you have the <OpenGL/glut.h> header file. */
+/* #undef HAVE_OPENGL_GLUT_H */
+
+/* Define to 1 if you have the <OpenGL/glu.h> header file. */
+#define HAVE_OPENGL_GLU_H 1
+
+/* Define to 1 if you have the <OpenGL/gl.h> header file. */
+#define HAVE_OPENGL_GL_H 1
+
+/* Define to 1 if you have the <procfs.h> header file. */
+/* #undef HAVE_PROCFS_H */
+
+/* Define if you have POSIX threads libraries and header files. */
+#define HAVE_PTHREAD 1
+
+/* Define to 1 if you have the `setpriority' function. */
+#define HAVE_SETPRIORITY 1
+
+/* Define to 1 if you have the `setutent' function. */
+/* #undef HAVE_SETUTENT */
+
+/* Define to 1 if you have the `sigaction' function. */
+#define HAVE_SIGACTION 1
+
+/* Define to 1 if you have the <signal.h> header file. */
+#define HAVE_SIGNAL_H 1
+
+/* Define to 1 if the system has the type `socklen_t'. */
+#define HAVE_SOCKLEN_T 1
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#define HAVE_STDINT_H 1
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if locale is in namespace std:: */
+#define HAVE_STD_LOCALE 1
+
+/* Define to 1 if max is in namespace std:: */
+#define HAVE_STD_MAX 1
+
+/* Define to 1 if min is in namespace std:: */
+#define HAVE_STD_MIN 1
+
+/* Define to 1 if transform is in namespace std:: */
+#define HAVE_STD_TRANSFORM 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if you have the `strlcat' function. */
+#define HAVE_STRLCAT 1
+
+/* Define to 1 if you have the `strlcpy' function. */
+#define HAVE_STRLCPY 1
+
+/* Define to 1 if you have the `strcasestr' function. */
+#define HAVE_STRCASESTR 1
+
+/* Define to 1 if you have the `strtoull' function. */
+#define HAVE_STRTOULL 1
+
+/* Define to 1 if `tm_zone' is member of `struct tm'. */
+#define HAVE_STRUCT_TM_TM_ZONE 1
+
+/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
+   */
+/* #undef HAVE_SYS_DIR_H */
+
+/* Define to 1 if you have the <sys/file.h> header file. */
+#define HAVE_SYS_FILE_H 1
+
+/* Define to 1 if you have the <sys/ipc.h> header file. */
+#define HAVE_SYS_IPC_H 1
+
+/* Define to 1 if you have the <sys/mount.h> header file. */
+#define HAVE_SYS_MOUNT_H 1
+
+/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'.
+   */
+/* #undef HAVE_SYS_NDIR_H */
+
+/* Define to 1 if you have the <sys/param.h> header file. */
+#define HAVE_SYS_PARAM_H 1
+
+/* Define to 1 if you have the <sys/resource.h> header file. */
+#define HAVE_SYS_RESOURCE_H 1
+
+/* Define to 1 if you have the <sys/select.h> header file. */
+#define HAVE_SYS_SELECT_H 1
+
+/* Define to 1 if you have the <sys/shm.h> header file. */
+#define HAVE_SYS_SHM_H 1
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#define HAVE_SYS_SOCKET_H 1
+
+/* Define to 1 if you have the <sys/statfs.h> header file. */
+/* #undef HAVE_SYS_STATFS_H */
+
+/* Define to 1 if you have the <sys/statvfs.h> header file. */
+/* #undef HAVE_SYS_STATVFS_H */
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#define HAVE_SYS_STAT_H 1
+
+/* Define to 1 if you have the <sys/swap.h> header file. */
+/* #undef HAVE_SYS_SWAP_H */
+
+/* Define to 1 if you have the <sys/sysctl.h> header file. */
+#define HAVE_SYS_SYSCTL_H 1
+
+/* Define to 1 if you have the <sys/systeminfo.h> header file. */
+/* #undef HAVE_SYS_SYSTEMINFO_H */
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#define HAVE_SYS_TIME_H 1
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#define HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if you have the <sys/utsname.h> header file. */
+#define HAVE_SYS_UTSNAME_H 1
+
+/* Define to 1 if you have the <sys/vmmeter.h> header file. */
+#define HAVE_SYS_VMMETER_H 1
+
+/* Define to 1 if you have the <sys/wait.h> header file. */
+#define HAVE_SYS_WAIT_H 1
+
+/* Define to 1 if your `struct tm' has `tm_zone'. Deprecated, use
+   `HAVE_STRUCT_TM_TM_ZONE' instead. */
+#define HAVE_TM_ZONE 1
+
+/* Define to 1 if you don't have `tm_zone' but do have the external array
+   `tzname'. */
+/* #undef HAVE_TZNAME */
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#define HAVE_UNISTD_H 1
+
+/* Define to 1 if you have the <utmp.h> header file. */
+#define HAVE_UTMP_H 1
+
+/* Define to 1 if you have the `vprintf' function. */
+#define HAVE_VPRINTF 1
+
+/* Define to 1 if you have the `wait3' system call. Deprecated, you should no
+   longer depend upon `wait3'. */
+#define HAVE_WAIT3 1
+
+/* Define to 1 if you have the `wait4' function. */
+#define HAVE_WAIT4 1
+
+/* Define to 1 if you have the <windows.h> header file. */
+/* #undef HAVE_WINDOWS_H */
+
+/* Define to 1 if /dev/kbd exists */
+/* #undef HAVE__DEV_KBD */
+
+/* Define to 1 if /dev/mouse exists */
+/* #undef HAVE__DEV_MOUSE */
+
+/* Define to 1 if /dev/tty1 exists */
+/* #undef HAVE__DEV_TTY1 */
+
+/* Define to 1 if /proc/meminfo exists */
+/* #undef HAVE__PROC_MEMINFO */
+
+/* Define to 1 if /proc/self/psinfo exists */
+/* #undef HAVE__PROC_SELF_PSINFO */
+
+/* Define to 1 if /proc/self/stat exists */
+/* #undef HAVE__PROC_SELF_STAT */
+
+/* Host for this compilation */
+/* "i686-apple-darwin", "x86_64-apple-darwin" or "powerpc-apple-darwin" determined at run time */
+#define HOSTTYPE ""
+
+/* "Define to 1 if largefile support causes missing symbols in C++" */
+/* #undef LARGEFILE_BREAKS_CXX */
+
+/* Define to the necessary symbol if this constant uses a non-standard name on
+   your system. */
+/* #undef PTHREAD_CREATE_JOINABLE */
+
+/* Define as the return type of signal handlers (`int' or `void'). */
+#define RETSIGTYPE void
+
+/* Define to 1 if you have the ANSI C header files. */
+#define STDC_HEADERS 1
+
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
+#define TIME_WITH_SYS_TIME 1
+
+/* Define to 1 if your <sys/time.h> declares `struct tm'. */
+/* #undef TM_IN_SYS_TIME */
+
+/* utmp file location */
+#define UTMP_LOCATION "/var/run/utmp"
+
+/* Define to 1 if the X Window System is missing or not being used. */
+/* #undef X_DISPLAY_MISSING */
+
+/* Number of bits in a file offset, on hosts where this is settable. */
+/* #undef _FILE_OFFSET_BITS */
+
+/* Define for large files, on AIX-style hosts. */
+/* #undef _LARGE_FILES */
+
+/* Define to empty if `const' does not conform to ANSI C. */
+/* #undef const */
+
+/* Define to `unsigned' if <sys/types.h> does not define. */
+/* #undef size_t */
+
+
+/* include fixes for the most common problems */
+#include "std_fixes.h"
+
+/* end double-inclusion protection for config.h */
+#endif /* #ifndef BOINC_CONFIG_H */
+
diff --git a/clientgui/mac/gridrepublic.tiff b/clientgui/mac/gridrepublic.tiff
new file mode 100644
index 0000000..c17d3e1
Binary files /dev/null and b/clientgui/mac/gridrepublic.tiff differ
diff --git a/clientgui/msw/taskbarex.cpp b/clientgui/msw/taskbarex.cpp
index 5a400af..86c9fce 100644
--- a/clientgui/msw/taskbarex.cpp
+++ b/clientgui/msw/taskbarex.cpp
@@ -5,7 +5,7 @@
 // Author:      Julian Smart
 // Modified by: Rom Walton
 // Created:     24/3/98
-// RCS-ID:      $Id: taskbarex.cpp 22547 2010-10-18 19:21:46Z romw $
+// RCS-ID:      $Id$
 // Copyright:   (c)
 // Licence:     wxWindows licence
 /////////////////////////////////////////////////////////////////////////
diff --git a/clientgui/msw/taskbarex.h b/clientgui/msw/taskbarex.h
index c1fcc4e..267ba65 100644
--- a/clientgui/msw/taskbarex.h
+++ b/clientgui/msw/taskbarex.h
@@ -5,7 +5,7 @@
 // Author:      Julian Smart
 // Modified by: Rom Walton
 // Created:     24/3/98
-// RCS-ID:      $Id: taskbarex.h 22547 2010-10-18 19:21:46Z romw $
+// RCS-ID:      $Id$
 // Copyright:   (c) Julian Smart
 // Licence:     wxWindows licence
 /////////////////////////////////////////////////////////////////////////
diff --git a/clientgui/res/templates/mess.bmp b/clientgui/res/templates/mess.bmp
deleted file mode 100644
index 1d0ecb4..0000000
Binary files a/clientgui/res/templates/mess.bmp and /dev/null differ
diff --git a/clientgui/res/templates/proj.bmp b/clientgui/res/templates/proj.bmp
deleted file mode 100644
index e7ebeeb..0000000
Binary files a/clientgui/res/templates/proj.bmp and /dev/null differ
diff --git a/clientgui/res/templates/result.bmp b/clientgui/res/templates/result.bmp
deleted file mode 100644
index e3ae204..0000000
Binary files a/clientgui/res/templates/result.bmp and /dev/null differ
diff --git a/clientgui/res/templates/wizprogress01.bmp b/clientgui/res/templates/wizprogress01.bmp
deleted file mode 100644
index cff1c17..0000000
Binary files a/clientgui/res/templates/wizprogress01.bmp and /dev/null differ
diff --git a/clientgui/res/templates/wizprogress02.bmp b/clientgui/res/templates/wizprogress02.bmp
deleted file mode 100644
index 55118e0..0000000
Binary files a/clientgui/res/templates/wizprogress02.bmp and /dev/null differ
diff --git a/clientgui/res/templates/wizprogress03.bmp b/clientgui/res/templates/wizprogress03.bmp
deleted file mode 100644
index 82e53cd..0000000
Binary files a/clientgui/res/templates/wizprogress03.bmp and /dev/null differ
diff --git a/clientgui/res/templates/wizprogress04.bmp b/clientgui/res/templates/wizprogress04.bmp
deleted file mode 100644
index e412a25..0000000
Binary files a/clientgui/res/templates/wizprogress04.bmp and /dev/null differ
diff --git a/clientgui/res/templates/wizprogress05.bmp b/clientgui/res/templates/wizprogress05.bmp
deleted file mode 100644
index c1c68de..0000000
Binary files a/clientgui/res/templates/wizprogress05.bmp and /dev/null differ
diff --git a/clientgui/res/templates/wizprogress06.bmp b/clientgui/res/templates/wizprogress06.bmp
deleted file mode 100644
index a23210e..0000000
Binary files a/clientgui/res/templates/wizprogress06.bmp and /dev/null differ
diff --git a/clientgui/res/templates/wizprogress07.bmp b/clientgui/res/templates/wizprogress07.bmp
deleted file mode 100644
index 0fe91fe..0000000
Binary files a/clientgui/res/templates/wizprogress07.bmp and /dev/null differ
diff --git a/clientgui/res/templates/wizprogress08.bmp b/clientgui/res/templates/wizprogress08.bmp
deleted file mode 100644
index ed9794a..0000000
Binary files a/clientgui/res/templates/wizprogress08.bmp and /dev/null differ
diff --git a/clientgui/res/templates/wizprogress09.bmp b/clientgui/res/templates/wizprogress09.bmp
deleted file mode 100644
index e412a25..0000000
Binary files a/clientgui/res/templates/wizprogress09.bmp and /dev/null differ
diff --git a/clientgui/res/templates/wizprogress10.bmp b/clientgui/res/templates/wizprogress10.bmp
deleted file mode 100644
index 82e53cd..0000000
Binary files a/clientgui/res/templates/wizprogress10.bmp and /dev/null differ
diff --git a/clientgui/res/templates/wizprogress11.bmp b/clientgui/res/templates/wizprogress11.bmp
deleted file mode 100644
index 55118e0..0000000
Binary files a/clientgui/res/templates/wizprogress11.bmp and /dev/null differ
diff --git a/clientgui/res/templates/wizprogress12.bmp b/clientgui/res/templates/wizprogress12.bmp
deleted file mode 100644
index fa2fd85..0000000
Binary files a/clientgui/res/templates/wizprogress12.bmp and /dev/null differ
diff --git a/clientgui/res/templates/xfer.bmp b/clientgui/res/templates/xfer.bmp
deleted file mode 100644
index a082be1..0000000
Binary files a/clientgui/res/templates/xfer.bmp and /dev/null differ
diff --git a/clientgui/sg_BoincSimpleFrame.cpp b/clientgui/sg_BoincSimpleFrame.cpp
old mode 100644
new mode 100755
index ea66f7f..8af24e3
--- a/clientgui/sg_BoincSimpleFrame.cpp
+++ b/clientgui/sg_BoincSimpleFrame.cpp
@@ -74,6 +74,7 @@ BEGIN_EVENT_TABLE(CSimpleFrame, CBOINCBaseFrame)
     EVT_MENU(ID_HELPBOINCMANAGER, CSimpleFrame::OnHelpBOINC)
     EVT_MENU(ID_HELPBOINCWEBSITE, CSimpleFrame::OnHelpBOINC)
     EVT_MENU(wxID_ABOUT, CSimpleFrame::OnHelpAbout)
+	EVT_MENU(ID_EVENTLOG, CSimpleFrame::OnEventLog)
 END_EVENT_TABLE()
 
 
@@ -271,6 +272,11 @@ CSimpleFrame::CSimpleFrame(wxString title, wxIcon* icon, wxIcon* icon32, wxPoint
 #endif
 
     m_Shortcuts[0].Set(wxACCEL_NORMAL, WXK_HELP, ID_HELPBOINCMANAGER);
+#ifdef __WXMAC__
+    m_Shortcuts[1].Set(wxACCEL_CMD|wxACCEL_SHIFT, (int)'E', ID_EVENTLOG);
+#else
+    m_Shortcuts[1].Set(wxACCEL_CTRL|wxACCEL_SHIFT, (int)'E', ID_EVENTLOG);
+#endif
     m_pAccelTable = new wxAcceleratorTable(2, m_Shortcuts);
 
     SetAcceleratorTable(*m_pAccelTable);
@@ -670,6 +676,15 @@ void CSimpleFrame::OnConnect(CFrameEvent& WXUNUSED(event)) {
 }
 
 
+void CSimpleFrame::OnEventLog(wxCommandEvent& WXUNUSED(event)) {
+    wxLogTrace(wxT("Function Start/End"), wxT("CSimpleFrame::OnEventLog - Function Begin"));
+
+    wxGetApp().DisplayEventLog();
+
+    wxLogTrace(wxT("Function Start/End"), wxT("CSimpleFrame::OnEventLog - Function End"));
+}
+
+
 IMPLEMENT_DYNAMIC_CLASS(CSimpleGUIPanel, wxPanel)
 
 BEGIN_EVENT_TABLE(CSimpleGUIPanel, wxPanel)
diff --git a/clientgui/sg_BoincSimpleFrame.h b/clientgui/sg_BoincSimpleFrame.h
index b0d329d..7e5b08f 100644
--- a/clientgui/sg_BoincSimpleFrame.h
+++ b/clientgui/sg_BoincSimpleFrame.h
@@ -124,7 +124,8 @@ public:
     void OnReloadSkin( CFrameEvent& event );
     void OnRefreshView( CFrameEvent& event );
     void OnNotification( CFrameEvent& event );
-
+    void OnEventLog(wxCommandEvent& event);
+    
 	void SetMsgsDlgOpen(CDlgMessages* newDlgPtr) { dlgMsgsPtr = newDlgPtr; }
     bool isMessagesDlgOpen() { return (dlgMsgsPtr != NULL); }
 
@@ -136,7 +137,7 @@ protected:
 
 	wxMenuBar*          m_pMenubar;
     wxMenu*             m_pSubmenuSkins;
-    wxAcceleratorEntry  m_Shortcuts[1];
+    wxAcceleratorEntry  m_Shortcuts[2];
     wxAcceleratorTable* m_pAccelTable;
 
 	CSimpleGUIPanel* m_pBackgroundPanel;
diff --git a/clientgui/sg_PanelBase.cpp b/clientgui/sg_PanelBase.cpp
old mode 100644
new mode 100755
diff --git a/clientgui/sg_ProjectPanel.cpp b/clientgui/sg_ProjectPanel.cpp
old mode 100644
new mode 100755
diff --git a/clientgui/sg_TaskPanel.cpp b/clientgui/sg_TaskPanel.cpp
old mode 100644
new mode 100755
index 5cd70a5..5ec5511
--- a/clientgui/sg_TaskPanel.cpp
+++ b/clientgui/sg_TaskPanel.cpp
@@ -789,11 +789,10 @@ void CSimpleTaskPanel::GetApplicationAndProjectNames(RESULT* result, wxString* a
             strAppBuffer = wxString(state_result->avp->app_name, wxConvUTF8);
         }
         
-        if (avp->ncudas) {
-            strGPUBuffer = wxString(" (NVIDIA GPU)", wxConvUTF8);
-        }
-        if (avp->natis) {
-            strGPUBuffer = wxString(" (ATI GPU)", wxConvUTF8);
+        char buf[256];
+        if (avp->gpu_type) {
+            sprintf(buf, " (%s)", proc_type_name(avp->gpu_type));
+            strGPUBuffer = wxString(buf, wxConvUTF8);
         }
 
         appName->Printf(
@@ -937,10 +936,17 @@ void CSimpleTaskPanel::UpdateTaskSelectionList(bool reskin) {
     CMainDocument*      pDoc = wxGetApp().GetDocument();
     CSkinSimple* pSkinSimple = wxGetApp().GetSkinManager()->GetSimple();
 
+    static bool bAlreadyRunning = false;
+
     wxASSERT(pDoc);
     wxASSERT(pSkinSimple);
     wxASSERT(wxDynamicCast(pSkinSimple, CSkinSimple));
     
+    if (bAlreadyRunning) {
+        return;
+    }
+    bAlreadyRunning = true;
+    
     count = m_TaskSelectionCtrl->GetCount();
 	// Mark all inactive (this lets us loop only once)
     for (i=0; i<count; ++i) {
@@ -1109,6 +1115,9 @@ void CSimpleTaskPanel::UpdateTaskSelectionList(bool reskin) {
     if (needRefresh) {
         m_TaskSelectionCtrl->Refresh();
     }
+
+    bAlreadyRunning = false;
+
     wxLogTrace(wxT("Function Start/End"), wxT("CSimpleTaskPanel::UpdateTaskSelectionList - Function End"));
 }
 
diff --git a/clientgui/wizardex.cpp b/clientgui/wizardex.cpp
index f7be40f..38cfb0e 100644
--- a/clientgui/wizardex.cpp
+++ b/clientgui/wizardex.cpp
@@ -8,7 +8,7 @@
 //              3) Fixed ShowPage() bug on displaying bitmaps
 //              Robert Vazan (sizers)
 // Created:     15.08.99
-// RCS-ID:      $Id: wizardex.cpp 19603 2009-11-18 17:30:03Z romw $
+// RCS-ID:      $Id$
 // Copyright:   (c) 1999 Vadim Zeitlin <zeitlin at dptmaths.ens-cachan.fr>
 // Licence:     wxWindows licence
 ///////////////////////////////////////////////////////////////////////////////
diff --git a/clientgui/wizardex.h b/clientgui/wizardex.h
index 822f1f8..b89e65d 100644
--- a/clientgui/wizardex.h
+++ b/clientgui/wizardex.h
@@ -9,7 +9,7 @@
 //              Added wxWIZARD_HELP event
 //              Robert Vazan (sizers)
 // Created:     15.08.99
-// RCS-ID:      $Id: wizardex.h 19588 2009-11-17 19:19:50Z romw $
+// RCS-ID:      $Id$
 // Copyright:   (c) 1999 Vadim Zeitlin <zeitlin at dptmaths.ens-cachan.fr>
 // Licence:     wxWindows licence
 ///////////////////////////////////////////////////////////////////////////////
diff --git a/clientscr/Makefile.am b/clientscr/Makefile.am
index 7115ea7..51ed3cd 100644
--- a/clientscr/Makefile.am
+++ b/clientscr/Makefile.am
@@ -3,6 +3,7 @@
 
 include $(top_srcdir)/Makefile.incl
 
+AM_LDFLAGS += -lpthread
 if ENABLE_CLIENT_RELEASE
   AM_LDFLAGS += -static-libtool-libs
 ## for an entirely statically linked library, you may want to try
diff --git a/clientscr/progress/win/x64/boincscr.exe b/clientscr/progress/win/x64/boincscr.exe
new file mode 100644
index 0000000..b2357e2
Binary files /dev/null and b/clientscr/progress/win/x64/boincscr.exe differ
diff --git a/clientscr/progress/win/x86/boincscr.exe b/clientscr/progress/win/x86/boincscr.exe
new file mode 100644
index 0000000..3bd9de6
Binary files /dev/null and b/clientscr/progress/win/x86/boincscr.exe differ
diff --git a/clientscr/screensaver_x11.cpp b/clientscr/screensaver_x11.cpp
index a2e2649..2075f2a 100644
--- a/clientscr/screensaver_x11.cpp
+++ b/clientscr/screensaver_x11.cpp
@@ -23,7 +23,7 @@
 //
 // GL:  boincscr -root  \n\
 //
-// If your BOINC directory differs from /var/lib/boinc, you can use
+// If your BOINC directory differs from /var/lib/boinc-client, you can use
 // the -boinc_dir command line argument.
 //
 // When run, this screensaver connects to the BOINC client via RPC, asks for
@@ -63,8 +63,7 @@ extern "C" {
     It shows the text "screensaver loading" when redrwan.
     A client window may be xembedded into it, which will also be resized.
 */
-class scr_window
-{
+class scr_window {
 private:
   /// X server connection
   xcb_connection_t *con;
@@ -94,17 +93,15 @@ private:
   /// Small helper function to convert std::string to xcb_char2b_t*
   /** Remember to delete[] the returned string.
    */
-  xcb_char2b_t *char2b(std::string str)
-  {
+  xcb_char2b_t *char2b(std::string str) {
     xcb_char2b_t *s = new xcb_char2b_t[str.size()];
     if(!s) return NULL;
-    for(int c = 0; c < str.size(); c++)
-      {
+    for(int c = 0; c < str.size(); c++) {
         s[c].byte1 = '\0';
         s[c].byte2 = str[c];
-      }
+    }
     return s;
-  }
+}
 
 public:
   /// Constructs the screensaver window.
@@ -124,28 +121,24 @@ public:
     if(!parent) parent = scr->root;
 
     // use parent window size when not in windowed mode
-    if(!windowed)
-      {
-	xcb_get_geometry_cookie_t geo_cookie = xcb_get_geometry(con, parent);
-	xcb_get_geometry_reply_t *reply =
-	  xcb_get_geometry_reply(con, geo_cookie, &error);
-	if(error)
-	  {
-	    std::cerr << "Could not get parent window geometry." << std::endl;
-	    exit(1);
-	  }
-	width = reply->width;
-	height = reply->height;
-	free(reply);
-      }
-    else // use some defaults in windowed mode
-      {
-	width = 640;
-	height = 480;
-      }
+    if(!windowed) {
+        xcb_get_geometry_cookie_t geo_cookie = xcb_get_geometry(con, parent);
+        xcb_get_geometry_reply_t *reply =
+          xcb_get_geometry_reply(con, geo_cookie, &error);
+        if(error) {
+            std::cerr << "Could not get parent window geometry." << std::endl;
+            exit(1);
+        }
+        width = reply->width;
+        height = reply->height;
+        free(reply);
+    } else {
+        // use some defaults in windowed mode
+        width = 640;
+        height = 480;
+    }
 
-    if(windowed)
-      {
+    if(windowed) {
         // create a black maybe override-redirected window
         // and register for expose and resize events.
         mask = XCB_CW_BACK_PIXEL | XCB_CW_OVERRIDE_REDIRECT | XCB_CW_EVENT_MASK;
@@ -153,23 +146,22 @@ public:
         values[1] = !windowed; // only if in fullscreen mode, otherwise normal window
         values[2] = XCB_EVENT_MASK_EXPOSURE | XCB_EVENT_MASK_STRUCTURE_NOTIFY;
         win = xcb_generate_id(con);
-        cookie = xcb_create_window_checked(con, XCB_COPY_FROM_PARENT, win,
-                                           parent, 0, 0, width, height, 0,
-                                           XCB_WINDOW_CLASS_INPUT_OUTPUT,
-                                           scr->root_visual, mask, values);
+        cookie = xcb_create_window_checked(
+            con, XCB_COPY_FROM_PARENT, win,
+            parent, 0, 0, width, height, 0,
+            XCB_WINDOW_CLASS_INPUT_OUTPUT,
+            scr->root_visual, mask, values
+        );
         error = xcb_request_check(con, cookie);
-        if(error)
-          {
+        if(error) {
             std::cerr << "Could not create window." << std::endl;
             exit(1);
-          }
+        }
 
         // map the window on the screen
         xcb_map_window(con, win);
         xcb_flush(con);
-      }
-    else
-      {
+    } else {
         // directly use the parent window
         win = parent;
 
@@ -181,12 +173,11 @@ public:
           xcb_change_window_attributes(con, win, mask, values);
 
         xcb_generic_error_t *error = xcb_request_check(con, cookie);
-        if(error)
-          {
+        if(error) {
             std::cerr << "Could not configure window." << std::endl;
             exit(1);
-          }
-      } 
+        }
+    } 
 
     // open a font. "fixed" should hopefully be available everywhere
     font = xcb_generate_id(con);
@@ -194,11 +185,10 @@ public:
     cookie = xcb_open_font_checked(con, font, font_name.size(),
                                    font_name.c_str());
     error = xcb_request_check(con, cookie);
-    if(error)
-      {
+    if(error) {
         std::cerr << "Could not open font " << font_name << "." << std::endl;
         exit(1);
-      }
+    }
 
     // allocate white text graphics context with above font
     txt_gc = xcb_generate_id(con);
@@ -207,30 +197,26 @@ public:
     values[1] = font;
     cookie = xcb_create_gc_checked(con, txt_gc, win, mask, values);
     error = xcb_request_check(con, cookie);
-    if(error)
-      {
+    if(error) {
         std::cerr << "Could not create graphics context." << std::endl;
         exit(1);
-      }
+    }
   }
 
   /// Destructor
-  ~scr_window()
-  {
+  ~scr_window() {
     // clean up
     xcb_unmap_window(con, win);
     xcb_destroy_window(con, win);
   }
 
   /// Returns the window id.
-  xcb_window_t get_window_id()
-  {
+  xcb_window_t get_window_id() {
     return win;
   }
 
   /// Sets the text to be drawn
-  void set_text(std::string txt)
-  {
+  void set_text(std::string txt) {
     text = txt;
     redraw();
   }
@@ -239,8 +225,7 @@ public:
   /** Draws a black background with white text.
       Should be calld when an expose event is received.
   */
-  void redraw()
-  {
+  void redraw() {
     // convert the text to be displayed.
     xcb_char2b_t *str = char2b(text);
 
@@ -269,14 +254,12 @@ public:
   /// Notifies the window on resizes and resizes the client, if any.
   /** Should be called when a configure notify event is received.
    */
-  void resize(uint16_t w, uint16_t h)
-  {
+  void resize(uint16_t w, uint16_t h) {
     width = w;
     height = h;
     
     // resize client window, if any.
-    if(client_win)
-      {
+    if(client_win) {
         // moving the client back to (0, 0) is required when maximizing
         uint32_t values[4] = { 0, 0, width, height };
         uint32_t mask = XCB_CONFIG_WINDOW_X |XCB_CONFIG_WINDOW_Y |
@@ -289,13 +272,12 @@ public:
           {
             std::cerr << "Could not resize client." << std::endl;
             exit(1);
-          }
-      }
-  }
+        }
+    }
+}
 
   /// Xembeds a X window
-  void xembed(xcb_window_t client)
-  {
+  void xembed(xcb_window_t client) {
     client_win = client;
     uint32_t values[4];
     uint32_t mask;
@@ -310,21 +292,19 @@ public:
     cookie = xcb_configure_window_checked(con, client_win, mask, values);
 
     error = xcb_request_check(con, cookie);
-    if(error)
-      {
+    if(error) {
         std::cerr << "Could not change client attributes." << std::endl;
         exit(1);
-      }
+    }
 
     // reparent client
     cookie = xcb_reparent_window_checked(con, client_win, win, 0, 0);
 
     error = xcb_request_check(con, cookie);
-    if(error)
-      {
+    if(error) {
         std::cerr << "Could not reparent client." << std::endl;
         exit(1);
-      }
+    }
     
     // move and resize client window
     values[0] = 0;
@@ -336,11 +316,10 @@ public:
     cookie = xcb_configure_window_checked(con, client_win, mask, values);
 
     error = xcb_request_check(con, cookie);
-    if(error)
-      {
+    if(error) {
         std::cerr << "Could not resize client." << std::endl;
         exit(1);
-      }
+    }
 
     // make client overwrite-redirected
     values[0] = true;
@@ -348,11 +327,10 @@ public:
     cookie = xcb_change_window_attributes(con, client_win, mask, values);
 
     error = xcb_request_check(con, cookie);
-    if(error)
-      {
+    if(error) {
         std::cerr << "Could not change client attributes." << std::endl;
         exit(1);
-      }
+    }
   }
 };
 
@@ -360,15 +338,12 @@ xcb_connection_t *con;
 scr_window *window;
 
 /// X event loop
-void *event_loop(void*)
-{
+void *event_loop(void*) {
   xcb_generic_event_t *event;
 
   // wait for X events and process them
-  while((event = xcb_wait_for_event(con)))
-    {
-      switch(event->response_type & ~0x80)
-        {
+  while((event = xcb_wait_for_event(con))) {
+      switch(event->response_type & ~0x80) {
         case XCB_EXPOSE:
           {
             xcb_expose_event_t *expose_event
@@ -376,7 +351,7 @@ void *event_loop(void*)
             
             // ignore the expose event, if there are more waiting.
             if(!expose_event->count && window && window->get_window_id() ==
-	       expose_event->window) window->redraw();
+               expose_event->window) window->redraw();
             break;
           }
         case XCB_CONFIGURE_NOTIFY:
@@ -395,27 +370,25 @@ void *event_loop(void*)
           break;
         }
       free(event);
-    }
-  pthread_exit(0);
+   }
+   pthread_exit(0);
 }
 
 /// Program entry point.
-int main(int argc, char *argv[])
-{
+int main(int argc, char *argv[]) {
   unsigned long int window_id = 0;
   bool windowed = true;
-  std::string boinc_wd = "/var/lib/boinc";
+  std::string boinc_wd = "/var/lib/boinc-client";
 
   // parse command line
-  for(int c = 0; c < argc; c++)
-    {
+  for(int c = 0; c < argc; c++) {
       std::string option = argv[c];
       if(option == "-window-id" && argv[c+1])
-	sscanf(argv[++c], "%lx", &window_id);
+        sscanf(argv[++c], "%lx", &window_id);
       else if(option == "-root")
-	windowed = false;
+        windowed = false;
       else if (option == "-window")
-	windowed = true;
+        windowed = true;
       else if (option == "-boinc_dir")
         if(argv[++c])
           boinc_wd = argv[c];
@@ -423,30 +396,27 @@ int main(int argc, char *argv[])
 
   // if no -window-id command line argument is given,
   // look for the XSCREENSAVER_WINDOW environment variable
-  if(!window_id)
-    {
+  if(!window_id) {
       char *xssw = getenv("XSCREENSAVER_WINDOW");
-      if(xssw && *xssw)
-        {
+      if(xssw && *xssw) {
           unsigned long int id = 0;
           char c;
           if (sscanf(xssw, "0x%lx %c", &id, &c) == 1 ||
               sscanf(xssw, "%lu %c", &id, &c) == 1)
             window_id = id;
-        }
-    }
+      }
+  }
 
   // connect to the X server using $DISPLAY
   int screen_num = 0;
   con = xcb_connect(NULL, &screen_num);
 
-  if(!con)
-    {
+  if(!con) {
       std::cerr << "Cannot connect to your X server." << std::endl
                 << "Please check if it's running and whether your DISPLAY "
                 << "environment variable is set correctly." << std::endl;
       return 1;
-    }
+   }
 
   // get default screen
   xcb_screen_t *screen;
@@ -460,37 +430,33 @@ int main(int argc, char *argv[])
 
   // start the X event loop
   pthread_t thread;
-  if(pthread_create(&thread, NULL, event_loop, NULL))
-    {
+  if(pthread_create(&thread, NULL, event_loop, NULL)) {
       std::cerr << "Could not create a thread." << std::endl;
       exit(1);
-    }
+  }
 
   // try to connect
   RPC_CLIENT *rpc = new RPC_CLIENT;
-  if(rpc->init(NULL))
-    {
+  if(rpc->init(NULL)) {
       window->set_text("boinc not running");
       pthread_join(thread, NULL);
       return 0;
-    }
+  }
 
   // get results that support graphics
   RESULTS results;
-  while(true)
-    {
+  while(true) {
       int suspend_reason = 0;
       rpc->get_screensaver_tasks(suspend_reason, results);
       if(results.results.empty()) sleep(10);
       else break;
-    }
+  }
 
   srandom(time(NULL));
   std::string graphics_cmd = "graphics_app";
   // the loop skips projects that do not yet
   // support the graphics_app soft link.
-  while(graphics_cmd == "graphics_app")
-    {
+  while(graphics_cmd == "graphics_app") {
       // select a random result
       int n = random() % results.results.size();
       RESULT *result = results.results[n];
@@ -499,83 +465,79 @@ int main(int argc, char *argv[])
       std::stringstream stream;
       stream << boinc_wd << "/slots/" << result->slot << "/";
       std::string slot_dir = stream.str();
-      if(chdir(slot_dir.c_str()))
-        {
+      if(chdir(slot_dir.c_str())) {
           perror("chdir");
           exit(1);
-        }
+      }
 
       // resolve graphics_app soft link
       boinc_resolve_filename_s(graphics_cmd.c_str(), graphics_cmd);
-    }
+  }
 
   // fork and...
   pid_t pid = fork();
-  if(pid == -1)
-    {
+  if(pid == -1) {
       perror("fork");
       exit(1);
-    }
+  }
 
   // ...spawn graphics app
   if(!pid) // child
-    if(execl(graphics_cmd.c_str(), graphics_cmd.c_str(), NULL))
-      {
+    if(execl(graphics_cmd.c_str(), graphics_cmd.c_str(), NULL)) {
         perror("exec");
         exit(1);
-      }
+    }
 
   // look for our graphics app
   // do this 10 times, every 1/2 seconds, then give up.
+  //
   xcb_window_t client = 0;
-  for(int n = 0; n < 10; n++)
-    {
+  for(int n = 0; n < 10; n++) {
       // get list of x clients
-      xcb_atom_t NET_CLIENT_LIST = xcb_atom_get(con, "_NET_CLIENT_LIST");
+      xcb_intern_atom_cookie_t cookie0=xcb_intern_atom(
+            con, 0, strlen("_NET_CLIENT_LIST"), "_NET_CLIENT_LIST"
+      );
+      xcb_intern_atom_reply_t *reply0=xcb_intern_atom_reply(con, cookie0, NULL);
+
       xcb_get_property_cookie_t cookie =
-        xcb_get_property(con, 0, screen->root, NET_CLIENT_LIST, WINDOW, 0,
-                        std::numeric_limits<uint32_t>::max());
+        xcb_get_property(con, 0, screen->root, reply0->atom, XCB_ATOM_WINDOW, 0,
+                         std::numeric_limits<uint32_t>::max());
 
       xcb_generic_error_t  *error;
       xcb_get_property_reply_t *reply =
         xcb_get_property_reply(con, cookie, &error);
-      if(error)
-        {
+      if(error) {
           std::cerr << "Could not get client list." << std::endl;
           exit(1);
-        }
+      }
 
       xcb_window_t *clients =
         static_cast<xcb_window_t*>(xcb_get_property_value(reply));
 
       // check if one of them is our graphics app
-      for(int c = 0; c < reply->length; c++)
-        {
+      for(int c = 0; c < reply->length; c++) {
           xcb_get_property_reply_t *reply2;
 
           // check WM_COMMAND
-          cookie = xcb_get_property(con, 0, clients[c], WM_COMMAND, STRING,
+          cookie = xcb_get_property(con, 0, clients[c], XCB_ATOM_WM_COMMAND, XCB_ATOM_STRING,
                                     0, std::numeric_limits<uint32_t>::max());
           reply2 = xcb_get_property_reply(con, cookie, &error);
-          if(!error) // ignore errors
-            {
+          if(!error) {  // ignore errors 
               char *command = static_cast<char*>(xcb_get_property_value(reply2));
       
-              if(command && graphics_cmd == command)
-                {
+              if(command && graphics_cmd == command) {
                   client = clients[c];
                   break;
-                }
+              }
 
               free(reply2);
-            }
+          }
 
           // check WM_CLASS
-          cookie = xcb_get_property(con, 0, clients[c], WM_CLASS, STRING,
+          cookie = xcb_get_property(con, 0, clients[c], XCB_ATOM_WM_CLASS, XCB_ATOM_STRING,
                                     0, std::numeric_limits<uint32_t>::max());
           reply2 = xcb_get_property_reply(con, cookie, &error);
-          if(!error) // ignore errors
-            {
+          if(!error) {  // ignore errors 
               char *clas = static_cast<char*>(xcb_get_property_value(reply2));
 
               size_t pos = graphics_cmd.find_last_of('/');
@@ -583,25 +545,24 @@ int main(int argc, char *argv[])
               if(pos == std::string::npos) executable = graphics_cmd;
               else executable = graphics_cmd.substr(pos + 1);
 
-              if(clas && executable == clas)
-                {
+              if(clas && executable == clas) {
                   client = clients[c];
                   break;
                 }
               
               free(reply2);
-            }
+          }
 
           // More checks are possible, but a single method for all graphics
           // applications would be preferred, such as WM_CLASS = "BOINC".
-        }
+      }
 
       free(reply);
 
       if(client) break;
 
       usleep(500000);
-    }
+  }
 
   // if the client window was found, xembed it
   if(client)
diff --git a/configure.ac b/configure.ac
index 2f62716..37ba36d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,12 +1,12 @@
 dnl -*- autoconf -*-
 
-dnl $Id: configure.ac 26100 2012-09-12 22:12:12Z romw $
+dnl $Id$
 
 dnl not sure exactly what the minimum version is (but 2.13 wont work)
 AC_PREREQ(2.58)
 
 dnl Set the BOINC version here.  You can also use the set-version script.
-AC_INIT(BOINC, 7.0.36)
+AC_INIT(BOINC, 7.0.38)
 AC_CONFIG_MACRO_DIR([m4])
 LIBBOINC_VERSION=`echo ${PACKAGE_VERSION} | sed 's/\./:/g'`
 AC_SUBST([LIBBOINC_VERSION])
@@ -19,8 +19,8 @@ AM_INIT_AUTOMAKE(dist-zip)
 
 AC_CONFIG_SRCDIR(lib/shmem.cpp)
 
-AC_REVISION([$Revision: 26100 $]) 
-REV=`echo '$Revision: 26100 $' | awk "{print $2}"`
+AC_REVISION([$Revision$]) 
+REV=`echo '$Revision$' | awk "{print $2}"`
 RDATE=`date '+%Y.%m.%d'`
 if test -d .svn ; then
   REV=`svn info | grep Revision | awk '{print $2}'`
diff --git a/coprocs/NVIDIA/include/nvapi.h b/coprocs/NVIDIA/include/nvapi.h
new file mode 100644
index 0000000..f771221
--- /dev/null
+++ b/coprocs/NVIDIA/include/nvapi.h
@@ -0,0 +1,1915 @@
+ /***************************************************************************\
+|*                                                                           *|
+|*      Copyright 2005-2008 NVIDIA Corporation.  All rights reserved.        *|
+|*                                                                           *|     
+|*   NOTICE TO USER:                                                         *|                 
+|*                                                                           *|
+|*   This source code is subject to NVIDIA ownership rights under U.S.       *|
+|*   and international Copyright laws.  Users and possessors of this         *| 
+|*   source code are hereby granted a nonexclusive, royalty-free             *|
+|*   license to use this code in individual and commercial software.         *|
+|*                                                                           *|
+|*   NVIDIA MAKES NO REPRESENTATION ABOUT THE SUITABILITY OF THIS SOURCE     *|
+|*   CODE FOR ANY PURPOSE. IT IS PROVIDED "AS IS" WITHOUT EXPRESS OR         *|
+|*   IMPLIED WARRANTY OF ANY KIND. NVIDIA DISCLAIMS ALL WARRANTIES WITH      *|
+|*   REGARD TO THIS SOURCE CODE, INCLUDING ALL IMPLIED WARRANTIES OF         *|
+|*   MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR          *|
+|*   PURPOSE. IN NO EVENT SHALL NVIDIA BE LIABLE FOR ANY SPECIAL,            *|
+|*   INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES          *|
+|*   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN      *|
+|*   AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING     *|
+|*   OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOURCE      *| 
+|*   CODE.                                                                   *|
+|*                                                                           *|
+|*   U.S. Government End Users. This source code is a "commercial item"      *|
+|*   as that term is defined at 48 C.F.R. 2.101 (OCT 1995), consisting       *|
+|*   of "commercial computer  software" and "commercial computer software    *|
+|*   documentation" as such terms are used in 48 C.F.R. 12.212 (SEPT 1995)   *|
+|*   and is provided to the U.S. Government only as a commercial end item.   *|
+|*   Consistent with 48 C.F.R.12.212 and 48 C.F.R. 227.7202-1 through        *|
+|*   227.7202-4 (JUNE 1995), all U.S. Government End Users acquire the       *|
+|*   source code with only those rights set forth herein.                    *|
+|*                                                                           *|
+|*   Any use of this source code in individual and commercial software must  *| 
+|*   include, in the user documentation and internal comments to the code,   *| 
+|*   the above Disclaimer and U.S. Government End Users Notice.              *|
+|*                                                                           *|
+|*                                                                           *|
+ \***************************************************************************/
+///////////////////////////////////////////////////////////////////////////////
+//
+// Date: Aug 24, 2008
+// File: nvapi.h
+//
+// NvAPI provides an interface to NVIDIA devices. This file contains the 
+// interface constants, structure definitions and function prototypes.
+//
+// Target Profile: developer
+// Target OS-Arch: windows
+//
+///////////////////////////////////////////////////////////////////////////////
+#ifndef _NVAPI_H
+#define _NVAPI_H
+
+#pragma pack(push,8) // Make sure we have consistent structure packings
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+// ====================================================
+// Universal NvAPI Definitions
+// ====================================================
+#ifndef _WIN32
+#define __cdecl
+#endif
+
+#define NVAPI_INTERFACE extern NvAPI_Status __cdecl 
+
+/* 64-bit types for compilers that support them, plus some obsolete variants */
+#if defined(__GNUC__) || defined(__arm) || defined(__IAR_SYSTEMS_ICC__) || defined(__ghs__) || defined(_WIN64)
+typedef unsigned long long NvU64; /* 0 to 18446744073709551615          */
+#else
+typedef unsigned __int64   NvU64; /* 0 to 18446744073709551615              */
+#endif
+
+// mac os 32-bit still needs this
+#if (defined(macintosh) || defined(__APPLE__)) && !defined(__LP64__)
+typedef signed long        NvS32; /* -2147483648 to 2147483647               */
+#else
+typedef signed int         NvS32; /* -2147483648 to 2147483647               */
+#endif
+
+typedef unsigned long    NvU32;
+typedef unsigned short   NvU16;
+typedef unsigned char    NvU8;
+
+#define NV_DECLARE_HANDLE(name) struct name##__ { int unused; }; typedef struct name##__ *name
+
+// NVAPI Handles - These handles are retrieved from various calls and passed in to others in NvAPI
+//                 These are meant to be opaque types.  Do not assume they correspond to indices, HDCs,
+//                 display indexes or anything else.
+//
+//                 Most handles remain valid until a display re-configuration (display mode set) or GPU
+//                 reconfiguration (going into or out of SLI modes) occurs.  If NVAPI_HANDLE_INVALIDATED
+//                 is received by an app, it should discard all handles, and re-enumerate them.
+//
+NV_DECLARE_HANDLE(NvDisplayHandle);            // Display Device driven by NVIDIA GPU(s) (an attached display)
+NV_DECLARE_HANDLE(NvUnAttachedDisplayHandle);  // Unattached Display Device driven by NVIDIA GPU(s)
+NV_DECLARE_HANDLE(NvLogicalGpuHandle);         // One or more physical GPUs acting in concert (SLI)
+NV_DECLARE_HANDLE(NvPhysicalGpuHandle);        // A single physical GPU
+NV_DECLARE_HANDLE(NvEventHandle);              // A handle to an event registration instance
+
+#define NVAPI_DEFAULT_HANDLE        0
+
+#define NVAPI_GENERIC_STRING_MAX    4096
+#define NVAPI_LONG_STRING_MAX       256
+#define NVAPI_SHORT_STRING_MAX      64
+
+typedef struct 
+{
+    NvS32   sX;
+    NvS32   sY;
+    NvS32   sWidth;
+    NvS32   sHeight;
+} NvSBox;
+
+#define NVAPI_MAX_PHYSICAL_GPUS             64
+#define NVAPI_MAX_LOGICAL_GPUS              64
+#define NVAPI_MAX_AVAILABLE_GPU_TOPOLOGIES  256
+#define NVAPI_MAX_GPU_TOPOLOGIES            NVAPI_MAX_PHYSICAL_GPUS
+#define NVAPI_MAX_GPU_PER_TOPOLOGY          8
+#define NVAPI_MAX_DISPLAY_HEADS             2
+#define NVAPI_MAX_DISPLAYS                  NVAPI_MAX_PHYSICAL_GPUS * NVAPI_MAX_DISPLAY_HEADS
+
+#define NV_MAX_HEADS        4   // Maximum heads, each with NVAPI_DESKTOP_RES resolution
+#define NV_MAX_VID_STREAMS  4   // Maximum input video streams, each with a NVAPI_VIDEO_SRC_INFO
+#define NV_MAX_VID_PROFILES 4   // Maximum output video profiles supported
+
+typedef char NvAPI_String[NVAPI_GENERIC_STRING_MAX];
+typedef char NvAPI_LongString[NVAPI_LONG_STRING_MAX];
+typedef char NvAPI_ShortString[NVAPI_SHORT_STRING_MAX];
+
+// =========================================================================================
+// NvAPI Version Definition
+// Maintain per structure specific version define using the MAKE_NVAPI_VERSION macro.
+// Usage: #define NV_GENLOCK_STATUS_VER  MAKE_NVAPI_VERSION(NV_GENLOCK_STATUS, 1)
+// =========================================================================================
+#define MAKE_NVAPI_VERSION(typeName,ver) (NvU32)(sizeof(typeName) | ((ver)<<16))
+#define GET_NVAPI_VERSION(ver) (NvU32)((ver)>>16)
+#define GET_NVAPI_SIZE(ver) (NvU32)((ver) & 0xffff)
+
+// ====================================================
+// NvAPI Status Values
+//    All NvAPI functions return one of these codes.
+// ====================================================
+
+
+typedef enum 
+{
+    NVAPI_OK                                    =  0,      // Success
+    NVAPI_ERROR                                 = -1,      // Generic error
+    NVAPI_LIBRARY_NOT_FOUND                     = -2,      // nvapi.dll can not be loaded
+    NVAPI_NO_IMPLEMENTATION                     = -3,      // not implemented in current driver installation
+    NVAPI_API_NOT_INTIALIZED                    = -4,      // NvAPI_Initialize has not been called (successfully)
+    NVAPI_INVALID_ARGUMENT                      = -5,      // invalid argument
+    NVAPI_NVIDIA_DEVICE_NOT_FOUND               = -6,      // no NVIDIA display driver was found
+    NVAPI_END_ENUMERATION                       = -7,      // no more to enum
+    NVAPI_INVALID_HANDLE                        = -8,      // invalid handle
+    NVAPI_INCOMPATIBLE_STRUCT_VERSION           = -9,      // an argument's structure version is not supported
+    NVAPI_HANDLE_INVALIDATED                    = -10,     // handle is no longer valid (likely due to GPU or display re-configuration)
+    NVAPI_OPENGL_CONTEXT_NOT_CURRENT            = -11,     // no NVIDIA OpenGL context is current (but needs to be)
+    NVAPI_NO_GL_EXPERT                          = -12,     // OpenGL Expert is not supported by the current drivers
+    NVAPI_INSTRUMENTATION_DISABLED              = -13,     // OpenGL Expert is supported, but driver instrumentation is currently disabled
+    NVAPI_EXPECTED_LOGICAL_GPU_HANDLE           = -100,    // expected a logical GPU handle for one or more parameters
+    NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE          = -101,    // expected a physical GPU handle for one or more parameters
+    NVAPI_EXPECTED_DISPLAY_HANDLE               = -102,    // expected an NV display handle for one or more parameters
+    NVAPI_INVALID_COMBINATION                   = -103,    // used in some commands to indicate that the combination of parameters is not valid
+    NVAPI_NOT_SUPPORTED                         = -104,    // Requested feature not supported in the selected GPU
+    NVAPI_PORTID_NOT_FOUND                      = -105,    // NO port ID found for I2C transaction
+    NVAPI_EXPECTED_UNATTACHED_DISPLAY_HANDLE    = -106,    // expected an unattached display handle as one of the input param
+    NVAPI_INVALID_PERF_LEVEL                    = -107,    // invalid perf level 
+    NVAPI_DEVICE_BUSY                           = -108,    // device is busy, request not fulfilled
+    NVAPI_NV_PERSIST_FILE_NOT_FOUND             = -109,    // NV persist file is not found
+    NVAPI_PERSIST_DATA_NOT_FOUND                = -110,    // NV persist data is not found
+    NVAPI_EXPECTED_TV_DISPLAY                   = -111,    // expected TV output display
+    NVAPI_EXPECTED_TV_DISPLAY_ON_DCONNECTOR     = -112,    // expected TV output on D Connector - HDTV_EIAJ4120.
+    NVAPI_NO_ACTIVE_SLI_TOPOLOGY                = -113,    // SLI is not active on this device
+    NVAPI_SLI_RENDERING_MODE_NOTALLOWED         = -114,    // setup of SLI rendering mode is not possible right now
+    NVAPI_EXPECTED_DIGITAL_FLAT_PANEL           = -115,    // expected digital flat panel
+    NVAPI_ARGUMENT_EXCEED_MAX_SIZE              = -116,    // argument exceeds expected size
+    NVAPI_DEVICE_SWITCHING_NOT_ALLOWED          = -117,    // inhibit ON due to one of the flags in NV_GPU_DISPLAY_CHANGE_INHIBIT or SLI Active
+    NVAPI_TESTING_CLOCKS_NOT_SUPPORTED          = -118,    // testing clocks not supported
+    NVAPI_UNKNOWN_UNDERSCAN_CONFIG              = -119,    // the specified underscan config is from an unknown source (e.g. INF)
+    NVAPI_TIMEOUT_RECONFIGURING_GPU_TOPO        = -120,    // timeout while reconfiguring GPUs
+    NVAPI_DATA_NOT_FOUND                        = -121,    // Requested data was not found
+    NVAPI_EXPECTED_ANALOG_DISPLAY               = -122,    // expected analog display
+    NVAPI_NO_VIDLINK                            = -123,    // No SLI video bridge present
+    NVAPI_REQUIRES_REBOOT                       = -124,    // NVAPI requires reboot for its settings to take effect
+    NVAPI_INVALID_HYBRID_MODE                   = -125,    // the function is not supported with the current hybrid mode.
+    NVAPI_MIXED_TARGET_TYPES                    = -126,    // The target types are not all the same
+    NVAPI_SYSWOW64_NOT_SUPPORTED                = -127,    // the function is not supported from 32-bit on a 64-bit system
+    NVAPI_IMPLICIT_SET_GPU_TOPOLOGY_CHANGE_NOT_ALLOWED = -128,    //there is any implicit GPU topo active. Use NVAPI_SetHybridMode to change topology.
+    NVAPI_REQUEST_USER_TO_CLOSE_NON_MIGRATABLE_APPS = -129,      //Prompt the user to close all non-migratable apps.    
+    NVAPI_OUT_OF_MEMORY                         = -130,    // Could not allocate sufficient memory to complete the call
+    NVAPI_WAS_STILL_DRAWING                     = -131,    // The previous operation that is transferring information to or from this surface is incomplete
+    NVAPI_FILE_NOT_FOUND                        = -132,    // The file was not found
+    NVAPI_TOO_MANY_UNIQUE_STATE_OBJECTS         = -133,    // There are too many unique instances of a particular type of state object
+    NVAPI_INVALID_CALL                          = -134,    // The method call is invalid. For example, a method's parameter may not be a valid pointer
+    NVAPI_D3D10_1_LIBRARY_NOT_FOUND             = -135,    // d3d10_1.dll can not be loaded
+    NVAPI_FUNCTION_NOT_FOUND                    = -136,    // Couldn't find the function in loaded dll library
+} NvAPI_Status;
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_Initialize
+//
+//   DESCRIPTION: Initializes NVAPI library. This must be called before any 
+//                other NvAPI_ function.
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_ERROR            Something is wrong during the initialization process (generic error)
+//                NVAPI_LIBRARYNOTFOUND  Can not load nvapi.dll
+//                NVAPI_OK                  Initialized
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_Initialize();
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GetErrorMessage
+//
+//   DESCRIPTION: converts an NvAPI error code into a null terminated string
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: null terminated string (always, never NULL)
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GetErrorMessage(NvAPI_Status nr,NvAPI_ShortString szDesc);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GetInterfaceVersionString
+//
+//   DESCRIPTION: Returns a string describing the version of the NvAPI library.
+//                Contents of the string are human readable.  Do not assume a fixed
+//                format.
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: User readable string giving info on NvAPI's version
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GetInterfaceVersionString(NvAPI_ShortString szDesc);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GetDisplayDriverVersion
+//
+//   DESCRIPTION: Returns a struct that describes aspects of the display driver
+//                build.
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_ERROR or NVAPI_OK
+//
+///////////////////////////////////////////////////////////////////////////////
+typedef struct 
+{
+    NvU32              version;             // Structure version
+    NvU32              drvVersion;           
+    NvU32              bldChangeListNum;     
+    NvAPI_ShortString  szBuildBranchString; 
+    NvAPI_ShortString  szAdapterString;
+} NV_DISPLAY_DRIVER_VERSION;
+#define NV_DISPLAY_DRIVER_VERSION_VER  MAKE_NVAPI_VERSION(NV_DISPLAY_DRIVER_VERSION,1)
+NVAPI_INTERFACE NvAPI_GetDisplayDriverVersion(NvDisplayHandle hNvDisplay, NV_DISPLAY_DRIVER_VERSION *pVersion);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_EnumNvidiaDisplayHandle
+//
+//   DESCRIPTION: Returns the handle of the NVIDIA display specified by the enum 
+//                index (thisEnum). The client should keep enumerating until it
+//                returns NVAPI_END_ENUMERATION.
+//
+//                Note: Display handles can get invalidated on a modeset, so the calling applications need to 
+//                renum the handles after every modeset.
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: either the handle pointer is NULL or enum index too big
+//                NVAPI_OK: return a valid NvDisplayHandle based on the enum index
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA device found in the system
+//                NVAPI_END_ENUMERATION: no more display device to enumerate.
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_EnumNvidiaDisplayHandle(NvU32 thisEnum, NvDisplayHandle *pNvDispHandle);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_EnumNvidiaUnAttachedDisplayHandle
+//
+//   DESCRIPTION: Returns the handle of the NVIDIA UnAttached display specified by the enum 
+//                index (thisEnum). The client should keep enumerating till it
+//                return error.
+//
+//                Note: Display handles can get invalidated on a modeset, so the calling applications need to 
+//                renum the handles after every modeset.
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: either the handle pointer is NULL or enum index too big
+//                NVAPI_OK: return a valid NvDisplayHandle based on the enum index
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA device found in the system
+//                NVAPI_END_ENUMERATION: no more display device to enumerate.
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_EnumNvidiaUnAttachedDisplayHandle(NvU32 thisEnum, NvUnAttachedDisplayHandle *pNvUnAttachedDispHandle);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_EnumPhysicalGPUs
+//
+//   DESCRIPTION: Returns an array of physical GPU handles.
+//
+//                Each handle represents a physical GPU present in the system.
+//                That GPU may be part of a SLI configuration, or not be visible to the OS directly.
+//
+//                At least 1 GPU must be present in the system and running an NV display driver.
+//
+//                The array nvGPUHandle will be filled with physical GPU handle values.  The returned
+//                gpuCount determines how many entries in the array are valid.
+//
+//                Note: In drivers older than 105.00, all physical GPU handles get invalidated on a modeset. So the calling applications 
+//                      need to renum the handles after every modeset. 
+//                      With drivers 105.00 and up all physical GPU handles are constant.
+//                      Physical GPU handles are constant as long as the GPUs are not physically moved and the SBIOS VGA order is unchanged.
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: nvGPUHandle or pGpuCount is NULL
+//                NVAPI_OK: one or more handles were returned
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_EnumPhysicalGPUs(NvPhysicalGpuHandle nvGPUHandle[NVAPI_MAX_PHYSICAL_GPUS], NvU32 *pGpuCount);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_EnumLogicalGPUs
+//
+//   DESCRIPTION: Returns an array of logical GPU handles.
+//
+//                Each handle represents one or more GPUs acting in concert as a single graphics device.
+//
+//                At least 1 GPU must be present in the system and running an NV display driver.
+//
+//                The array nvGPUHandle will be filled with logical GPU handle values.  The returned
+//                gpuCount determines how many entries in the array are valid.
+//
+//                Note: All logical GPUs handles get invalidated on a GPU topology change, so the calling application is required to 
+//                renum the logical GPU handles to get latest physical handle mapping after every GPU topology change activated 
+//                by a call to NvAPI_SetGpuTopologies.
+//
+//                To detect if SLI rendering is enabled please use NvAPI_D3D_GetCurrentSLIState
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: nvGPUHandle or pGpuCount is NULL
+//                NVAPI_OK: one or more handles were returned
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_EnumLogicalGPUs(NvLogicalGpuHandle nvGPUHandle[NVAPI_MAX_LOGICAL_GPUS], NvU32 *pGpuCount);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GetPhysicalGPUsFromDisplay
+//
+//   DESCRIPTION: Returns an array of physical GPU handles associated with the specified display.
+//
+//                At least 1 GPU must be present in the system and running an NV display driver.
+//
+//                The array nvGPUHandle will be filled with physical GPU handle values.  The returned
+//                gpuCount determines how many entries in the array are valid.
+//
+//                If the display corresponds to more than one physical GPU, the first GPU returned
+//                is the one with the attached active output.
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hNvDisp is not valid; nvGPUHandle or pGpuCount is NULL
+//                NVAPI_OK: one or more handles were returned
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GetPhysicalGPUsFromDisplay(NvDisplayHandle hNvDisp, NvPhysicalGpuHandle nvGPUHandle[NVAPI_MAX_PHYSICAL_GPUS], NvU32 *pGpuCount);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GetPhysicalGPUFromUnAttachedDisplay
+//
+//   DESCRIPTION: Returns a physical GPU handle associated with the specified unattached display.
+//
+//                At least 1 GPU must be present in the system and running an NV display driver.
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hNvUnAttachedDisp is not valid or pPhysicalGpu is NULL.
+//                NVAPI_OK: one or more handles were returned
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GetPhysicalGPUFromUnAttachedDisplay(NvUnAttachedDisplayHandle hNvUnAttachedDisp, NvPhysicalGpuHandle *pPhysicalGpu);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_CreateDisplayFromUnAttachedDisplay
+//
+//   DESCRIPTION: The unattached display handle is converted to a active attached display handle.
+//
+//                At least 1 GPU must be present in the system and running an NV display driver.
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hNvUnAttachedDisp is not valid or pNvDisplay is NULL.
+//                NVAPI_OK: one or more handles were returned
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_CreateDisplayFromUnAttachedDisplay(NvUnAttachedDisplayHandle hNvUnAttachedDisp, NvDisplayHandle *pNvDisplay);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GetLogicalGPUFromDisplay
+//
+//   DESCRIPTION: Returns the logical GPU handle associated with the specified display.
+//
+//                At least 1 GPU must be present in the system and running an NV display driver.
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hNvDisp is not valid; pLogicalGPU is NULL
+//                NVAPI_OK: one or more handles were returned
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GetLogicalGPUFromDisplay(NvDisplayHandle hNvDisp, NvLogicalGpuHandle *pLogicalGPU);
+ 
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GetLogicalGPUFromPhysicalGPU
+//
+//   DESCRIPTION: Returns the logical GPU handle associated with specified physical GPU handle.
+//
+//                At least 1 GPU must be present in the system and running an NV display driver.
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hPhysicalGPU is not valid; pLogicalGPU is NULL
+//                NVAPI_OK: one or more handles were returned
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GetLogicalGPUFromPhysicalGPU(NvPhysicalGpuHandle hPhysicalGPU, NvLogicalGpuHandle *pLogicalGPU);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GetPhysicalGPUsFromLogicalGPU
+//
+//   DESCRIPTION: Returns the physical GPU handles associated with the specified logical GPU handle.
+//
+//                At least 1 GPU must be present in the system and running an NV display driver.
+//
+//                The array hPhysicalGPU will be filled with physical GPU handle values.  The returned
+//                gpuCount determines how many entries in the array are valid.
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hLogicalGPU is not valid; hPhysicalGPU is NULL
+//                NVAPI_OK: one or more handles were returned
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_LOGICAL_GPU_HANDLE: hLogicalGPU was not a logical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GetPhysicalGPUsFromLogicalGPU(NvLogicalGpuHandle hLogicalGPU,NvPhysicalGpuHandle hPhysicalGPU[NVAPI_MAX_PHYSICAL_GPUS], NvU32 *pGpuCount);
+   
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GetAssociatedNvidiaDisplayHandle
+//
+//   DESCRIPTION: Returns the handle of the NVIDIA display that is associated
+//                with the display name given.  Eg: "\\DISPLAY1"
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: either argument is NULL
+//                NVAPI_OK: *pNvDispHandle is now valid
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA device maps to that display name
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GetAssociatedNvidiaDisplayHandle(const char *szDisplayName, NvDisplayHandle *pNvDispHandle);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GetAssociatedNvidiaDisplayName
+//
+//   DESCRIPTION: Returns the display name given.  Eg: "\\DISPLAY1" using the NVIDIA display handle
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: either argument is NULL
+//                NVAPI_OK: *pNvDispHandle is now valid
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA device maps to that display name
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GetAssociatedNvidiaDisplayName(NvDisplayHandle NvDispHandle, NvAPI_ShortString szDisplayName);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GetUnAttachedAssociatedDisplayName
+//
+//   DESCRIPTION: Returns the display name given.  Eg: "\\DISPLAY1" using the NVIDIA unattached display handle
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: either argument is NULL
+//                NVAPI_OK: *pNvDispHandle is now valid
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA device maps to that display name
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GetUnAttachedAssociatedDisplayName(NvUnAttachedDisplayHandle hNvUnAttachedDisp, NvAPI_ShortString szDisplayName);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_EnableHWCursor
+//
+//   DESCRIPTION: Enable hardware cursor support
+//
+//  SUPPORTED OS: Windows XP
+//
+// RETURN STATUS: NVAPI_ERROR or NVAPI_OK
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_EnableHWCursor(NvDisplayHandle hNvDisplay);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_DisableHWCursor
+//
+//   DESCRIPTION: Disable hardware cursor support
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_ERROR or NVAPI_OK
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_DisableHWCursor(NvDisplayHandle hNvDisplay);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GetVBlankCounter
+//
+//   DESCRIPTION: get vblank counter
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_ERROR or NVAPI_OK
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GetVBlankCounter(NvDisplayHandle hNvDisplay, NvU32 *pCounter);
+
+///////////////////////////////////////////////////////////////////////////////
+// FUNCTION NAME: NvAPI_SetRefreshRateOverride
+//   DESCRIPTION: Override the refresh rate on the given  display/outputsMask.
+//                The new refresh rate can be applied right away in this API call or deferred to happen with the
+//                next OS modeset. The override is only good for one modeset (doesn't matter it's deferred or immediate).
+//
+//  SUPPORTED OS: Windows XP
+//               
+//
+//         INPUT: hNvDisplay - the NVIDIA display handle. It can be NVAPI_DEFAULT_HANDLE or a handle
+//                             enumerated from NvAPI_EnumNVidiaDisplayHandle().
+//                
+//                outputsMask - a set of bits that identify all target outputs which are associated with the NVIDIA 
+//                              display handle to apply the refresh rate override. Note when SLI is enabled,  the
+//                              outputsMask only applies to the GPU that is driving the display output.
+//
+//                refreshRate - the override value. "0.0" means cancel the override.
+//                              
+//
+//                bSetDeferred - "0": apply the refresh rate override immediately in this API call.
+//                               "1":  apply refresh rate at the next OS modeset.
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hNvDisplay or outputsMask is invalid
+//                NVAPI_OK: the refresh rate override is correct set
+//                NVAPI_ERROR: the operation failed
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_SetRefreshRateOverride(NvDisplayHandle hNvDisplay, NvU32 outputsMask, float refreshRate, NvU32 bSetDeferred);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GetAssociatedDisplayOutputId
+//
+//   DESCRIPTION: Gets the active outputId associated with the display handle.
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+//    PARAMETERS: hNvDisplay(IN) - NVIDIA Display selection. It can be NVAPI_DEFAULT_HANDLE or a handle enumerated from NvAPI_EnumNVidiaDisplayHandle().
+//                outputId(OUT)  - The active display output id associated with the selected display handle hNvDisplay.
+//                                 The outputid will have only one bit set. In case of clone or span this  will indicate the display
+//                                 outputId of the primary display that the GPU is driving.
+// RETURN STATUS: NVAPI_OK: call successful.
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found.
+//                NVAPI_EXPECTED_DISPLAY_HANDLE: hNvDisplay is not a valid display handle.
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GetAssociatedDisplayOutputId(NvDisplayHandle hNvDisplay, NvU32 *pOutputId);
+
+///////////////////////////////////////////////////////////////////////////////
+// FUNCTION NAME:   NvAPI_GetDisplayPortInfo
+//
+// DESCRIPTION:     This API returns the current DP related into on the specified device(monitor)
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// PARAMETERS:      hNvDisplay(IN) - NVIDIA Display selection. It can be NVAPI_DEFAULT_HANDLE or a handle enumerated from NvAPI_EnumNVidiaDisplayHandle().
+//                  outputId(IN)   - The display output id. If it's "0" then the default outputId from NvAPI_GetAssociatedDisplayOutputId() will be used.
+//                  pInfo(OUT)     - The display port info
+//
+// RETURN STATUS: 
+//                  NVAPI_OK - completed request
+//                  NVAPI_ERROR - miscellaneous error occurred
+//                  NVAPI_INVALID_ARGUMENT: Invalid input parameter.
+//
+///////////////////////////////////////////////////////////////////////////////
+typedef enum
+{
+    NV_DP_1_62GBPS            = 6,
+    NV_DP_2_70GBPS            = 0xA,
+} NV_DP_LINK_RATE;
+
+typedef enum
+{
+    NV_DP_1_LANE              = 1,
+    NV_DP_2_LANE              = 2,
+    NV_DP_4_LANE              = 4,
+} NV_DP_LANE_COUNT;
+
+typedef enum
+{
+    NV_DP_COLOR_FORMAT_RGB     = 0,
+    NV_DP_COLOR_FORMAT_YCbCr422,
+    NV_DP_COLOR_FORMAT_YCbCr444,
+} NV_DP_COLOR_FORMAT;
+
+typedef enum
+{
+    NV_DP_COLORIMETRY_RGB = 0,
+    NV_DP_COLORIMETRY_YCbCr_ITU601,
+    NV_DP_COLORIMETRY_YCbCr_ITU709,
+} NV_DP_COLORIMETRY;
+
+typedef enum
+{
+    NV_DP_DYNAMIC_RANGE_VESA  = 0,
+    NV_DP_DYNAMIC_RANGE_CEA,
+} NV_DP_DYNAMIC_RANGE;
+
+typedef enum
+{
+    NV_DP_BPC_DEFAULT         = 0,
+    NV_DP_BPC_6,
+    NV_DP_BPC_8,
+    NV_DP_BPC_10,
+    NV_DP_BPC_12,
+    NV_DP_BPC_16,
+} NV_DP_BPC;
+
+typedef struct
+{
+    NvU32               version;                     // structure version
+    NvU32               dpcd_ver;                    // the DPCD version of the monitor
+    NV_DP_LINK_RATE     maxLinkRate;                 // the max supported link rate
+    NV_DP_LANE_COUNT    maxLaneCount;                // the max supported lane count
+    NV_DP_LINK_RATE     curLinkRate;                 // the current link rate
+    NV_DP_LANE_COUNT    curLaneCount;                // the current lane count
+    NV_DP_COLOR_FORMAT  colorFormat;                 // the current color format
+    NV_DP_DYNAMIC_RANGE dynamicRange;                // the dynamic range
+    NV_DP_COLORIMETRY   colorimetry;                 // ignored in RGB space
+    NV_DP_BPC           bpc;                         // the current bit-per-component;
+    NvU32               isDp                   : 1;  // if the monitor is driven by display port 
+    NvU32               isInternalDp           : 1;  // if the monitor is driven by NV Dp transmitter
+    NvU32               isColorCtrlSupported   : 1;  // if the color format change is supported
+    NvU32               is6BPCSupported        : 1;  // if 6 bpc is supported
+    NvU32               is8BPCSupported        : 1;  // if 8 bpc is supported    
+    NvU32               is10BPCSupported       : 1;  // if 10 bpc is supported
+    NvU32               is12BPCSupported       : 1;  // if 12 bpc is supported        
+    NvU32               is16BPCSupported       : 1;  // if 16 bpc is supported
+ } NV_DISPLAY_PORT_INFO; 
+
+#define NV_DISPLAY_PORT_INFO_VER   MAKE_NVAPI_VERSION(NV_DISPLAY_PORT_INFO,1)
+
+NVAPI_INTERFACE NvAPI_GetDisplayPortInfo(NvDisplayHandle hNvDisplay, NvU32 outputId, NV_DISPLAY_PORT_INFO *pInfo);
+
+///////////////////////////////////////////////////////////////////////////////
+// FUNCTION NAME:   NvAPI_SetDisplayPort
+//
+// DESCRIPTION:     This API is used to setup DP related configurations.
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// PARAMETERS:      hNvDisplay(IN) - NVIDIA display handle. It can be NVAPI_DEFAULT_HANDLE or a handle enumerated from NvAPI_EnumNVidiaDisplayHandle().
+//                  outputId(IN)   - This display output ID, when it's "0" it means the default outputId generated from the return of NvAPI_GetAssociatedDisplayOutputId().
+//                  pCfg(IN)       - The display port config structure. If pCfg is NULL, it means to use the driver's default value to setup.
+//
+// RETURN STATUS: 
+//                  NVAPI_OK - completed request
+//                  NVAPI_ERROR - miscellaneous error occurred
+//                  NVAPI_INVALID_ARGUMENT: Invalid input parameter.
+///////////////////////////////////////////////////////////////////////////////
+typedef struct
+{
+    NvU32               version;                     // structure version - 2 is latest
+    NV_DP_LINK_RATE     linkRate;                    // the link rate
+    NV_DP_LANE_COUNT    laneCount;                   // the lane count
+    NV_DP_COLOR_FORMAT  colorFormat;                 // the color format to set
+    NV_DP_DYNAMIC_RANGE dynamicRange;                // the dynamic range
+    NV_DP_COLORIMETRY   colorimetry;                 // ignored in RGB space
+    NV_DP_BPC           bpc;                         // the current bit-per-component;
+    NvU32               isHPD               : 1;     // if CPL is making this call due to HPD
+    NvU32               isSetDeferred       : 1;     // requires an OS modeset to finalize the setup if set
+    NvU32               isChromaLpfOff      : 1;     // force the chroma low_pass_filter to be off
+    NvU32               isDitherOff         : 1;     // force to turn off dither
+} NV_DISPLAY_PORT_CONFIG;
+
+#define NV_DISPLAY_PORT_CONFIG_VER   MAKE_NVAPI_VERSION(NV_DISPLAY_PORT_CONFIG,2)
+#define NV_DISPLAY_PORT_CONFIG_VER_1 MAKE_NVAPI_VERSION(NV_DISPLAY_PORT_CONFIG,1)
+#define NV_DISPLAY_PORT_CONFIG_VER_2 MAKE_NVAPI_VERSION(NV_DISPLAY_PORT_CONFIG,2)
+
+NVAPI_INTERFACE NvAPI_SetDisplayPort(NvDisplayHandle hNvDisplay, NvU32 outputId, NV_DISPLAY_PORT_CONFIG *pCfg);
+
+///////////////////////////////////////////////////////////////////////////////
+// FUNCTION NAME:   NvAPI_GetHDMISupportInfo
+//
+// DESCRIPTION:     This API returns the current infoframe data on the specified device(monitor)
+//
+//  SUPPORTED OS: Windows Vista and higher
+//
+// PARAMETERS:      hNvDisplay(IN) - NVIDIA Display selection. It can be NVAPI_DEFAULT_HANDLE or a handle enumerated from NvAPI_EnumNVidiaDisplayHandle().
+//                  outputId(IN)   - The display output id. If it's "0" then the default outputId from NvAPI_GetAssociatedDisplayOutputId() will be used.
+//                  pInfo(OUT)     - The monitor and GPU's HDMI support info
+//
+// RETURN STATUS: 
+//                  NVAPI_OK - completed request
+//                  NVAPI_ERROR - miscellaneous error occurred
+//                  NVAPI_INVALID_ARGUMENT: Invalid input parameter.
+//
+///////////////////////////////////////////////////////////////////////////////
+typedef struct
+{
+    NvU32      version;                     // structure version
+    NvU32      isGpuHDMICapable       : 1;  // if the GPU can handle HDMI
+    NvU32      isMonUnderscanCapable  : 1;  // if the monitor supports underscan
+    NvU32      isMonBasicAudioCapable : 1;  // if the monitor supports basic audio
+    NvU32      isMonYCbCr444Capable   : 1;  // if YCbCr 4:4:4 is supported
+    NvU32      isMonYCbCr422Capable   : 1;  // if YCbCr 4:2:2 is supported
+    NvU32      isMonxvYCC601Capable   : 1;  // if xvYCC 601 is supported
+    NvU32      isMonxvYCC709Capable   : 1;  // if xvYCC 709 is supported
+    NvU32      isMonHDMI              : 1;  // if the monitor is HDMI (with IEEE's HDMI registry ID)
+    NvU32      EDID861ExtRev;               // the revision number of the EDID 861 extension
+ } NV_HDMI_SUPPORT_INFO; 
+
+#define NV_HDMI_SUPPORT_INFO_VER  MAKE_NVAPI_VERSION(NV_HDMI_SUPPORT_INFO,1)
+
+NVAPI_INTERFACE NvAPI_GetHDMISupportInfo(NvDisplayHandle hNvDisplay, NvU32 outputId, NV_HDMI_SUPPORT_INFO *pInfo);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetAllOutputs
+//
+//   DESCRIPTION: Returns set of all GPU-output identifiers as a bitmask.
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hPhysicalGpu or pOutputsMask is NULL
+//                NVAPI_OK: *pOutputsMask contains a set of GPU-output identifiers
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetAllOutputs(NvPhysicalGpuHandle hPhysicalGpu,NvU32 *pOutputsMask);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetConnectedOutputs
+//
+//   DESCRIPTION: Same as NvAPI_GPU_GetAllOutputs but returns only the set of GPU-output 
+//                identifiers that are connected to display devices.
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hPhysicalGpu or pOutputsMask is NULL
+//                NVAPI_OK: *pOutputsMask contains a set of GPU-output identifiers
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetConnectedOutputs(NvPhysicalGpuHandle hPhysicalGpu, NvU32 *pOutputsMask);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetConnectedSLIOutputs
+//
+//   DESCRIPTION: Same as NvAPI_GPU_GetConnectedOutputs but returns only the set of GPU-output 
+//                identifiers that can be selected in an SLI configuration. With SLI disabled
+//                this function matches NvAPI_GPU_GetConnectedOutputs
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hPhysicalGpu or pOutputsMask is NULL
+//                NVAPI_OK: *pOutputsMask contains a set of GPU-output identifiers
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetConnectedSLIOutputs(NvPhysicalGpuHandle hPhysicalGpu, NvU32 *pOutputsMask);
+
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetConnectedOutputsWithLidState
+//
+//   DESCRIPTION: Similar to NvAPI_GPU_GetConnectedOutputs this API returns the connected display identifiers that are connected 
+//                as a output mask but unlike NvAPI_GPU_GetConnectedOutputs this API "always" reflects the Lid State in the output mask.
+//                Thus if you expect the LID close state to be available in the connection mask use this API.
+//                If LID is closed then this API will remove the LID panel from the connected display identifiers. 
+//                If LID is open then this API will reflect the LID panel in the connected display identifiers. 
+//                Note:This API should be used on laptop systems and on systems where LID state is required in the connection output mask. 
+//                     On desktop systems the returned identifiers will match NvAPI_GPU_GetConnectedOutputs.
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hPhysicalGpu or pOutputsMask is NULL
+//                NVAPI_OK: *pOutputsMask contains a set of GPU-output identifiers
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetConnectedOutputsWithLidState(NvPhysicalGpuHandle hPhysicalGpu, NvU32 *pOutputsMask);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetConnectedSLIOutputsWithLidState
+//
+//   DESCRIPTION: Same as NvAPI_GPU_GetConnectedOutputsWithLidState but returns only the set of GPU-output 
+//                identifiers that can be selected in an SLI configuration. With SLI disabled
+//                this function matches NvAPI_GPU_GetConnectedOutputsWithLidState
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hPhysicalGpu or pOutputsMask is NULL
+//                NVAPI_OK: *pOutputsMask contains a set of GPU-output identifiers
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetConnectedSLIOutputsWithLidState(NvPhysicalGpuHandle hPhysicalGpu, NvU32 *pOutputsMask);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetSystemType
+//
+//   DESCRIPTION: Returns information to identify if the GPU type is for a laptop system or a desktop system.
+//
+//  SUPPORTED OS: Windows XP and higher
+//                
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hPhysicalGpu or pOutputsMask is NULL
+//                NVAPI_OK: *pSystemType contains the GPU system type
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+typedef enum
+{
+    NV_SYSTEM_TYPE_UNKNOWN = 0,
+    NV_SYSTEM_TYPE_LAPTOP  = 1,
+    NV_SYSTEM_TYPE_DESKTOP = 2,
+
+} NV_SYSTEM_TYPE;
+
+NVAPI_INTERFACE NvAPI_GPU_GetSystemType(NvPhysicalGpuHandle hPhysicalGpu, NV_SYSTEM_TYPE *pSystemType);
+
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetActiveOutputs
+//
+//   DESCRIPTION: Same as NvAPI_GPU_GetAllOutputs but returns only the set of GPU-output 
+//                identifiers that are actively driving display devices.
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hPhysicalGpu or pOutputsMask is NULL
+//                NVAPI_OK: *pOutputsMask contains a set of GPU-output identifiers
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetActiveOutputs(NvPhysicalGpuHandle hPhysicalGpu, NvU32 *pOutputsMask);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetEDID
+//
+//   DESCRIPTION: Returns the EDID data for the specified GPU handle and connection bit mask.
+//                displayOutputId should have exactly 1 bit set to indicate a single display.
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: pEDID is NULL; displayOutputId has 0 or > 1 bits set.
+//                NVAPI_OK: *pEDID contains valid data.
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found.
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle.
+//                NVAPI_DATA_NOT_FOUND: requested display does not contain an EDID
+//
+///////////////////////////////////////////////////////////////////////////////
+#define NV_EDID_V1_DATA_SIZE   256
+#define NV_EDID_DATA_SIZE      NV_EDID_V1_DATA_SIZE
+
+typedef struct
+{
+    NvU32   version;        //structure version
+    NvU8    EDID_Data[NV_EDID_DATA_SIZE];
+    NvU32   sizeofEDID;
+} NV_EDID;
+
+#define NV_EDID_VER         MAKE_NVAPI_VERSION(NV_EDID,2)
+
+NVAPI_INTERFACE NvAPI_GPU_GetEDID(NvPhysicalGpuHandle hPhysicalGpu, NvU32 displayOutputId, NV_EDID *pEDID);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetOutputType
+//
+//   DESCRIPTION: Give a physical GPU handle and a single outputId (exactly 1 bit set), this API
+//                returns the output type.
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hPhysicalGpu, outputId or pOutputsMask is NULL; or outputId has > 1 bit set
+//                NVAPI_OK: *pOutputType contains a NvGpuOutputType value
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+typedef enum _NV_GPU_OUTPUT_TYPE
+{
+    NVAPI_GPU_OUTPUT_UNKNOWN  = 0,
+    NVAPI_GPU_OUTPUT_CRT      = 1,     // CRT display device
+    NVAPI_GPU_OUTPUT_DFP      = 2,     // Digital Flat Panel display device
+    NVAPI_GPU_OUTPUT_TV       = 3,     // TV display device
+} NV_GPU_OUTPUT_TYPE;
+
+NVAPI_INTERFACE NvAPI_GPU_GetOutputType(NvPhysicalGpuHandle hPhysicalGpu, NvU32 outputId, NV_GPU_OUTPUT_TYPE *pOutputType);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_ValidateOutputCombination
+//
+//   DESCRIPTION: This call is used to determine if a set of GPU outputs can be active 
+//                simultaneously.  While a GPU may have <n> outputs, they can not typically
+//                all be active at the same time due to internal resource sharing.
+//
+//                Given a physical GPU handle and a mask of candidate outputs, this call
+//                will return NVAPI_OK if all of the specified outputs can be driven
+//                simultaneously.  It will return NVAPI_INVALID_COMBINATION if they cannot.
+//                
+//                Use NvAPI_GPU_GetAllOutputs() to determine which outputs are candidates.
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// RETURN STATUS: NVAPI_OK: combination of outputs in outputsMask are valid (can be active simultaneously)
+//                NVAPI_INVALID_COMBINATION: combination of outputs in outputsMask are NOT valid
+//                NVAPI_INVALID_ARGUMENT: hPhysicalGpu or outputsMask does not have at least 2 bits set
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_ValidateOutputCombination(NvPhysicalGpuHandle hPhysicalGpu, NvU32 outputsMask);
+
+typedef enum _NV_GPU_CONNECTOR_TYPE
+{
+    NVAPI_GPU_CONNECTOR_VGA_15_PIN                      = 0x00000000,
+    NVAPI_GPU_CONNECTOR_TV_COMPOSITE                    = 0x00000010,
+    NVAPI_GPU_CONNECTOR_TV_SVIDEO                       = 0x00000011,
+    NVAPI_GPU_CONNECTOR_TV_HDTV_COMPONENT               = 0x00000013,
+    NVAPI_GPU_CONNECTOR_TV_SCART                        = 0x00000014,
+    NVAPI_GPU_CONNECTOR_TV_COMPOSITE_SCART_ON_EIAJ4120  = 0x00000016,
+    NVAPI_GPU_CONNECTOR_TV_HDTV_EIAJ4120                = 0x00000017,
+    NVAPI_GPU_CONNECTOR_PC_POD_HDTV_YPRPB               = 0x00000018,
+    NVAPI_GPU_CONNECTOR_PC_POD_SVIDEO                   = 0x00000019,
+    NVAPI_GPU_CONNECTOR_PC_POD_COMPOSITE                = 0x0000001A,
+    NVAPI_GPU_CONNECTOR_DVI_I_TV_SVIDEO                 = 0x00000020,
+    NVAPI_GPU_CONNECTOR_DVI_I_TV_COMPOSITE              = 0x00000021,
+    NVAPI_GPU_CONNECTOR_DVI_I                           = 0x00000030,
+    NVAPI_GPU_CONNECTOR_DVI_D                           = 0x00000031,
+    NVAPI_GPU_CONNECTOR_ADC                             = 0x00000032,
+    NVAPI_GPU_CONNECTOR_LFH_DVI_I_1                     = 0x00000038,
+    NVAPI_GPU_CONNECTOR_LFH_DVI_I_2                     = 0x00000039,
+    NVAPI_GPU_CONNECTOR_SPWG                            = 0x00000040,
+    NVAPI_GPU_CONNECTOR_OEM                             = 0x00000041,
+    NVAPI_GPU_CONNECTOR_DISPLAYPORT_EXTERNAL            = 0x00000046,
+    NVAPI_GPU_CONNECTOR_DISPLAYPORT_INTERNAL            = 0x00000047,
+    NVAPI_GPU_CONNECTOR_HDMI_A                          = 0x00000061,
+    NVAPI_GPU_CONNECTOR_UNKNOWN                         = 0xFFFFFFFF,
+} NV_GPU_CONNECTOR_TYPE;
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetFullName
+//
+//   DESCRIPTION: Retrieves the full GPU name as an ascii string.  Eg: "Quadro FX 1400"
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_ERROR or NVAPI_OK
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetFullName(NvPhysicalGpuHandle hPhysicalGpu, NvAPI_ShortString szName);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetPCIIdentifiers
+//
+//   DESCRIPTION: Returns the PCI identifiers associated with this GPU.
+//                  DeviceId - the internal PCI device identifier for the GPU.
+//                  SubSystemId - the internal PCI subsystem identifier for the GPU.
+//                  RevisionId - the internal PCI device-specific revision identifier for the GPU.
+//                  ExtDeviceId - the external PCI device identifier for the GPU.
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hPhysicalGpu or an argument is NULL
+//                NVAPI_OK: arguments are populated with PCI identifiers
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetPCIIdentifiers(NvPhysicalGpuHandle hPhysicalGpu,NvU32 *pDeviceId,NvU32 *pSubSystemId,NvU32 *pRevisionId,NvU32 *pExtDeviceId);
+    
+typedef enum _NV_GPU_TYPE
+{
+    NV_SYSTEM_TYPE_GPU_UNKNOWN     = 0, 
+    NV_SYSTEM_TYPE_IGPU            = 1, //integrated 
+    NV_SYSTEM_TYPE_DGPU            = 2, //discrete 
+} NV_GPU_TYPE; 
+
+/////////////////////////////////////////////////////////////////////////////// 
+// 
+// FUNCTION NAME: NvAPI_GPU_GetGPUType 
+// 
+// DESCRIPTION: Returns information to identify the GPU type 
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+// 
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hPhysicalGpu 
+// NVAPI_OK: *pGpuType contains the GPU type 
+// NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found 
+// NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle 
+// 
+///////////////////////////////////////////////////////////////////////////////     
+NVAPI_INTERFACE NvAPI_GPU_GetGPUType(NvPhysicalGpuHandle hPhysicalGpu, NV_GPU_TYPE *pGpuType);
+
+typedef enum _NV_GPU_BUS_TYPE
+{
+    NVAPI_GPU_BUS_TYPE_UNDEFINED    = 0,
+    NVAPI_GPU_BUS_TYPE_PCI          = 1,
+    NVAPI_GPU_BUS_TYPE_AGP          = 2,
+    NVAPI_GPU_BUS_TYPE_PCI_EXPRESS  = 3,
+    NVAPI_GPU_BUS_TYPE_FPCI         = 4,
+} NV_GPU_BUS_TYPE;
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetBusType
+//
+//   DESCRIPTION: Returns the type of bus associated with this GPU.
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hPhysicalGpu or pBusType is NULL
+//                NVAPI_OK: *pBusType contains bus identifier
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetBusType(NvPhysicalGpuHandle hPhysicalGpu,NV_GPU_BUS_TYPE *pBusType);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetBusId
+//
+//   DESCRIPTION: Returns the ID of bus associated with this GPU.
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hPhysicalGpu or pBusId is NULL
+//                NVAPI_OK: *pBusId contains bus id
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetBusId(NvPhysicalGpuHandle hPhysicalGpu, NvU32 *pBusId);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetBusSlotId
+//
+//   DESCRIPTION: Returns the ID of bus-slot associated with this GPU.
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hPhysicalGpu or pBusSlotId is NULL
+//                NVAPI_OK: *pBusSlotId contains bus-slot id
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetBusSlotId(NvPhysicalGpuHandle hPhysicalGpu, NvU32 *pBusSlotId);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetIRQ
+//
+//   DESCRIPTION: Returns the interrupt number associated with this GPU.
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hPhysicalGpu or pIRQ is NULL
+//                NVAPI_OK: *pIRQ contains interrupt number
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetIRQ(NvPhysicalGpuHandle hPhysicalGpu,NvU32 *pIRQ);
+    
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetVbiosRevision
+//
+//   DESCRIPTION: Returns the revision of the video bios associated with this GPU.
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hPhysicalGpu or pBiosRevision is NULL
+//                NVAPI_OK: *pBiosRevision contains revision number
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetVbiosRevision(NvPhysicalGpuHandle hPhysicalGpu,NvU32 *pBiosRevision);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetVbiosOEMRevision
+//
+//   DESCRIPTION: Returns the OEM revision of the video bios associated with this GPU.
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hPhysicalGpu or pBiosRevision is NULL
+//                NVAPI_OK: *pBiosRevision contains revision number
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetVbiosOEMRevision(NvPhysicalGpuHandle hPhysicalGpu,NvU32 *pBiosRevision);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetVbiosVersionString
+//
+//   DESCRIPTION: Returns the full bios version string in the form of xx.xx.xx.xx.yy where
+//                the xx numbers come from NvAPI_GPU_GetVbiosRevision and yy comes from 
+//                NvAPI_GPU_GetVbiosOEMRevision.
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: hPhysicalGpu is NULL
+//                NVAPI_OK: szBiosRevision contains version string
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetVbiosVersionString(NvPhysicalGpuHandle hPhysicalGpu,NvAPI_ShortString szBiosRevision);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetAGPAperture
+//
+//   DESCRIPTION: Returns AGP aperture in megabytes
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: pSize is NULL
+//                NVAPI_OK: call successful
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetAGPAperture(NvPhysicalGpuHandle hPhysicalGpu,NvU32 *pSize);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetCurrentAGPRate
+//
+//   DESCRIPTION: Returns the current AGP Rate (1 = 1x, 2=2x etc, 0 = AGP not present)
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: pRate is NULL
+//                NVAPI_OK: call successful
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetCurrentAGPRate(NvPhysicalGpuHandle hPhysicalGpu,NvU32 *pRate);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetCurrentPCIEDownstreamWidth
+//
+//   DESCRIPTION: Returns the number of PCIE lanes being used for the PCIE interface 
+//                downstream from the GPU.
+//
+//                On systems that do not support PCIE, the maxspeed for the root link
+//                will be zero.
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: pWidth is NULL
+//                NVAPI_OK: call successful
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetCurrentPCIEDownstreamWidth(NvPhysicalGpuHandle hPhysicalGpu,NvU32 *pWidth);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetPhysicalFrameBufferSize
+//
+//   DESCRIPTION: Returns the physical size of framebuffer in Kb.  This does NOT include any
+//                system RAM that may be dedicated for use by the GPU.
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: pSize is NULL
+//                NVAPI_OK: call successful
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetPhysicalFrameBufferSize(NvPhysicalGpuHandle hPhysicalGpu,NvU32 *pSize);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GPU_GetVirtualFrameBufferSize
+//
+//   DESCRIPTION: Returns the virtual size of framebuffer in Kb.  This includes the physical RAM plus any
+//                system RAM that has been dedicated for use by the GPU.
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: pSize is NULL
+//                NVAPI_OK: call successful
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND: no NVIDIA GPU driving a display was found
+//                NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE: hPhysicalGpu was not a physical GPU handle
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetVirtualFrameBufferSize(NvPhysicalGpuHandle hPhysicalGpu,NvU32 *pSize);
+
+///////////////////////////////////////////////////////////////////////////////////
+//  Thermal API
+//  Provides ability to get temperature levels from the various thermal sensors associated with the GPU
+
+#define NVAPI_MAX_THERMAL_SENSORS_PER_GPU 3
+
+typedef enum 
+{
+    NVAPI_THERMAL_TARGET_NONE          = 0,
+    NVAPI_THERMAL_TARGET_GPU           = 1,
+    NVAPI_THERMAL_TARGET_MEMORY        = 2,
+    NVAPI_THERMAL_TARGET_POWER_SUPPLY  = 4,
+    NVAPI_THERMAL_TARGET_BOARD         = 8,
+    NVAPI_THERMAL_TARGET_ALL           = 15,
+    NVAPI_THERMAL_TARGET_UNKNOWN       = -1,
+} NV_THERMAL_TARGET;
+
+typedef enum
+{
+    NVAPI_THERMAL_CONTROLLER_NONE = 0,
+    NVAPI_THERMAL_CONTROLLER_GPU_INTERNAL,  
+    NVAPI_THERMAL_CONTROLLER_ADM1032,
+    NVAPI_THERMAL_CONTROLLER_MAX6649,       
+    NVAPI_THERMAL_CONTROLLER_MAX1617,      
+    NVAPI_THERMAL_CONTROLLER_LM99,      
+    NVAPI_THERMAL_CONTROLLER_LM89,         
+    NVAPI_THERMAL_CONTROLLER_LM64,         
+    NVAPI_THERMAL_CONTROLLER_ADT7473,
+    NVAPI_THERMAL_CONTROLLER_SBMAX6649,
+    NVAPI_THERMAL_CONTROLLER_VBIOSEVT,  
+    NVAPI_THERMAL_CONTROLLER_OS,    
+    NVAPI_THERMAL_CONTROLLER_UNKNOWN = -1,
+} NV_THERMAL_CONTROLLER;
+
+typedef struct
+{
+    NvU32   version;                //structure version 
+    NvU32   count;                  //number of associated thermal sensors with the selected GPU
+    struct 
+    {
+        NV_THERMAL_CONTROLLER       controller;         //internal, ADM1032, MAX6649...
+        NvU32                       defaultMinTemp;     //the min default temperature value of the thermal sensor in degrees centigrade 
+        NvU32                       defaultMaxTemp;    //the max default temperature value of the thermal sensor in degrees centigrade 
+        NvU32                       currentTemp;       //the current temperature value of the thermal sensor in degrees centigrade 
+        NV_THERMAL_TARGET           target;             //thermal senor targeted @ GPU, memory, chipset, powersupply, canoas...
+    } sensor[NVAPI_MAX_THERMAL_SENSORS_PER_GPU];
+
+} NV_GPU_THERMAL_SETTINGS;
+
+#define NV_GPU_THERMAL_SETTINGS_VER  MAKE_NVAPI_VERSION(NV_GPU_THERMAL_SETTINGS,1)
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME:   NvAPI_GPU_GetThermalSettings
+//
+// DESCRIPTION:     Retrieves the thermal information of all thermal sensors or specific thermal sensor associated with the selected GPU.
+//                  Thermal sensors are indexed 0 to NVAPI_MAX_THERMAL_SENSORS_PER_GPU-1.
+//                  To retrieve specific thermal sensor info set the sensorIndex to the required thermal sensor index. 
+//                  To retrieve info for all sensors set sensorIndex to NVAPI_THERMAL_TARGET_ALL. 
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// PARAMETERS :     hPhysicalGPU(IN) - GPU selection.
+//                  sensorIndex(IN)  - Explicit thermal sensor index selection. 
+//                  pThermalSettings(OUT) - Array of thermal settings.
+//
+// RETURN STATUS: 
+//    NVAPI_OK - completed request
+//    NVAPI_ERROR - miscellaneous error occurred
+//    NVAPI_INVALID_ARGUMENT - pThermalInfo is NULL
+//    NVAPI_HANDLE_INVALIDATED - handle passed has been invalidated (see user guide)
+//    NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE - handle passed is not a physical GPU handle
+//    NVAPI_INCOMPATIBLE_STRUCT_VERSION - the version of the INFO struct is not supported
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GPU_GetThermalSettings(NvPhysicalGpuHandle hPhysicalGpu, NvU32 sensorIndex, NV_GPU_THERMAL_SETTINGS *pThermalSettings);
+
+////////////////////////////////////////////////////////////////////////////////
+//NvAPI_TVOutput Information
+
+typedef enum _NV_DISPLAY_TV_FORMAT
+{
+    NV_DISPLAY_TV_FORMAT_NONE         = 0,
+    NV_DISPLAY_TV_FORMAT_SD_NTSCM     = 0x00000001,
+    NV_DISPLAY_TV_FORMAT_SD_NTSCJ     = 0x00000002,
+    NV_DISPLAY_TV_FORMAT_SD_PALM      = 0x00000004,
+    NV_DISPLAY_TV_FORMAT_SD_PALBDGH   = 0x00000008,
+    NV_DISPLAY_TV_FORMAT_SD_PALN      = 0x00000010,
+    NV_DISPLAY_TV_FORMAT_SD_PALNC     = 0x00000020,
+    NV_DISPLAY_TV_FORMAT_SD_576i      = 0x00000100,
+    NV_DISPLAY_TV_FORMAT_SD_480i      = 0x00000200,
+    NV_DISPLAY_TV_FORMAT_ED_480p      = 0x00000400,
+    NV_DISPLAY_TV_FORMAT_ED_576p      = 0x00000800,
+    NV_DISPLAY_TV_FORMAT_HD_720p      = 0x00001000,
+    NV_DISPLAY_TV_FORMAT_HD_1080i     = 0x00002000,
+    NV_DISPLAY_TV_FORMAT_HD_1080p     = 0x00004000,
+    NV_DISPLAY_TV_FORMAT_HD_720p50    = 0x00008000,
+    NV_DISPLAY_TV_FORMAT_HD_1080p24   = 0x00010000,
+    NV_DISPLAY_TV_FORMAT_HD_1080i50   = 0x00020000,
+    NV_DISPLAY_TV_FORMAT_HD_1080p50   = 0x00040000,
+
+} NV_DISPLAY_TV_FORMAT;
+
+///////////////////////////////////////////////////////////////////////////////////
+//  I2C API
+//  Provides ability to read or write data using I2C protocol.
+//  These APIs allow I2C access only to DDC monitors
+
+#define NVAPI_MAX_SIZEOF_I2C_DATA_BUFFER 256
+#define NVAPI_NO_PORTID_FOUND 5
+#define NVAPI_DISPLAY_DEVICE_MASK_MAX 24
+
+typedef struct 
+{
+    NvU32                   version;        //structure version 
+    NvU32                   displayMask;    //the Display Mask of the concerned display
+    NvU8                    bIsDDCPort;     //Flag indicating DDC port or a communication port
+    NvU8                    i2cDevAddress;  //the I2C target device address
+    NvU8*                   pbI2cRegAddress;//the I2C target register address  
+    NvU32                   regAddrSize;    //the size in bytes of target register address  
+    NvU8*                   pbData;         //The buffer of data which is to be read/written
+    NvU32                   cbSize;         //The size of Data buffer to be read.
+    NvU32                   i2cSpeed;       //The speed at which the transaction is be made(between 28kbps to 40kbps)
+} NV_I2C_INFO;
+
+#define NV_I2C_INFO_VER  MAKE_NVAPI_VERSION(NV_I2C_INFO,1)
+/***********************************************************************************/
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME:  NvAPI_I2CRead
+//
+// DESCRIPTION:    Read data buffer from I2C port
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// PARAMETERS:     hPhysicalGPU(IN) - GPU selection.
+//                 NV_I2C_INFO *pI2cInfo -The I2c data input structure
+//
+// RETURN STATUS: 
+//    NVAPI_OK - completed request
+//    NVAPI_ERROR - miscellaneous error occurred
+//    NVAPI_HANDLE_INVALIDATED - handle passed has been invalidated (see user guide)
+//    NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE - handle passed is not a physical GPU handle
+//    NVAPI_INCOMPATIBLE_STRUCT_VERSION - structure version is not supported
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_I2CRead(NvPhysicalGpuHandle hPhysicalGpu, NV_I2C_INFO *pI2cInfo);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME:  NvAPI_I2CWrite
+//
+// DESCRIPTION:    Writes data buffer to I2C port
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// PARAMETERS:     hPhysicalGPU(IN) - GPU selection.
+//                 NV_I2C_INFO *pI2cInfo -The I2c data input structure
+//
+// RETURN STATUS: 
+//    NVAPI_OK - completed request
+//    NVAPI_ERROR - miscellaneous error occurred
+//    NVAPI_HANDLE_INVALIDATED - handle passed has been invalidated (see user guide)
+//    NVAPI_EXPECTED_PHYSICAL_GPU_HANDLE - handle passed is not a physical GPU handle
+//    NVAPI_INCOMPATIBLE_STRUCT_VERSION - structure version is not supported
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_I2CWrite(NvPhysicalGpuHandle hPhysicalGpu, NV_I2C_INFO *pI2cInfo);
+
+
+typedef struct
+{
+    NvU32               version;        //structure version
+    NvU32               vendorId;       //vendorId
+    NvU32               deviceId;       //deviceId
+    NvAPI_ShortString   szVendorName;   //vendor Name
+    NvAPI_ShortString   szChipsetName;  //device Name
+    NvU32               flags;          //Chipset info flags - obsolete
+    NvU32               subSysVendorId;     //subsystem vendorId
+    NvU32               subSysDeviceId;     //subsystem deviceId
+    NvAPI_ShortString   szSubSysVendorName; //subsystem vendor Name
+} NV_CHIPSET_INFO;
+
+#define NV_CHIPSET_INFO_VER     MAKE_NVAPI_VERSION(NV_CHIPSET_INFO,3)
+
+typedef enum
+{
+    NV_CHIPSET_INFO_HYBRID          = 0x00000001,
+} NV_CHIPSET_INFO_FLAGS;
+
+typedef struct
+{
+    NvU32               version;        //structure version
+    NvU32               vendorId;       //vendorId
+    NvU32               deviceId;       //deviceId
+    NvAPI_ShortString   szVendorName;   //vendor Name
+    NvAPI_ShortString   szChipsetName;  //device Name
+    NvU32               flags;          //Chipset info flags
+} NV_CHIPSET_INFO_v2;
+
+#define NV_CHIPSET_INFO_VER_2   MAKE_NVAPI_VERSION(NV_CHIPSET_INFO_v2,2)
+
+typedef struct
+{
+    NvU32               version;        //structure version
+    NvU32               vendorId;       //vendorId
+    NvU32               deviceId;       //deviceId
+    NvAPI_ShortString   szVendorName;   //vendor Name
+    NvAPI_ShortString   szChipsetName;  //device Name
+} NV_CHIPSET_INFO_v1;
+
+#define NV_CHIPSET_INFO_VER_1  MAKE_NVAPI_VERSION(NV_CHIPSET_INFO_v1,1)
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_SYS_GetChipSetInfo
+//
+//   DESCRIPTION: Returns information about the System's ChipSet
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_INVALID_ARGUMENT: pChipSetInfo is NULL
+//                NVAPI_OK: *pChipSetInfo is now set
+//                NVAPI_INCOMPATIBLE_STRUCT_VERSION - NV_CHIPSET_INFO version not compatible with driver
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_SYS_GetChipSetInfo(NV_CHIPSET_INFO *pChipSetInfo);
+
+typedef struct 
+{
+    NvU32 version;    // Structure version, constructed from macro below
+    NvU32 currentLidState;
+    NvU32 currentDockState;
+    NvU32 currentLidPolicy;
+    NvU32 currentDockPolicy;
+    NvU32 forcedLidMechanismPresent;
+    NvU32 forcedDockMechanismPresent;
+}NV_LID_DOCK_PARAMS;
+
+#define NV_LID_DOCK_PARAMS_VER  MAKE_NVAPI_VERSION(NV_LID_DOCK_PARAMS,1)
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_GetLidDockInfo
+//
+// DESCRIPTION: Returns current lid and dock information.
+//
+//  SUPPORTED OS: Mac OS X, Windows XP and higher
+//
+// RETURN STATUS: NVAPI_OK: now *pLidAndDock contains the returned lid and dock information.  
+//                NVAPI_ERROR:If any way call is not success.
+//                NVAPI_NOT_SUPPORTED:If any way call is not success.
+//                NVAPI_HANDLE_INVALIDATED:If nvapi escape result handle is invalid.
+//                NVAPI_API_NOT_INTIALIZED:If NVAPI is not initialized. 
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_SYS_GetLidAndDockInfo(NV_LID_DOCK_PARAMS *pLidAndDock);
+
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_OGL_ExpertModeSet[Get]
+//
+//   DESCRIPTION: Configure OpenGL Expert Mode, an API usage feedback and
+//                advice reporting mechanism. The effects of this call are
+//                applied only to the current context, and are reset to the
+//                defaults when the context is destroyed.
+//
+//                Note: This feature is valid at runtime only when GLExpert
+//                      functionality has been built into the OpenGL driver
+//                      installed on the system. All Windows Vista OpenGL
+//                      drivers provided by NVIDIA have this instrumentation
+//                      included by default. Windows XP, however, requires a
+//                      special display driver available with the NVIDIA
+//                      PerfSDK found at developer.nvidia.com.
+//
+//                Note: These functions are valid only for the current OpenGL
+//                      context. Calling these functions prior to creating a
+//                      context and calling MakeCurrent with it will result
+//                      in errors and undefined behavior.
+//
+//    PARAMETERS: expertDetailMask  Mask made up of NVAPI_OGLEXPERT_DETAIL bits,
+//                                  this parameter specifies the detail level in
+//                                  the feedback stream.
+//
+//                expertReportMask  Mask made up of NVAPI_OGLEXPERT_REPORT bits,
+//                                  this parameter specifies the areas of
+//                                  functional interest.
+//
+//                expertOutputMask  Mask made up of NVAPI_OGLEXPERT_OUTPUT bits,
+//                                  this parameter specifies the feedback output
+//                                  location.
+//
+//                expertCallback    Used in conjunction with OUTPUT_TO_CALLBACK,
+//                                  this is a simple callback function the user
+//                                  may use to obtain the feedback stream. The
+//                                  function will be called once per fully
+//                                  qualified feedback stream entry.
+//
+// RETURN STATUS: NVAPI_API_NOT_INTIALIZED         : NVAPI not initialized
+//                NVAPI_NVIDIA_DEVICE_NOT_FOUND    : no NVIDIA GPU found
+//                NVAPI_OPENGL_CONTEXT_NOT_CURRENT : no NVIDIA OpenGL context
+//                                                   which supports GLExpert
+//                                                   has been made current
+//                NVAPI_ERROR : OpenGL driver failed to load properly
+//                NVAPI_OK    : success
+//
+///////////////////////////////////////////////////////////////////////////////
+#define NVAPI_OGLEXPERT_DETAIL_NONE                 0x00000000
+#define NVAPI_OGLEXPERT_DETAIL_ERROR                0x00000001
+#define NVAPI_OGLEXPERT_DETAIL_SWFALLBACK           0x00000002
+#define NVAPI_OGLEXPERT_DETAIL_BASIC_INFO           0x00000004
+#define NVAPI_OGLEXPERT_DETAIL_DETAILED_INFO        0x00000008
+#define NVAPI_OGLEXPERT_DETAIL_PERFORMANCE_WARNING  0x00000010
+#define NVAPI_OGLEXPERT_DETAIL_QUALITY_WARNING      0x00000020
+#define NVAPI_OGLEXPERT_DETAIL_USAGE_WARNING        0x00000040
+#define NVAPI_OGLEXPERT_DETAIL_ALL                  0xFFFFFFFF
+
+#define NVAPI_OGLEXPERT_REPORT_NONE                 0x00000000
+#define NVAPI_OGLEXPERT_REPORT_ERROR                0x00000001
+#define NVAPI_OGLEXPERT_REPORT_SWFALLBACK           0x00000002
+#define NVAPI_OGLEXPERT_REPORT_PIPELINE_VERTEX      0x00000004
+#define NVAPI_OGLEXPERT_REPORT_PIPELINE_GEOMETRY    0x00000008
+#define NVAPI_OGLEXPERT_REPORT_PIPELINE_XFB         0x00000010
+#define NVAPI_OGLEXPERT_REPORT_PIPELINE_RASTER      0x00000020
+#define NVAPI_OGLEXPERT_REPORT_PIPELINE_FRAGMENT    0x00000040
+#define NVAPI_OGLEXPERT_REPORT_PIPELINE_ROP         0x00000080
+#define NVAPI_OGLEXPERT_REPORT_PIPELINE_FRAMEBUFFER 0x00000100
+#define NVAPI_OGLEXPERT_REPORT_PIPELINE_PIXEL       0x00000200
+#define NVAPI_OGLEXPERT_REPORT_PIPELINE_TEXTURE     0x00000400
+#define NVAPI_OGLEXPERT_REPORT_OBJECT_BUFFEROBJECT  0x00000800
+#define NVAPI_OGLEXPERT_REPORT_OBJECT_TEXTURE       0x00001000
+#define NVAPI_OGLEXPERT_REPORT_OBJECT_PROGRAM       0x00002000
+#define NVAPI_OGLEXPERT_REPORT_OBJECT_FBO           0x00004000
+#define NVAPI_OGLEXPERT_REPORT_FEATURE_SLI          0x00008000
+#define NVAPI_OGLEXPERT_REPORT_ALL                  0xFFFFFFFF
+
+#define NVAPI_OGLEXPERT_OUTPUT_TO_NONE              0x00000000
+#define NVAPI_OGLEXPERT_OUTPUT_TO_CONSOLE           0x00000001
+#define NVAPI_OGLEXPERT_OUTPUT_TO_DEBUGGER          0x00000004
+#define NVAPI_OGLEXPERT_OUTPUT_TO_CALLBACK          0x00000008
+#define NVAPI_OGLEXPERT_OUTPUT_TO_ALL               0xFFFFFFFF
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION TYPE: NVAPI_OGLEXPERT_CALLBACK
+//
+//   DESCRIPTION: Used in conjunction with OUTPUT_TO_CALLBACK, this is a simple 
+//                callback function the user may use to obtain the feedback 
+//                stream. The function will be called once per fully qualified 
+//                feedback stream entry.
+//
+//    PARAMETERS: categoryId   Contains the bit from the NVAPI_OGLEXPERT_REPORT 
+//                             mask that corresponds to the current message
+//                messageId    Unique Id for the current message
+//                detailLevel  Contains the bit from the NVAPI_OGLEXPERT_DETAIL
+//                             mask that corresponds to the current message
+//                objectId     Unique Id of the object that corresponds to the
+//                             current message
+//                messageStr   Text string from the current message
+//
+///////////////////////////////////////////////////////////////////////////////
+typedef void (* NVAPI_OGLEXPERT_CALLBACK) (unsigned int categoryId, unsigned int messageId, unsigned int detailLevel, int objectId, const char *messageStr);
+
+//  SUPPORTED OS: Windows XP and higher
+NVAPI_INTERFACE NvAPI_OGL_ExpertModeSet(NvU32 expertDetailLevel,
+                                        NvU32 expertReportMask,
+                                        NvU32 expertOutputMask,
+                     NVAPI_OGLEXPERT_CALLBACK expertCallback);
+
+
+//  SUPPORTED OS: Windows XP and higher
+NVAPI_INTERFACE NvAPI_OGL_ExpertModeGet(NvU32 *pExpertDetailLevel,
+                                        NvU32 *pExpertReportMask,
+                                        NvU32 *pExpertOutputMask,
+                     NVAPI_OGLEXPERT_CALLBACK *pExpertCallback);
+
+///////////////////////////////////////////////////////////////////////////////
+//
+// FUNCTION NAME: NvAPI_OGL_ExpertModeDefaultsSet[Get]
+//
+//   DESCRIPTION: Configure OpenGL Expert Mode global defaults. These settings
+//                apply to any OpenGL application which starts up after these
+//                values are applied (i.e. these settings *do not* apply to
+//                currently running applications).
+//
+//    PARAMETERS: expertDetailLevel Value which specifies the detail level in
+//                                  the feedback stream. This is a mask made up
+//                                  of NVAPI_OGLEXPERT_LEVEL bits.
+//
+//                expertReportMask  Mask made up of NVAPI_OGLEXPERT_REPORT bits,
+//                                  this parameter specifies the areas of
+//                                  functional interest.
+//
+//                expertOutputMask  Mask made up of NVAPI_OGLEXPERT_OUTPUT bits,
+//                                  this parameter specifies the feedback output
+//                                  location. Note that using OUTPUT_TO_CALLBACK
+//                                  here is meaningless and has no effect, but
+//                                  using it will not cause an error.
+//
+// RETURN STATUS: NVAPI_ERROR or NVAPI_OK
+//
+///////////////////////////////////////////////////////////////////////////////
+
+//  SUPPORTED OS: Windows XP and higher
+NVAPI_INTERFACE NvAPI_OGL_ExpertModeDefaultsSet(NvU32 expertDetailLevel,
+                                                NvU32 expertReportMask,
+                                                NvU32 expertOutputMask);
+
+//  SUPPORTED OS: Windows XP and higher
+NVAPI_INTERFACE NvAPI_OGL_ExpertModeDefaultsGet(NvU32 *pExpertDetailLevel,
+                                                NvU32 *pExpertReportMask,
+                                                NvU32 *pExpertOutputMask);
+
+#define NVAPI_MAX_VIEW_TARGET  2
+
+typedef enum _NV_TARGET_VIEW_MODE
+{
+    NV_VIEW_MODE_STANDARD  = 0,
+    NV_VIEW_MODE_CLONE     = 1,
+    NV_VIEW_MODE_HSPAN     = 2,
+    NV_VIEW_MODE_VSPAN     = 3,
+    NV_VIEW_MODE_DUALVIEW  = 4,
+    NV_VIEW_MODE_MULTIVIEW = 5,
+} NV_TARGET_VIEW_MODE;
+
+
+// Following definitions are used in NvAPI_SetViewEx.
+// Scaling modes
+typedef enum _NV_SCALING
+{
+    NV_SCALING_DEFAULT          = 0,        // No change
+    NV_SCALING_MONITOR_SCALING  = 1,
+    NV_SCALING_ADAPTER_SCALING  = 2,
+    NV_SCALING_CENTERED         = 3,
+    NV_SCALING_ASPECT_SCALING   = 5,
+    NV_SCALING_CUSTOMIZED       = 255       // For future use
+} NV_SCALING;
+
+// Rotate modes
+typedef enum _NV_ROTATE
+{
+    NV_ROTATE_0           = 0,
+    NV_ROTATE_90          = 1,
+    NV_ROTATE_180         = 2,
+    NV_ROTATE_270         = 3
+} NV_ROTATE;
+
+// Color formats
+typedef enum _NV_FORMAT
+{
+    NV_FORMAT_UNKNOWN       =  0,       // unknown. Driver will choose one as following value.
+    NV_FORMAT_P8            = 41,       // for 8bpp mode
+    NV_FORMAT_R5G6B5        = 23,       // for 16bpp mode
+    NV_FORMAT_A8R8G8B8      = 21,       // for 32bpp mode
+    NV_FORMAT_A16B16G16R16F = 113       // for 64bpp(floating point) mode.
+} NV_FORMAT;
+
+// TV standard
+
+
+///////////////////////////////////////////////////////////////////////////////
+// FUNCTION NAME:   NvAPI_SetView
+//
+// DESCRIPTION:     This API lets caller to modify target display arrangement for selected source display handle in any of the nview modes.
+//                  It also allows to modify or extend the source display in dualview mode.
+//
+//  SUPPORTED OS: Windows Vista and higher
+//
+// PARAMETERS:      hNvDisplay(IN) - NVIDIA Display selection. NVAPI_DEFAULT_HANDLE not allowed, it has to be a handle enumerated with NvAPI_EnumNVidiaDisplayHandle().
+//                  pTargetInfo(IN) - Pointer to array of NV_VIEW_TARGET_INFO, specifying device properties in this view.
+//                                    The first device entry in the array is the physical primary.
+//                                    The device entry with the lowest source id is the desktop primary.
+//                  targetCount(IN) - Count of target devices specified in pTargetInfo.
+//                  targetView(IN) - Target view selected from NV_TARGET_VIEW_MODE.
+//
+// RETURN STATUS: 
+//                  NVAPI_OK - completed request
+//                  NVAPI_ERROR - miscellaneous error occurred
+//                  NVAPI_INVALID_ARGUMENT: Invalid input parameter.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+typedef struct
+{
+    NvU32 version;     // (IN) structure version
+    NvU32 count;       // (IN) target count
+    struct 
+    {
+        NvU32 deviceMask;   // (IN/OUT) device mask
+        NvU32 sourceId;     // (IN/OUT) source id
+        NvU32 bPrimary:1;   // (OUT) Indicates if this is the GPU's primary view target. This is not the desktop GDI primary.
+                            // NvAPI_SetView automatically selects the first target in NV_VIEW_TARGET_INFO index 0 as the GPU's primary view.
+        NvU32 bInterlaced:1;// (IN/OUT) Indicates if the timing being used on this monitor is interlaced
+        NvU32 bGDIPrimary:1;// (IN/OUT) Indicates if this is the desktop GDI primary.
+    } target[NVAPI_MAX_VIEW_TARGET];
+} NV_VIEW_TARGET_INFO; 
+
+#define NV_VIEW_TARGET_INFO_VER  MAKE_NVAPI_VERSION(NV_VIEW_TARGET_INFO,2)
+
+NVAPI_INTERFACE NvAPI_SetView(NvDisplayHandle hNvDisplay, NV_VIEW_TARGET_INFO *pTargetInfo, NV_TARGET_VIEW_MODE targetView);
+
+///////////////////////////////////////////////////////////////////////////////
+// FUNCTION NAME:   NvAPI_GetView
+//
+// DESCRIPTION:     This API lets caller retrieve the target display arrangement for selected source display handle.
+//
+//  SUPPORTED OS: Windows Vista and higher
+//
+// PARAMETERS:      hNvDisplay(IN) - NVIDIA Display selection. NVAPI_DEFAULT_HANDLE not allowed, it has to be a handle enumerated with NvAPI_EnumNVidiaDisplayHandle().
+//                  pTargetInfo(OUT) - User allocated storage to retrieve an array of  NV_VIEW_TARGET_INFO. Can be NULL to retrieve the targetCount.
+//                  targetMaskCount(IN/OUT) - Count of target device mask specified in pTargetMask.
+//                  targetView(OUT) - Target view selected from NV_TARGET_VIEW_MODE.
+//
+// RETURN STATUS: 
+//                  NVAPI_OK - completed request
+//                  NVAPI_ERROR - miscellaneous error occurred
+//                  NVAPI_INVALID_ARGUMENT: Invalid input parameter.
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GetView(NvDisplayHandle hNvDisplay, NV_VIEW_TARGET_INFO *pTargets, NvU32 *pTargetMaskCount, NV_TARGET_VIEW_MODE *pTargetView);
+
+///////////////////////////////////////////////////////////////////////////////
+// FUNCTION NAME:   NvAPI_SetViewEx
+//
+// DESCRIPTION:     This API lets caller to modify the display arrangement for selected source display handle in any of the nview modes.
+//                  It also allows to modify or extend the source display in dualview mode.
+//
+//  SUPPORTED OS: Windows Vista and higher
+//
+// PARAMETERS:      hNvDisplay(IN) - NVIDIA Display selection. NVAPI_DEFAULT_HANDLE not allowed, it has to be a handle enumerated with NvAPI_EnumNVidiaDisplayHandle().
+//                  pPathInfo(IN)  - Pointer to array of NV_VIEW_PATH_INFO, specifying device properties in this view.
+//                                    The first device entry in the array is the physical primary.
+//                                    The device entry with the lowest source id is the desktop primary.
+//                  pathCount(IN)  - Count of paths specified in pPathInfo.
+//                  displayView(IN)- Display view selected from NV_TARGET_VIEW_MODE.
+//
+// RETURN STATUS: 
+//                  NVAPI_OK - completed request
+//                  NVAPI_ERROR - miscellaneous error occurred
+//                  NVAPI_INVALID_ARGUMENT: Invalid input parameter.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+#define NVAPI_MAX_DISPLAY_PATH  NVAPI_MAX_VIEW_TARGET
+
+typedef struct
+{
+    NvU32 version;     // (IN) structure version
+    NvU32 count;       // (IN) path count
+    struct 
+    {
+        NvU32                   deviceMask;     // (IN) device mask
+        NvU32                   sourceId;       // (IN) source id
+        NvU32                   bPrimary:1;     // (IN/OUT) Indicates if this is the GPU's primary view target. This is not the desktop GDI primary.
+                                                // NvAPI_SetViewEx automatically selects the first target in NV_DISPLAY_PATH_INFO index 0 as the GPU's primary view.
+        NV_GPU_CONNECTOR_TYPE   connector;      // (IN) Specify connector type. For TV only.
+        
+        // source mode information
+        NvU32                   width;          // (IN) width of the mode
+        NvU32                   height;         // (IN) height of the mode
+        NvU32                   depth;          // (IN) depth of the mode
+        NV_FORMAT               colorFormat;    //      color format if needs to specify. Not used now.
+        
+        //rotation setting of the mode
+        NV_ROTATE               rotation;       // (IN) rotation setting.
+      
+        // the scaling mode
+        NV_SCALING              scaling;        // (IN) scaling setting
+
+        // Timing info
+        NvU32                   refreshRate;    // (IN) refresh rate of the mode
+        NvU32                   interlaced:1;   // (IN) interlaced mode flag
+
+        NV_DISPLAY_TV_FORMAT    tvFormat;       // (IN) to choose the last TV format set this value to NV_DISPLAY_TV_FORMAT_NONE
+
+        // Windows desktop position
+        NvU32                   posx;           // (IN/OUT) x offset of this display on the Windows desktop
+        NvU32                   posy;           // (IN/OUT) y offset of this display on the Windows desktop
+        NvU32                   bGDIPrimary:1;  // (IN/OUT) Indicates if this is the desktop GDI primary.
+
+    } path[NVAPI_MAX_DISPLAY_PATH];
+} NV_DISPLAY_PATH_INFO; 
+
+#define NV_DISPLAY_PATH_INFO_VER  MAKE_NVAPI_VERSION(NV_DISPLAY_PATH_INFO,2)
+
+NVAPI_INTERFACE NvAPI_SetViewEx(NvDisplayHandle hNvDisplay, NV_DISPLAY_PATH_INFO *pPathInfo, NV_TARGET_VIEW_MODE displayView);
+
+///////////////////////////////////////////////////////////////////////////////
+// FUNCTION NAME:   NvAPI_GetViewEx
+//
+// DESCRIPTION:     This API lets caller retrieve the target display arrangement for selected source display handle.
+//
+//  SUPPORTED OS: Windows Vista and higher
+//
+// PARAMETERS:      hNvDisplay(IN) - NVIDIA Display selection. NVAPI_DEFAULT_HANDLE not allowed, it has to be a handle enumerated with NvAPI_EnumNVidiaDisplayHandle().
+//                  pPathInfo(IN/OUT) - count field should be set to NVAPI_MAX_DISPLAY_PATH. Can be NULL to retrieve just the pathCount.
+//                  pPathCount(IN/OUT) - Number of elements in array pPathInfo->path.
+//                  pTargetViewMode(OUT)- Display view selected from NV_TARGET_VIEW_MODE.
+//
+// RETURN STATUS: 
+//                  NVAPI_OK - completed request
+//                  NVAPI_API_NOT_INTIALIZED - NVAPI not initialized
+//                  NVAPI_ERROR - miscellaneous error occurred
+//                  NVAPI_INVALID_ARGUMENT - Invalid input parameter.
+//                  NVAPI_EXPECTED_DISPLAY_HANDLE - hNvDisplay is not a valid display handle.
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GetViewEx(NvDisplayHandle hNvDisplay, NV_DISPLAY_PATH_INFO *pPathInfo, NvU32 *pPathCount, NV_TARGET_VIEW_MODE *pTargetViewMode);
+
+///////////////////////////////////////////////////////////////////////////////
+// FUNCTION NAME:   NvAPI_GetSupportedViews
+//
+// DESCRIPTION:     This API lets caller enumerate all the supported NVIDIA display views - nview and dualview modes.
+//
+//  SUPPORTED OS: Windows XP and higher
+//
+// PARAMETERS:      hNvDisplay(IN) - NVIDIA Display selection. It can be NVAPI_DEFAULT_HANDLE or a handle enumerated from NvAPI_EnumNVidiaDisplayHandle().
+//                  pTargetViews(OUT) - Array of supported views. Can be NULL to retrieve the pViewCount first.
+//                  pViewCount(IN/OUT) - Count of supported views.
+//
+// RETURN STATUS: 
+//                  NVAPI_OK - completed request
+//                  NVAPI_ERROR - miscellaneous error occurred
+//                  NVAPI_INVALID_ARGUMENT: Invalid input parameter.
+//
+///////////////////////////////////////////////////////////////////////////////
+NVAPI_INTERFACE NvAPI_GetSupportedViews(NvDisplayHandle hNvDisplay, NV_TARGET_VIEW_MODE *pTargetViews, NvU32 *pViewCount);
+
+
+#ifdef __cplusplus
+}; //extern "C" {
+#endif
+
+#pragma pack(pop)
+
+#endif // _NVAPI_H
+
diff --git a/coprocs/NVIDIA/mswin/Win32/Debug/lib/nvapi.lib b/coprocs/NVIDIA/mswin/Win32/Debug/lib/nvapi.lib
new file mode 100644
index 0000000..6e88340
Binary files /dev/null and b/coprocs/NVIDIA/mswin/Win32/Debug/lib/nvapi.lib differ
diff --git a/coprocs/NVIDIA/mswin/Win32/Release/lib/nvapi.lib b/coprocs/NVIDIA/mswin/Win32/Release/lib/nvapi.lib
new file mode 100644
index 0000000..6e88340
Binary files /dev/null and b/coprocs/NVIDIA/mswin/Win32/Release/lib/nvapi.lib differ
diff --git a/coprocs/NVIDIA/mswin/x64/Debug/lib/nvapi.lib b/coprocs/NVIDIA/mswin/x64/Debug/lib/nvapi.lib
new file mode 100644
index 0000000..3d3dd25
Binary files /dev/null and b/coprocs/NVIDIA/mswin/x64/Debug/lib/nvapi.lib differ
diff --git a/coprocs/NVIDIA/mswin/x64/Release/lib/nvapi.lib b/coprocs/NVIDIA/mswin/x64/Release/lib/nvapi.lib
new file mode 100644
index 0000000..3d3dd25
Binary files /dev/null and b/coprocs/NVIDIA/mswin/x64/Release/lib/nvapi.lib differ
diff --git a/curl/ca-bundle.crt b/curl/ca-bundle.crt
new file mode 100644
index 0000000..d60b911
--- /dev/null
+++ b/curl/ca-bundle.crt
@@ -0,0 +1,4371 @@
+##
+## $Id$
+##
+##  ca-bundle.crt -- Bundle of CA Root Certificates
+##  Last Modified: Thu Mar  2 09:32:46 CET 2000
+##
+##  This is a bundle of X.509 certificates of public
+##  Certificate Authorities (CA). These were automatically
+##  extracted from Netscape Communicator 4.72's certificate database
+##  (the file `cert7.db'). It contains the certificates in both
+##  plain text and PEM format and therefore can be directly used
+##  with an Apache+mod_ssl webserver for SSL client authentication.
+##  Just configure this file as the SSLCACertificateFile.
+##
+##  (SKIPME)
+##
+
+ABAecom (sub., Am. Bankers Assn.) Root CA
+=========================================
+MD5 Fingerprint: 82:12:F7:89:E1:0B:91:60:A4:B6:22:9F:94:68:11:92
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIID+DCCAuCgAwIBAgIRANAeQJAAACdLAAAAAQAAAAQwDQYJKoZIhvcNAQEFBQAw
+gYwxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIEwRVdGFoMRcwFQYDVQQHEw5TYWx0IExh
+a2UgQ2l0eTEYMBYGA1UEChMPWGNlcnQgRVogYnkgRFNUMRgwFgYDVQQDEw9YY2Vy
+dCBFWiBieSBEU1QxITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAe
+Fw05OTA3MTQxNjE0MThaFw0wOTA3MTExNjE0MThaMIGMMQswCQYDVQQGEwJVUzEN
+MAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxGDAWBgNVBAoT
+D1hjZXJ0IEVaIGJ5IERTVDEYMBYGA1UEAxMPWGNlcnQgRVogYnkgRFNUMSEwHwYJ
+KoZIhvcNAQkBFhJjYUBkaWdzaWd0cnVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCtVBjetL/3reh0qu2LfI/C1HUa1YS5tmL8ie/kl2GS+x24
+4VpHNJ6eBiL70+o4y7iLB/caoBd3B1owHNQpOCDXJ0DYUJNDv9IYoil2BXKqa7Zp
+mKt5Hhxl9WqL/MUWqqJy2mDtTm4ZJXoKHTDjUJtCPETrobAgHtsCfv49H7/QAIrb
+QHamGKUVp1e2UsIBF5h3j4qBxhq0airmr6nWAKzP2BVJfNsbof6B+of505DBAsD5
+0ELpkWglX8a/hznplQBgKL+DLMDnXrbXNhbnYId26OcnsiUNi3rlqh3lWc3OCw5v
+xsic4xDZhTnTt5v6xrp8dNJddVardKSiUb9SfO5xAgMBAAGjUzBRMA8GA1UdEwEB
+/wQFMAMBAf8wHwYDVR0jBBgwFoAUCCBsZuuBCmxc1bWmPEHdHJaRJ3cwHQYDVR0O
+BBYEFAggbGbrgQpsXNW1pjxB3RyWkSd3MA0GCSqGSIb3DQEBBQUAA4IBAQBah1iP
+Lat2IWtUDNnxQfZOzSue4x+boy1/2St9WMhnpCn16ezVvZY/o3P4xFs2fNBjLDQ5
+m0i4PW/2FMWeY+anNG7T6DOzxzwYbiOuQ5KZP5jFaTDxNjutuTCC1rZZFpYCCykS
+YbQRifcML5SQhZgonFNsfmPdc/QZ/0qB0bJSI/08SjTOWhvgUIrtT4GV2GDn5MQN
+u1g+WPdOaG8+Z8nLepcWJ+xCYRR2uwDF6wg9FX9LtiJdhzuQ9PPA/jez6dliDMDD
+Wa9gvR8N26E0HzDEPYutsB0Ek+1f1eS/IDAE9EjpMwHRLpAnUrOb3jocq6mXf5vr
+wo3CbezcE9NGxXl8
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            d0:1e:40:90:00:00:27:4b:00:00:00:01:00:00:00:04
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca at digsigtrust.com
+        Validity
+            Not Before: Jul 14 16:14:18 1999 GMT
+            Not After : Jul 11 16:14:18 2009 GMT
+        Subject: C=US, ST=Utah, L=Salt Lake City, O=Xcert EZ by DST, CN=Xcert EZ by DST/Email=ca at digsigtrust.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ad:54:18:de:b4:bf:f7:ad:e8:74:aa:ed:8b:7c:
+                    8f:c2:d4:75:1a:d5:84:b9:b6:62:fc:89:ef:e4:97:
+                    61:92:fb:1d:b8:e1:5a:47:34:9e:9e:06:22:fb:d3:
+                    ea:38:cb:b8:8b:07:f7:1a:a0:17:77:07:5a:30:1c:
+                    d4:29:38:20:d7:27:40:d8:50:93:43:bf:d2:18:a2:
+                    29:76:05:72:aa:6b:b6:69:98:ab:79:1e:1c:65:f5:
+                    6a:8b:fc:c5:16:aa:a2:72:da:60:ed:4e:6e:19:25:
+                    7a:0a:1d:30:e3:50:9b:42:3c:44:eb:a1:b0:20:1e:
+                    db:02:7e:fe:3d:1f:bf:d0:00:8a:db:40:76:a6:18:
+                    a5:15:a7:57:b6:52:c2:01:17:98:77:8f:8a:81:c6:
+                    1a:b4:6a:2a:e6:af:a9:d6:00:ac:cf:d8:15:49:7c:
+                    db:1b:a1:fe:81:fa:87:f9:d3:90:c1:02:c0:f9:d0:
+                    42:e9:91:68:25:5f:c6:bf:87:39:e9:95:00:60:28:
+                    bf:83:2c:c0:e7:5e:b6:d7:36:16:e7:60:87:76:e8:
+                    e7:27:b2:25:0d:8b:7a:e5:aa:1d:e5:59:cd:ce:0b:
+                    0e:6f:c6:c8:9c:e3:10:d9:85:39:d3:b7:9b:fa:c6:
+                    ba:7c:74:d2:5d:75:56:ab:74:a4:a2:51:bf:52:7c:
+                    ee:71
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+            X509v3 Authority Key Identifier: 
+                keyid:08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77
+
+            X509v3 Subject Key Identifier: 
+                08:20:6C:66:EB:81:0A:6C:5C:D5:B5:A6:3C:41:DD:1C:96:91:27:77
+    Signature Algorithm: sha1WithRSAEncryption
+        5a:87:58:8f:2d:ab:76:21:6b:54:0c:d9:f1:41:f6:4e:cd:2b:
+        9e:e3:1f:9b:a3:2d:7f:d9:2b:7d:58:c8:67:a4:29:f5:e9:ec:
+        d5:bd:96:3f:a3:73:f8:c4:5b:36:7c:d0:63:2c:34:39:9b:48:
+        b8:3d:6f:f6:14:c5:9e:63:e6:a7:34:6e:d3:e8:33:b3:c7:3c:
+        18:6e:23:ae:43:92:99:3f:98:c5:69:30:f1:36:3b:ad:b9:30:
+        82:d6:b6:59:16:96:02:0b:29:12:61:b4:11:89:f7:0c:2f:94:
+        90:85:98:28:9c:53:6c:7e:63:dd:73:f4:19:ff:4a:81:d1:b2:
+        52:23:fd:3c:4a:34:ce:5a:1b:e0:50:8a:ed:4f:81:95:d8:60:
+        e7:e4:c4:0d:bb:58:3e:58:f7:4e:68:6f:3e:67:c9:cb:7a:97:
+        16:27:ec:42:61:14:76:bb:00:c5:eb:08:3d:15:7f:4b:b6:22:
+        5d:87:3b:90:f4:f3:c0:fe:37:b3:e9:d9:62:0c:c0:c3:59:af:
+        60:bd:1f:0d:db:a1:34:1f:30:c4:3d:8b:ad:b0:1d:04:93:ed:
+        5f:d5:e4:bf:20:30:04:f4:48:e9:33:01:d1:2e:90:27:52:b3:
+        9b:de:3a:1c:ab:a9:97:7f:9b:eb:c2:8d:c2:6d:ec:dc:13:d3:
+        46:c5:79:7c
+
+ANX Network CA by DST
+=====================
+MD5 Fingerprint: A8:ED:DE:EB:93:88:66:D8:2F:C3:BD:1D:BE:45:BE:4D
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDTTCCAragAwIBAgIENm6ibzANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMR0wGwYDVQQL
+ExREU1QgKEFOWCBOZXR3b3JrKSBDQTAeFw05ODEyMDkxNTQ2NDhaFw0xODEyMDkx
+NjE2NDhaMFIxCzAJBgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVy
+ZSBUcnVzdCBDby4xHTAbBgNVBAsTFERTVCAoQU5YIE5ldHdvcmspIENBMIGdMA0G
+CSqGSIb3DQEBAQUAA4GLADCBhwKBgQC0SBGAWKDVpZkP9jcsRLZu0XzzKmueEbaI
+IwRccSWeahJ3EW6/aDllqPay9qIYsokVoGe3eowiSGv2hDQftsr3G3LL8ltI04ce
+InYTBLSsbJZ/5w4IyTJRMC3VgOghZ7rzXggkLAdZnZAa7kbJtaQelrRBkdR/0o04
+JrBvQ24JfQIBA6OCATAwggEsMBEGCWCGSAGG+EIBAQQEAwIABzB0BgNVHR8EbTBr
+MGmgZ6BlpGMwYTELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0
+dXJlIFRydXN0IENvLjEdMBsGA1UECxMURFNUIChBTlggTmV0d29yaykgQ0ExDTAL
+BgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxNTQ2NDhagQ8yMDE4MTIw
+OTE1NDY0OFowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFIwWVXDMFgpTZMKlhKqz
+ZBdDP4I2MB0GA1UdDgQWBBSMFlVwzBYKU2TCpYSqs2QXQz+CNjAMBgNVHRMEBTAD
+AQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4GB
+AEklyWCxDF+pORDTxTRVfc95wynr3vnCQPnoVsXwL+z02exIUbhjOF6TbhiWhbnK
+UJykuOpmJmiThW9vTHHQvnoLPDG5975pnhDX0UDorBZxq66rOOFwscqSFuBdhaYY
+gAYAnOGmGEJRp2hoWe8mlF+tMQz+KR4XAYQ3W+gSMqNd
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 913220207 (0x366ea26f)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Digital Signature Trust Co., OU=DST (ANX Network) CA
+        Validity
+            Not Before: Dec  9 15:46:48 1998 GMT
+            Not After : Dec  9 16:16:48 2018 GMT
+        Subject: C=US, O=Digital Signature Trust Co., OU=DST (ANX Network) CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b4:48:11:80:58:a0:d5:a5:99:0f:f6:37:2c:44:
+                    b6:6e:d1:7c:f3:2a:6b:9e:11:b6:88:23:04:5c:71:
+                    25:9e:6a:12:77:11:6e:bf:68:39:65:a8:f6:b2:f6:
+                    a2:18:b2:89:15:a0:67:b7:7a:8c:22:48:6b:f6:84:
+                    34:1f:b6:ca:f7:1b:72:cb:f2:5b:48:d3:87:1e:22:
+                    76:13:04:b4:ac:6c:96:7f:e7:0e:08:c9:32:51:30:
+                    2d:d5:80:e8:21:67:ba:f3:5e:08:24:2c:07:59:9d:
+                    90:1a:ee:46:c9:b5:a4:1e:96:b4:41:91:d4:7f:d2:
+                    8d:38:26:b0:6f:43:6e:09:7d
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Digital Signature Trust Co./OU=DST (ANX Network) CA/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not Before: Dec  9 15:46:48 1998 GMT, Not After: Dec  9 15:46:48 2018 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:8C:16:55:70:CC:16:0A:53:64:C2:A5:84:AA:B3:64:17:43:3F:82:36
+
+            X509v3 Subject Key Identifier: 
+                8C:16:55:70:CC:16:0A:53:64:C2:A5:84:AA:B3:64:17:43:3F:82:36
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0
+..V4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+        49:25:c9:60:b1:0c:5f:a9:39:10:d3:c5:34:55:7d:cf:79:c3:
+        29:eb:de:f9:c2:40:f9:e8:56:c5:f0:2f:ec:f4:d9:ec:48:51:
+        b8:63:38:5e:93:6e:18:96:85:b9:ca:50:9c:a4:b8:ea:66:26:
+        68:93:85:6f:6f:4c:71:d0:be:7a:0b:3c:31:b9:f7:be:69:9e:
+        10:d7:d1:40:e8:ac:16:71:ab:ae:ab:38:e1:70:b1:ca:92:16:
+        e0:5d:85:a6:18:80:06:00:9c:e1:a6:18:42:51:a7:68:68:59:
+        ef:26:94:5f:ad:31:0c:fe:29:1e:17:01:84:37:5b:e8:12:32:
+        a3:5d
+
+American Express CA
+===================
+MD5 Fingerprint: 1C:D5:8E:82:BE:70:55:8E:39:61:DF:AD:51:DB:6B:A0
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICkDCCAfkCAgCNMA0GCSqGSIb3DQEBBAUAMIGPMQswCQYDVQQGEwJVUzEnMCUG
+A1UEChMeQW1lcmljYW4gRXhwcmVzcyBDb21wYW55LCBJbmMuMSYwJAYDVQQLEx1B
+bWVyaWNhbiBFeHByZXNzIFRlY2hub2xvZ2llczEvMC0GA1UEAxMmQW1lcmljYW4g
+RXhwcmVzcyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNOTgwODE0MjIwMTAwWhcN
+MDYwODE0MjM1OTAwWjCBjzELMAkGA1UEBhMCVVMxJzAlBgNVBAoTHkFtZXJpY2Fu
+IEV4cHJlc3MgQ29tcGFueSwgSW5jLjEmMCQGA1UECxMdQW1lcmljYW4gRXhwcmVz
+cyBUZWNobm9sb2dpZXMxLzAtBgNVBAMTJkFtZXJpY2FuIEV4cHJlc3MgQ2VydGlm
+aWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJ8kmS
+hcr9FSm1BrZE7PyIo/KGzv8UTyQckvnCI8HOQ99dNMi4FOzVKnCRSZXXVs2U8amT
+0Ggi3E19oApyKkfqJfCFAF82VGHPC/k3Wmed6R/pZD9wlWGn0DAC3iYopGYDBOkw
++48zB/lvYYeictvzaHhjZlmpybdm4RWySDYs+QIDAQABMA0GCSqGSIb3DQEBBAUA
+A4GBAGgXYrhzi0xs60qlPqvlnS7SzYoHV/PGWZd2Fxf4Uo4nk9hY2Chs9KIEeorC
+diSxArTfKPL386infiNIYYj0EWiuJl32oUtTJWrYKhQCDuCHIG6eGVxzkAsj4jGX
+Iz/VIqLTBnvaN/XXtUFEF3pFAtmFRWbWjsfwegyZYiJpW+3S
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 141 (0x8d)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Certificate Authority
+        Validity
+            Not Before: Aug 14 22:01:00 1998 GMT
+            Not After : Aug 14 23:59:00 2006 GMT
+        Subject: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Certificate Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c9:f2:49:92:85:ca:fd:15:29:b5:06:b6:44:ec:
+                    fc:88:a3:f2:86:ce:ff:14:4f:24:1c:92:f9:c2:23:
+                    c1:ce:43:df:5d:34:c8:b8:14:ec:d5:2a:70:91:49:
+                    95:d7:56:cd:94:f1:a9:93:d0:68:22:dc:4d:7d:a0:
+                    0a:72:2a:47:ea:25:f0:85:00:5f:36:54:61:cf:0b:
+                    f9:37:5a:67:9d:e9:1f:e9:64:3f:70:95:61:a7:d0:
+                    30:02:de:26:28:a4:66:03:04:e9:30:fb:8f:33:07:
+                    f9:6f:61:87:a2:72:db:f3:68:78:63:66:59:a9:c9:
+                    b7:66:e1:15:b2:48:36:2c:f9
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        68:17:62:b8:73:8b:4c:6c:eb:4a:a5:3e:ab:e5:9d:2e:d2:cd:
+        8a:07:57:f3:c6:59:97:76:17:17:f8:52:8e:27:93:d8:58:d8:
+        28:6c:f4:a2:04:7a:8a:c2:76:24:b1:02:b4:df:28:f2:f7:f3:
+        a8:a7:7e:23:48:61:88:f4:11:68:ae:26:5d:f6:a1:4b:53:25:
+        6a:d8:2a:14:02:0e:e0:87:20:6e:9e:19:5c:73:90:0b:23:e2:
+        31:97:23:3f:d5:22:a2:d3:06:7b:da:37:f5:d7:b5:41:44:17:
+        7a:45:02:d9:85:45:66:d6:8e:c7:f0:7a:0c:99:62:22:69:5b:
+        ed:d2
+
+American Express Global CA
+==========================
+MD5 Fingerprint: 63:1B:66:93:8C:F3:66:CB:3C:79:57:DC:05:49:EA:DB
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIEBDCCAuygAwIBAgICAIUwDQYJKoZIhvcNAQEFBQAwgZYxCzAJBgNVBAYTAlVT
+MScwJQYDVQQKEx5BbWVyaWNhbiBFeHByZXNzIENvbXBhbnksIEluYy4xJjAkBgNV
+BAsTHUFtZXJpY2FuIEV4cHJlc3MgVGVjaG5vbG9naWVzMTYwNAYDVQQDEy1BbWVy
+aWNhbiBFeHByZXNzIEdsb2JhbCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNOTgw
+ODE0MTkwNjAwWhcNMTMwODE0MjM1OTAwWjCBljELMAkGA1UEBhMCVVMxJzAlBgNV
+BAoTHkFtZXJpY2FuIEV4cHJlc3MgQ29tcGFueSwgSW5jLjEmMCQGA1UECxMdQW1l
+cmljYW4gRXhwcmVzcyBUZWNobm9sb2dpZXMxNjA0BgNVBAMTLUFtZXJpY2FuIEV4
+cHJlc3MgR2xvYmFsIENlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAPAkJmYu++tKc3FTiUfLJjxTkpRMysKFtQ34w1e9
+Lyofahi3V68MABb6oLaQpvcaoS5mJsdoo4qTaWa1RlYtHYLqkAwKIsKJUI0F89Sr
+c0HwzxKsKLRvFJSWWUuekHWG3+JH6+HpT0N+h8onGGaetcFAZX38YW+tm3LPqV7Y
+8/nabpEQ+ky16n4g3qk5L/WI5IpvNcYgnCuGRjMK/DFVpWusFkDpzTVZbzIEw3u1
+D3t3cPNIuypSgs6vKW3xEW9t5gcAAe+a8yYNpnkTZ6/4qxx1rJG1a75AsN6cDLFp
+hRlxkRNFyt/R/eayypaDedvFuKpbepALeFY+xteflEgR9a0CAwEAAaNaMFgwEgYD
+VR0TAQH/BAgwBgEB/wIBBTAOBgNVHQ8BAf8EBAMCAQYwFwYDVR0gBBAwDjAMBgoq
+hkiG+Q8KAQUBMBkGA1UdDgQSBBBXRzV7NicRqAj8L0Yl6yRpMA0GCSqGSIb3DQEB
+BQUAA4IBAQDHYUWoinG5vjTpIXshzVYTmNUwY+kYqkuSFb8LHbvskmnFLsNhi+gw
+RcsQRsFzOFyLGdIr80DrfHKzLh4n43WVihybLsSVBYZy0FX0oZJSeVzb9Pjc5dcS
+sUDHPIbkMWVKyjfG3nZXGWlMRmn8Kq0WN3qTrPchSy3766lQy8HRQAjaA2mHpzde
+VcHF7cTjjgwml5tcV0ty4/IDBdACOyYDQJCevgtbSQx48dVMVSng9v1MA6lUAjLR
+V1qFrEPtWzsWX6C/NdtLnnvo/+cNPDuom0lBRvVzTv+SZSGDE1Vx60k8f4gawhIo
+JaFGS0E3l3/sjvHUoZbCILZerakcHhGg
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 133 (0x85)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Global Certificate Authority
+        Validity
+            Not Before: Aug 14 19:06:00 1998 GMT
+            Not After : Aug 14 23:59:00 2013 GMT
+        Subject: C=US, O=American Express Company, Inc., OU=American Express Technologies, CN=American Express Global Certificate Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:f0:24:26:66:2e:fb:eb:4a:73:71:53:89:47:cb:
+                    26:3c:53:92:94:4c:ca:c2:85:b5:0d:f8:c3:57:bd:
+                    2f:2a:1f:6a:18:b7:57:af:0c:00:16:fa:a0:b6:90:
+                    a6:f7:1a:a1:2e:66:26:c7:68:a3:8a:93:69:66:b5:
+                    46:56:2d:1d:82:ea:90:0c:0a:22:c2:89:50:8d:05:
+                    f3:d4:ab:73:41:f0:cf:12:ac:28:b4:6f:14:94:96:
+                    59:4b:9e:90:75:86:df:e2:47:eb:e1:e9:4f:43:7e:
+                    87:ca:27:18:66:9e:b5:c1:40:65:7d:fc:61:6f:ad:
+                    9b:72:cf:a9:5e:d8:f3:f9:da:6e:91:10:fa:4c:b5:
+                    ea:7e:20:de:a9:39:2f:f5:88:e4:8a:6f:35:c6:20:
+                    9c:2b:86:46:33:0a:fc:31:55:a5:6b:ac:16:40:e9:
+                    cd:35:59:6f:32:04:c3:7b:b5:0f:7b:77:70:f3:48:
+                    bb:2a:52:82:ce:af:29:6d:f1:11:6f:6d:e6:07:00:
+                    01:ef:9a:f3:26:0d:a6:79:13:67:af:f8:ab:1c:75:
+                    ac:91:b5:6b:be:40:b0:de:9c:0c:b1:69:85:19:71:
+                    91:13:45:ca:df:d1:fd:e6:b2:ca:96:83:79:db:c5:
+                    b8:aa:5b:7a:90:0b:78:56:3e:c6:d7:9f:94:48:11:
+                    f5:ad
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:5
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Certificate Policies: 
+                Policy: 1.2.840.113807.10.1.5.1
+
+            X509v3 Subject Key Identifier: 
+                57:47:35:7B:36:27:11:A8:08:FC:2F:46:25:EB:24:69
+    Signature Algorithm: sha1WithRSAEncryption
+        c7:61:45:a8:8a:71:b9:be:34:e9:21:7b:21:cd:56:13:98:d5:
+        30:63:e9:18:aa:4b:92:15:bf:0b:1d:bb:ec:92:69:c5:2e:c3:
+        61:8b:e8:30:45:cb:10:46:c1:73:38:5c:8b:19:d2:2b:f3:40:
+        eb:7c:72:b3:2e:1e:27:e3:75:95:8a:1c:9b:2e:c4:95:05:86:
+        72:d0:55:f4:a1:92:52:79:5c:db:f4:f8:dc:e5:d7:12:b1:40:
+        c7:3c:86:e4:31:65:4a:ca:37:c6:de:76:57:19:69:4c:46:69:
+        fc:2a:ad:16:37:7a:93:ac:f7:21:4b:2d:fb:eb:a9:50:cb:c1:
+        d1:40:08:da:03:69:87:a7:37:5e:55:c1:c5:ed:c4:e3:8e:0c:
+        26:97:9b:5c:57:4b:72:e3:f2:03:05:d0:02:3b:26:03:40:90:
+        9e:be:0b:5b:49:0c:78:f1:d5:4c:55:29:e0:f6:fd:4c:03:a9:
+        54:02:32:d1:57:5a:85:ac:43:ed:5b:3b:16:5f:a0:bf:35:db:
+        4b:9e:7b:e8:ff:e7:0d:3c:3b:a8:9b:49:41:46:f5:73:4e:ff:
+        92:65:21:83:13:55:71:eb:49:3c:7f:88:1a:c2:12:28:25:a1:
+        46:4b:41:37:97:7f:ec:8e:f1:d4:a1:96:c2:20:b6:5e:ad:a9:
+        1c:1e:11:a0
+
+BelSign Object Publishing CA
+============================
+MD5 Fingerprint: 8A:02:F8:DF:B8:E1:84:9F:5A:C2:60:24:65:D1:73:FB
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDAzCCAmygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBuzELMAkGA1UEBhMCQkUx
+ETAPBgNVBAcTCEJydXNzZWxzMRMwEQYDVQQKEwpCZWxTaWduIE5WMTgwNgYDVQQL
+Ey9CZWxTaWduIE9iamVjdCBQdWJsaXNoaW5nIENlcnRpZmljYXRlIEF1dGhvcml0
+eTElMCMGA1UEAxMcQmVsU2lnbiBPYmplY3QgUHVibGlzaGluZyBDQTEjMCEGCSqG
+SIb3DQEJARYUd2VibWFzdGVyQGJlbHNpZ24uYmUwHhcNOTcwOTE5MjIwMzAwWhcN
+MDcwOTE5MjIwMzAwWjCBuzELMAkGA1UEBhMCQkUxETAPBgNVBAcTCEJydXNzZWxz
+MRMwEQYDVQQKEwpCZWxTaWduIE5WMTgwNgYDVQQLEy9CZWxTaWduIE9iamVjdCBQ
+dWJsaXNoaW5nIENlcnRpZmljYXRlIEF1dGhvcml0eTElMCMGA1UEAxMcQmVsU2ln
+biBPYmplY3QgUHVibGlzaGluZyBDQTEjMCEGCSqGSIb3DQEJARYUd2VibWFzdGVy
+QGJlbHNpZ24uYmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMQuH7a/7oJA
+3fm3LkHVngWxWtAmfGJVA5v8y2HeS+/+6Jn+h7mIz5DaDwk8dt8Xl7bLPyVF/bS8
+WAC+sFq2FIeP7mdkrR2Ig7tnn2VhAFgIgFCfgMkx9iqQHC33SmwQ9iNDXTgJYIhX
+As0WbBj8zfuSKnfQnpOjXYhk0Mj4XVRRAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQE
+AwIABzANBgkqhkiG9w0BAQQFAAOBgQBjdhd8lvBTpV0BHFPOKcJ+daxMDaIIc7Rq
+Mf0CBhSZ3FQEpL/IloafMUMyJVf2hfYluze+oXkjyVcGJXFrRU/49AJAFoIir1Tq
+Mij2De6ZuksIUQ9uhiMhTC0liIHELg7xEyw4ipUCJMM6lWPkk45IuwhHcl+u5jpa
+R9Zxxp6aUg==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Object Publishing Certificate Authority, CN=BelSign Object Publishing CA/Email=webmaster at belsign.be
+        Validity
+            Not Before: Sep 19 22:03:00 1997 GMT
+            Not After : Sep 19 22:03:00 2007 GMT
+        Subject: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Object Publishing Certificate Authority, CN=BelSign Object Publishing CA/Email=webmaster at belsign.be
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c4:2e:1f:b6:bf:ee:82:40:dd:f9:b7:2e:41:d5:
+                    9e:05:b1:5a:d0:26:7c:62:55:03:9b:fc:cb:61:de:
+                    4b:ef:fe:e8:99:fe:87:b9:88:cf:90:da:0f:09:3c:
+                    76:df:17:97:b6:cb:3f:25:45:fd:b4:bc:58:00:be:
+                    b0:5a:b6:14:87:8f:ee:67:64:ad:1d:88:83:bb:67:
+                    9f:65:61:00:58:08:80:50:9f:80:c9:31:f6:2a:90:
+                    1c:2d:f7:4a:6c:10:f6:23:43:5d:38:09:60:88:57:
+                    02:cd:16:6c:18:fc:cd:fb:92:2a:77:d0:9e:93:a3:
+                    5d:88:64:d0:c8:f8:5d:54:51
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+    Signature Algorithm: md5WithRSAEncryption
+        63:76:17:7c:96:f0:53:a5:5d:01:1c:53:ce:29:c2:7e:75:ac:
+        4c:0d:a2:08:73:b4:6a:31:fd:02:06:14:99:dc:54:04:a4:bf:
+        c8:96:86:9f:31:43:32:25:57:f6:85:f6:25:bb:37:be:a1:79:
+        23:c9:57:06:25:71:6b:45:4f:f8:f4:02:40:16:82:22:af:54:
+        ea:32:28:f6:0d:ee:99:ba:4b:08:51:0f:6e:86:23:21:4c:2d:
+        25:88:81:c4:2e:0e:f1:13:2c:38:8a:95:02:24:c3:3a:95:63:
+        e4:93:8e:48:bb:08:47:72:5f:ae:e6:3a:5a:47:d6:71:c6:9e:
+        9a:52
+
+BelSign Secure Server CA
+========================
+MD5 Fingerprint: 3D:5E:82:C6:D9:AD:D9:8B:93:6B:0C:10:B9:49:0A:B1
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIC8zCCAlygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBszELMAkGA1UEBhMCQkUx
+ETAPBgNVBAcTCEJydXNzZWxzMRMwEQYDVQQKEwpCZWxTaWduIE5WMTQwMgYDVQQL
+EytCZWxTaWduIFNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSEw
+HwYDVQQDExhCZWxTaWduIFNlY3VyZSBTZXJ2ZXIgQ0ExIzAhBgkqhkiG9w0BCQEW
+FHdlYm1hc3RlckBiZWxzaWduLmJlMB4XDTk3MDcxNjIyMDA1NFoXDTA3MDcxNjIy
+MDA1NFowgbMxCzAJBgNVBAYTAkJFMREwDwYDVQQHEwhCcnVzc2VsczETMBEGA1UE
+ChMKQmVsU2lnbiBOVjE0MDIGA1UECxMrQmVsU2lnbiBTZWN1cmUgU2VydmVyIENl
+cnRpZmljYXRlIEF1dGhvcml0eTEhMB8GA1UEAxMYQmVsU2lnbiBTZWN1cmUgU2Vy
+dmVyIENBMSMwIQYJKoZIhvcNAQkBFhR3ZWJtYXN0ZXJAYmVsc2lnbi5iZTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1gESeJL4BEJ/yccig/x8R3AwK0kLPjZA
+kCjaIXODU/LE0RZAwFP/rqbGJLMnbaWzPTl3XagG9ubpvGMRTgZlcAqdk/miQIt/
+SoQOjRax1swIZBIM4ChLyKWEkBf7EUYu1qeFGMsYrmOasFgG9ADP+MQJGjUMofnu
+Sv1t3v4mpTsCAwEAAaMVMBMwEQYJYIZIAYb4QgEBBAQDAgCgMA0GCSqGSIb3DQEB
+BAUAA4GBAGw9mcMF4h3K5S2qaIWLQDEgZhNo5lg6idCNdbLFYth9go/32TKBd/Y1
+W4UpzmeyubwrGXjP84f9RvGVdbIJVwMwwXrNckdxgMp9ncllPEcRIn36BwsoeKGT
+6AVFSOIyMko96FMcELfHc4wHUOH5yStTQfWDjeUJOUqOA2KqQGOL
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Secure Server Certificate Authority, CN=BelSign Secure Server CA/Email=webmaster at belsign.be
+        Validity
+            Not Before: Jul 16 22:00:54 1997 GMT
+            Not After : Jul 16 22:00:54 2007 GMT
+        Subject: C=BE, L=Brussels, O=BelSign NV, OU=BelSign Secure Server Certificate Authority, CN=BelSign Secure Server CA/Email=webmaster at belsign.be
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d6:01:12:78:92:f8:04:42:7f:c9:c7:22:83:fc:
+                    7c:47:70:30:2b:49:0b:3e:36:40:90:28:da:21:73:
+                    83:53:f2:c4:d1:16:40:c0:53:ff:ae:a6:c6:24:b3:
+                    27:6d:a5:b3:3d:39:77:5d:a8:06:f6:e6:e9:bc:63:
+                    11:4e:06:65:70:0a:9d:93:f9:a2:40:8b:7f:4a:84:
+                    0e:8d:16:b1:d6:cc:08:64:12:0c:e0:28:4b:c8:a5:
+                    84:90:17:fb:11:46:2e:d6:a7:85:18:cb:18:ae:63:
+                    9a:b0:58:06:f4:00:cf:f8:c4:09:1a:35:0c:a1:f9:
+                    ee:4a:fd:6d:de:fe:26:a5:3b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL Client, S/MIME
+    Signature Algorithm: md5WithRSAEncryption
+        6c:3d:99:c3:05:e2:1d:ca:e5:2d:aa:68:85:8b:40:31:20:66:
+        13:68:e6:58:3a:89:d0:8d:75:b2:c5:62:d8:7d:82:8f:f7:d9:
+        32:81:77:f6:35:5b:85:29:ce:67:b2:b9:bc:2b:19:78:cf:f3:
+        87:fd:46:f1:95:75:b2:09:57:03:30:c1:7a:cd:72:47:71:80:
+        ca:7d:9d:c9:65:3c:47:11:22:7d:fa:07:0b:28:78:a1:93:e8:
+        05:45:48:e2:32:32:4a:3d:e8:53:1c:10:b7:c7:73:8c:07:50:
+        e1:f9:c9:2b:53:41:f5:83:8d:e5:09:39:4a:8e:03:62:aa:40:
+        63:8b
+
+Deutsche Telekom AG Root CA
+===========================
+MD5 Fingerprint: 77:DE:04:94:77:D0:0C:5F:A7:B1:F4:30:18:87:FB:55
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICjjCCAfegAwIBAgIBBjANBgkqhkiG9w0BAQQFADBtMQswCQYDVQQGEwJERTEc
+MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEdMBsGA1UECxMUVGVsZVNlYyBU
+cnVzdCBDZW50ZXIxITAfBgNVBAMTGERldXRzY2hlIFRlbGVrb20gUm9vdCBDQTAe
+Fw05ODEyMDkwOTExMDBaFw0wNDEyMDkyMzU5MDBaMG0xCzAJBgNVBAYTAkRFMRww
+GgYDVQQKExNEZXV0c2NoZSBUZWxla29tIEFHMR0wGwYDVQQLExRUZWxlU2VjIFRy
+dXN0IENlbnRlcjEhMB8GA1UEAxMYRGV1dHNjaGUgVGVsZWtvbSBSb290IENBMIGf
+MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdBSz5BbO5EtdpcffqVjAIVxRDe7sa
+nG0vV2HX4vVEa+42QZb2ZM7hwbK5pBQEmFDocPiONZp9ScFhHVmu2gYYlX2tzuyp
+vtEYD0CRdiqj5f3+iRX0V/fgVdp1rQD0LME1zLRDJlViRC4BJZyKW/DB0AA1eP41
+3pRAZHiDocw5iQIDAQABoz4wPDAPBgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQE
+AwIBBjAZBgNVHQ4EEgQQLIdZH4sTgLL5hp0+En5YljANBgkqhkiG9w0BAQQFAAOB
+gQAP/nO1B4hvoAuJ6spQH5TelCsLJ15P9RyVJtqMllStGZE3Q12ryYuzzW+YOT3t
+3TXjcbftE5OD6IblKTMTE7w1e/0oL3BZ1dO0jSgTWTvI1XT5RcIHYKq4GFT5pWj/
+1wXVj7YFMS5BSvQQH2BHGguLGU2SVyDS71AZ6M3QcLy8Ng==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, O=Deutsche Telekom AG, OU=TeleSec Trust Center, CN=Deutsche Telekom Root CA
+        Validity
+            Not Before: Dec  9 09:11:00 1998 GMT
+            Not After : Dec  9 23:59:00 2004 GMT
+        Subject: C=DE, O=Deutsche Telekom AG, OU=TeleSec Trust Center, CN=Deutsche Telekom Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:dd:05:2c:f9:05:b3:b9:12:d7:69:71:f7:ea:56:
+                    30:08:57:14:43:7b:bb:1a:9c:6d:2f:57:61:d7:e2:
+                    f5:44:6b:ee:36:41:96:f6:64:ce:e1:c1:b2:b9:a4:
+                    14:04:98:50:e8:70:f8:8e:35:9a:7d:49:c1:61:1d:
+                    59:ae:da:06:18:95:7d:ad:ce:ec:a9:be:d1:18:0f:
+                    40:91:76:2a:a3:e5:fd:fe:89:15:f4:57:f7:e0:55:
+                    da:75:ad:00:f4:2c:c1:35:cc:b4:43:26:55:62:44:
+                    2e:01:25:9c:8a:5b:f0:c1:d0:00:35:78:fe:35:de:
+                    94:40:64:78:83:a1:cc:39:89
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE, pathlen:5
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                2C:87:59:1F:8B:13:80:B2:F9:86:9D:3E:12:7E:58:96
+    Signature Algorithm: md5WithRSAEncryption
+        0f:fe:73:b5:07:88:6f:a0:0b:89:ea:ca:50:1f:94:de:94:2b:
+        0b:27:5e:4f:f5:1c:95:26:da:8c:96:54:ad:19:91:37:43:5d:
+        ab:c9:8b:b3:cd:6f:98:39:3d:ed:dd:35:e3:71:b7:ed:13:93:
+        83:e8:86:e5:29:33:13:13:bc:35:7b:fd:28:2f:70:59:d5:d3:
+        b4:8d:28:13:59:3b:c8:d5:74:f9:45:c2:07:60:aa:b8:18:54:
+        f9:a5:68:ff:d7:05:d5:8f:b6:05:31:2e:41:4a:f4:10:1f:60:
+        47:1a:0b:8b:19:4d:92:57:20:d2:ef:50:19:e8:cd:d0:70:bc:
+        bc:36
+
+Digital Signature Trust Co. Global CA 1
+=======================================
+MD5 Fingerprint: 25:7A:BA:83:2E:B6:A2:0B:DA:FE:F5:02:0F:08:D7:AD
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDKTCCApKgAwIBAgIENnAVljANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL
+EwhEU1RDQSBFMTAeFw05ODEyMTAxODEwMjNaFw0xODEyMTAxODQwMjNaMEYxCzAJ
+BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x
+ETAPBgNVBAsTCERTVENBIEUxMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCg
+bIGpzzQeJN3+hijM3oMv+V7UQtLodGBmE5gGHKlREmlvMVW5SXIACH7TpWJENySZ
+j9mDSI+ZbZUTu0M7LklOiDfBu1h//uG9+LthzfNHwJmm8fOR6Hh8AMthyUQncWlV
+Sn5JTe2io74CTADKAqjuAQIxZA9SLRN0dja1erQtcQIBA6OCASQwggEgMBEGCWCG
+SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx
+JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI
+RFNUQ0EgRTExDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMTAxODEw
+MjNagQ8yMDE4MTIxMDE4MTAyM1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFGp5
+fpFpRhgTCgJ3pVlbYJglDqL4MB0GA1UdDgQWBBRqeX6RaUYYEwoCd6VZW2CYJQ6i
++DAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG
+SIb3DQEBBQUAA4GBACIS2Hod3IEGtgllsofIH160L+nEHvI8wbsEkBFKg05+k7lN
+QseSJqBcNJo4cvj9axY+IO6CizEqkzaFI4iKPANo08kJD038bKTaKHKTDomAsH3+
+gG9lbRgzl4vCa4nuYD3Im+9/KzJic5PLPON74nZ4RbyhkwS7hp86W0N6w4pl
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 913315222 (0x36701596)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Digital Signature Trust Co., OU=DSTCA E1
+        Validity
+            Not Before: Dec 10 18:10:23 1998 GMT
+            Not After : Dec 10 18:40:23 2018 GMT
+        Subject: C=US, O=Digital Signature Trust Co., OU=DSTCA E1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:a0:6c:81:a9:cf:34:1e:24:dd:fe:86:28:cc:de:
+                    83:2f:f9:5e:d4:42:d2:e8:74:60:66:13:98:06:1c:
+                    a9:51:12:69:6f:31:55:b9:49:72:00:08:7e:d3:a5:
+                    62:44:37:24:99:8f:d9:83:48:8f:99:6d:95:13:bb:
+                    43:3b:2e:49:4e:88:37:c1:bb:58:7f:fe:e1:bd:f8:
+                    bb:61:cd:f3:47:c0:99:a6:f1:f3:91:e8:78:7c:00:
+                    cb:61:c9:44:27:71:69:55:4a:7e:49:4d:ed:a2:a3:
+                    be:02:4c:00:ca:02:a8:ee:01:02:31:64:0f:52:2d:
+                    13:74:76:36:b5:7a:b4:2d:71
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Digital Signature Trust Co./OU=DSTCA E1/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not Before: Dec 10 18:10:23 1998 GMT, Not After: Dec 10 18:10:23 2018 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:6A:79:7E:91:69:46:18:13:0A:02:77:A5:59:5B:60:98:25:0E:A2:F8
+
+            X509v3 Subject Key Identifier: 
+                6A:79:7E:91:69:46:18:13:0A:02:77:A5:59:5B:60:98:25:0E:A2:F8
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0
+..V4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+        22:12:d8:7a:1d:dc:81:06:b6:09:65:b2:87:c8:1f:5e:b4:2f:
+        e9:c4:1e:f2:3c:c1:bb:04:90:11:4a:83:4e:7e:93:b9:4d:42:
+        c7:92:26:a0:5c:34:9a:38:72:f8:fd:6b:16:3e:20:ee:82:8b:
+        31:2a:93:36:85:23:88:8a:3c:03:68:d3:c9:09:0f:4d:fc:6c:
+        a4:da:28:72:93:0e:89:80:b0:7d:fe:80:6f:65:6d:18:33:97:
+        8b:c2:6b:89:ee:60:3d:c8:9b:ef:7f:2b:32:62:73:93:cb:3c:
+        e3:7b:e2:76:78:45:bc:a1:93:04:bb:86:9f:3a:5b:43:7a:c3:
+        8a:65
+
+Digital Signature Trust Co. Global CA 2
+=======================================
+MD5 Fingerprint: 6C:C9:A7:6E:47:F1:0C:E3:53:3B:78:4C:4D:C2:6A:C5
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIID2DCCAsACEQDQHkCLAAACfAAAAAIAAAABMA0GCSqGSIb3DQEBBQUAMIGpMQsw
+CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
+dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UE
+CxMIRFNUQ0EgWDExFjAUBgNVBAMTDURTVCBSb290Q0EgWDExITAfBgkqhkiG9w0B
+CQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05ODEyMDExODE4NTVaFw0wODExMjgx
+ODE4NTVaMIGpMQswCQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMO
+U2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0
+IENvLjERMA8GA1UECxMIRFNUQ0EgWDExFjAUBgNVBAMTDURTVCBSb290Q0EgWDEx
+ITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBANLGJrbnpT3BxGjVUG9TxW9JEwm4ryxIjRRqoxdf
+WvnTLnUv2Chi0ZMv/E3Uq4flCMeZ55I/db3rJbQVwZsZPdJEjdd0IG03Ao9pk1uK
+xBmd9LIO/BZsubEFkoPRhSxglD5FVaDZqwgh5mDoO3TymVBRaNADLbGAvqPYUrBE
+zUNKcI5YhZXhTizWLUFv1oTnyJhEykfbLCSlaSbPa7gnYsP0yXqSI+0TZ4KuRS5F
+5X5yP4WdlGIQ5jyRoa13AOAV7POEgHJ6jm5gl8ckWRA0g1vhpaRptlc1HHhZxtMv
+OnNn7pTKBBMFYgZwI7P0fO5F2WQLW0mqpEPOJsREEmy43XkCAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAojeyP2n714Z5VEkxlTMr89EJFEliYIalsBHiUMIdBlc+Legz
+ZL6bqq1fG03UmZWii5rJYnK1aerZWKs17RWiQ9a2vAd5ZWRzfdd5ynvVWlHG4VME
+lo04z6MXrDlxawHDi1M8Y+nuecDkvpIyZHqzH5eUYr3qsiAVlfuX8ngvYzZAOONG
+Dx3drJXK50uQe7FLqdTF65raqtWjlBRGjS0f8zrWkzr2Pnn86Oawde3uPclwx12q
+gUtGJRzHbBXjlU4PqjI3lAoXJJIThFjSY28r9+ZbYgsTF7ANUkz+/m9c4pFuHf2k
+Ytdo+o56T9II2pPc8JIRetDccpMMc5NihWjQ9A==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            d0:1e:40:8b:00:00:02:7c:00:00:00:02:00:00:00:01
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X1, CN=DST RootCA X1/Email=ca at digsigtrust.com
+        Validity
+            Not Before: Dec  1 18:18:55 1998 GMT
+            Not After : Nov 28 18:18:55 2008 GMT
+        Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X1, CN=DST RootCA X1/Email=ca at digsigtrust.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:d2:c6:26:b6:e7:a5:3d:c1:c4:68:d5:50:6f:53:
+                    c5:6f:49:13:09:b8:af:2c:48:8d:14:6a:a3:17:5f:
+                    5a:f9:d3:2e:75:2f:d8:28:62:d1:93:2f:fc:4d:d4:
+                    ab:87:e5:08:c7:99:e7:92:3f:75:bd:eb:25:b4:15:
+                    c1:9b:19:3d:d2:44:8d:d7:74:20:6d:37:02:8f:69:
+                    93:5b:8a:c4:19:9d:f4:b2:0e:fc:16:6c:b9:b1:05:
+                    92:83:d1:85:2c:60:94:3e:45:55:a0:d9:ab:08:21:
+                    e6:60:e8:3b:74:f2:99:50:51:68:d0:03:2d:b1:80:
+                    be:a3:d8:52:b0:44:cd:43:4a:70:8e:58:85:95:e1:
+                    4e:2c:d6:2d:41:6f:d6:84:e7:c8:98:44:ca:47:db:
+                    2c:24:a5:69:26:cf:6b:b8:27:62:c3:f4:c9:7a:92:
+                    23:ed:13:67:82:ae:45:2e:45:e5:7e:72:3f:85:9d:
+                    94:62:10:e6:3c:91:a1:ad:77:00:e0:15:ec:f3:84:
+                    80:72:7a:8e:6e:60:97:c7:24:59:10:34:83:5b:e1:
+                    a5:a4:69:b6:57:35:1c:78:59:c6:d3:2f:3a:73:67:
+                    ee:94:ca:04:13:05:62:06:70:23:b3:f4:7c:ee:45:
+                    d9:64:0b:5b:49:aa:a4:43:ce:26:c4:44:12:6c:b8:
+                    dd:79
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        a2:37:b2:3f:69:fb:d7:86:79:54:49:31:95:33:2b:f3:d1:09:
+        14:49:62:60:86:a5:b0:11:e2:50:c2:1d:06:57:3e:2d:e8:33:
+        64:be:9b:aa:ad:5f:1b:4d:d4:99:95:a2:8b:9a:c9:62:72:b5:
+        69:ea:d9:58:ab:35:ed:15:a2:43:d6:b6:bc:07:79:65:64:73:
+        7d:d7:79:ca:7b:d5:5a:51:c6:e1:53:04:96:8d:38:cf:a3:17:
+        ac:39:71:6b:01:c3:8b:53:3c:63:e9:ee:79:c0:e4:be:92:32:
+        64:7a:b3:1f:97:94:62:bd:ea:b2:20:15:95:fb:97:f2:78:2f:
+        63:36:40:38:e3:46:0f:1d:dd:ac:95:ca:e7:4b:90:7b:b1:4b:
+        a9:d4:c5:eb:9a:da:aa:d5:a3:94:14:46:8d:2d:1f:f3:3a:d6:
+        93:3a:f6:3e:79:fc:e8:e6:b0:75:ed:ee:3d:c9:70:c7:5d:aa:
+        81:4b:46:25:1c:c7:6c:15:e3:95:4e:0f:aa:32:37:94:0a:17:
+        24:92:13:84:58:d2:63:6f:2b:f7:e6:5b:62:0b:13:17:b0:0d:
+        52:4c:fe:fe:6f:5c:e2:91:6e:1d:fd:a4:62:d7:68:fa:8e:7a:
+        4f:d2:08:da:93:dc:f0:92:11:7a:d0:dc:72:93:0c:73:93:62:
+        85:68:d0:f4
+
+Digital Signature Trust Co. Global CA 3
+=======================================
+MD5 Fingerprint: 93:C2:8E:11:7B:D4:F3:03:19:BD:28:75:13:4A:45:4A
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDKTCCApKgAwIBAgIENm7TzjANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL
+EwhEU1RDQSBFMjAeFw05ODEyMDkxOTE3MjZaFw0xODEyMDkxOTQ3MjZaMEYxCzAJ
+BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x
+ETAPBgNVBAsTCERTVENBIEUyMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC/
+k48Xku8zExjrEH9OFr//Bo8qhbxe+SSmJIi2A7fBw18DW9Fvrn5C6mYjuGODVvso
+LeE4i7TuqAHhzhy2iCoiRoX7n6dwqUcUP87eZfCocfdPJmyMvMa1795JJ/9IKn3o
+TQPMx7JSxhcxEzu1TdvIxPbDDyQq2gyd55FbgM2UnQIBA6OCASQwggEgMBEGCWCG
+SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx
+JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI
+RFNUQ0EgRTIxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxOTE3
+MjZagQ8yMDE4MTIwOTE5MTcyNlowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFB6C
+TShlgDzJQW6sNS5ay97u+DlbMB0GA1UdDgQWBBQegk0oZYA8yUFurDUuWsve7vg5
+WzAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG
+SIb3DQEBBQUAA4GBAEeNg61i8tuwnkUiBbmi1gMOOHLnnvx75pO2mqWilMg0HZHR
+xdf0CiUPPXiBng+xZ8SQTGPdXqfiup/1902lMXucKS1M/mQ+7LZT/uqb7YLbdHVL
+B3luHtgZg3Pe9T7Qtd7nS2h9Qy4qIOF+oHhEngj1mPnHfxsb1gYgAlihw6ID
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 913232846 (0x366ed3ce)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Digital Signature Trust Co., OU=DSTCA E2
+        Validity
+            Not Before: Dec  9 19:17:26 1998 GMT
+            Not After : Dec  9 19:47:26 2018 GMT
+        Subject: C=US, O=Digital Signature Trust Co., OU=DSTCA E2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:bf:93:8f:17:92:ef:33:13:18:eb:10:7f:4e:16:
+                    bf:ff:06:8f:2a:85:bc:5e:f9:24:a6:24:88:b6:03:
+                    b7:c1:c3:5f:03:5b:d1:6f:ae:7e:42:ea:66:23:b8:
+                    63:83:56:fb:28:2d:e1:38:8b:b4:ee:a8:01:e1:ce:
+                    1c:b6:88:2a:22:46:85:fb:9f:a7:70:a9:47:14:3f:
+                    ce:de:65:f0:a8:71:f7:4f:26:6c:8c:bc:c6:b5:ef:
+                    de:49:27:ff:48:2a:7d:e8:4d:03:cc:c7:b2:52:c6:
+                    17:31:13:3b:b5:4d:db:c8:c4:f6:c3:0f:24:2a:da:
+                    0c:9d:e7:91:5b:80:cd:94:9d
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Digital Signature Trust Co./OU=DSTCA E2/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not Before: Dec  9 19:17:26 1998 GMT, Not After: Dec  9 19:17:26 2018 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:1E:82:4D:28:65:80:3C:C9:41:6E:AC:35:2E:5A:CB:DE:EE:F8:39:5B
+
+            X509v3 Subject Key Identifier: 
+                1E:82:4D:28:65:80:3C:C9:41:6E:AC:35:2E:5A:CB:DE:EE:F8:39:5B
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0
+..V4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+        47:8d:83:ad:62:f2:db:b0:9e:45:22:05:b9:a2:d6:03:0e:38:
+        72:e7:9e:fc:7b:e6:93:b6:9a:a5:a2:94:c8:34:1d:91:d1:c5:
+        d7:f4:0a:25:0f:3d:78:81:9e:0f:b1:67:c4:90:4c:63:dd:5e:
+        a7:e2:ba:9f:f5:f7:4d:a5:31:7b:9c:29:2d:4c:fe:64:3e:ec:
+        b6:53:fe:ea:9b:ed:82:db:74:75:4b:07:79:6e:1e:d8:19:83:
+        73:de:f5:3e:d0:b5:de:e7:4b:68:7d:43:2e:2a:20:e1:7e:a0:
+        78:44:9e:08:f5:98:f9:c7:7f:1b:1b:d6:06:20:02:58:a1:c3:
+        a2:03
+
+Digital Signature Trust Co. Global CA 4
+=======================================
+MD5 Fingerprint: CD:3B:3D:62:5B:09:B8:09:36:87:9E:12:2F:71:64:BA
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIID2DCCAsACEQDQHkCLAAB3bQAAAAEAAAAEMA0GCSqGSIb3DQEBBQUAMIGpMQsw
+CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
+dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UE
+CxMIRFNUQ0EgWDIxFjAUBgNVBAMTDURTVCBSb290Q0EgWDIxITAfBgkqhkiG9w0B
+CQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05ODExMzAyMjQ2MTZaFw0wODExMjcy
+MjQ2MTZaMIGpMQswCQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMO
+U2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0
+IENvLjERMA8GA1UECxMIRFNUQ0EgWDIxFjAUBgNVBAMTDURTVCBSb290Q0EgWDIx
+ITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBANx18IzAdZaawGIfJvfE4Zrq4FZzW5nNAUSoCLbV
+p9oaBBg5kkp4o4HC9Xd6ULRw/5qrxsfKboNPQpj7Jgva3G3WqZlVUmfpKAOS3OWw
+BZoPFflrWXJW8vo5/Kpo7g8fEIMv/J36F5bdguPmRX3AS4BEH+0s4IT9kVySVGkl
+5WJp3OXuAFK9MwutdQKFp2RQLcUZGTDAJtvJ0/0uma1ZtQtN1EGuhUhDWdy3qOKi
+3sOP17ihYqZoUFLkzzGnlIXan0YyF1bl8utmPRL/Q9uY73fPy4GNNLHGUEom0eQ+
+QVCvbK4iNC7Va26Dunm4dmVI2gkpZGMiuftHdoWMhkTLCdsCAwEAATANBgkqhkiG
+9w0BAQUFAAOCAQEAtTYOXeFhKFoRZcA/gwN5Tb4opgsHAlKFzfiR0BBstWogWxyQ
+2TA8xkieil5k+aFxd+8EJx8H6+Qm93N0yUQYGmbT4EOvkTvRyyzYdFQ6HE3K1GjN
+I3wdEJ5F6fYAbqbNGf9PLCmPV03Ed5K+4EwJ+11EhmYhqLkyolbV6YyDfFk/xPEL
+553snr2cGA4+wjl5KLcDDQjLxufZATdQEOzMYRZA1K8xdHv8PzGn0EdzMzkbzE5q
+10mDEQb+64JYMzJM8FasHpwvVpp7wUocpf1VNs78lk30sPDst2yC7S8xmUJMqbIN
+uBVd8d+6ybVK1GSYsyapMMj9puyrliGtf8J4tg==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            d0:1e:40:8b:00:00:77:6d:00:00:00:01:00:00:00:04
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X2, CN=DST RootCA X2/Email=ca at digsigtrust.com
+        Validity
+            Not Before: Nov 30 22:46:16 1998 GMT
+            Not After : Nov 27 22:46:16 2008 GMT
+        Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=DSTCA X2, CN=DST RootCA X2/Email=ca at digsigtrust.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dc:75:f0:8c:c0:75:96:9a:c0:62:1f:26:f7:c4:
+                    e1:9a:ea:e0:56:73:5b:99:cd:01:44:a8:08:b6:d5:
+                    a7:da:1a:04:18:39:92:4a:78:a3:81:c2:f5:77:7a:
+                    50:b4:70:ff:9a:ab:c6:c7:ca:6e:83:4f:42:98:fb:
+                    26:0b:da:dc:6d:d6:a9:99:55:52:67:e9:28:03:92:
+                    dc:e5:b0:05:9a:0f:15:f9:6b:59:72:56:f2:fa:39:
+                    fc:aa:68:ee:0f:1f:10:83:2f:fc:9d:fa:17:96:dd:
+                    82:e3:e6:45:7d:c0:4b:80:44:1f:ed:2c:e0:84:fd:
+                    91:5c:92:54:69:25:e5:62:69:dc:e5:ee:00:52:bd:
+                    33:0b:ad:75:02:85:a7:64:50:2d:c5:19:19:30:c0:
+                    26:db:c9:d3:fd:2e:99:ad:59:b5:0b:4d:d4:41:ae:
+                    85:48:43:59:dc:b7:a8:e2:a2:de:c3:8f:d7:b8:a1:
+                    62:a6:68:50:52:e4:cf:31:a7:94:85:da:9f:46:32:
+                    17:56:e5:f2:eb:66:3d:12:ff:43:db:98:ef:77:cf:
+                    cb:81:8d:34:b1:c6:50:4a:26:d1:e4:3e:41:50:af:
+                    6c:ae:22:34:2e:d5:6b:6e:83:ba:79:b8:76:65:48:
+                    da:09:29:64:63:22:b9:fb:47:76:85:8c:86:44:cb:
+                    09:db
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        b5:36:0e:5d:e1:61:28:5a:11:65:c0:3f:83:03:79:4d:be:28:
+        a6:0b:07:02:52:85:cd:f8:91:d0:10:6c:b5:6a:20:5b:1c:90:
+        d9:30:3c:c6:48:9e:8a:5e:64:f9:a1:71:77:ef:04:27:1f:07:
+        eb:e4:26:f7:73:74:c9:44:18:1a:66:d3:e0:43:af:91:3b:d1:
+        cb:2c:d8:74:54:3a:1c:4d:ca:d4:68:cd:23:7c:1d:10:9e:45:
+        e9:f6:00:6e:a6:cd:19:ff:4f:2c:29:8f:57:4d:c4:77:92:be:
+        e0:4c:09:fb:5d:44:86:66:21:a8:b9:32:a2:56:d5:e9:8c:83:
+        7c:59:3f:c4:f1:0b:e7:9d:ec:9e:bd:9c:18:0e:3e:c2:39:79:
+        28:b7:03:0d:08:cb:c6:e7:d9:01:37:50:10:ec:cc:61:16:40:
+        d4:af:31:74:7b:fc:3f:31:a7:d0:47:73:33:39:1b:cc:4e:6a:
+        d7:49:83:11:06:fe:eb:82:58:33:32:4c:f0:56:ac:1e:9c:2f:
+        56:9a:7b:c1:4a:1c:a5:fd:55:36:ce:fc:96:4d:f4:b0:f0:ec:
+        b7:6c:82:ed:2f:31:99:42:4c:a9:b2:0d:b8:15:5d:f1:df:ba:
+        c9:b5:4a:d4:64:98:b3:26:a9:30:c8:fd:a6:ec:ab:96:21:ad:
+        7f:c2:78:b6
+
+Entrust Worldwide by DST
+========================
+MD5 Fingerprint: B4:65:22:0A:7C:AD:DF:41:B7:D5:44:D5:AD:FA:9A:75
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDRzCCArCgAwIBAgIENm3FGDANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJV
+UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRswGQYDVQQL
+ExJEU1QtRW50cnVzdCBHVEkgQ0EwHhcNOTgxMjA5MDAwMjI0WhcNMTgxMjA5MDAz
+MjI0WjBQMQswCQYDVQQGEwJVUzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUg
+VHJ1c3QgQ28uMRswGQYDVQQLExJEU1QtRW50cnVzdCBHVEkgQ0EwgZ0wDQYJKoZI
+hvcNAQEBBQADgYsAMIGHAoGBALYd90uNDxPjEvUJ/gYyDq9MQfV91Ec9KgrfgwXe
+3n3mAxb2UTrLRxpKrX7E/R20vnSKeN0Lg460hBPE+/htKa6h4Q8PQ+O1XmBp+oOU
+/Hnm3Hbt0UQrjv0Su/4XdxcMie2n71F9xO04wzujevviTaBgtfL9E2XTxuw/vjWc
+PSLvAgEDo4IBLjCCASowEQYJYIZIAYb4QgEBBAQDAgAHMHIGA1UdHwRrMGkwZ6Bl
+oGOkYTBfMQswCQYDVQQGEwJVUzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUg
+VHJ1c3QgQ28uMRswGQYDVQQLExJEU1QtRW50cnVzdCBHVEkgQ0ExDTALBgNVBAMT
+BENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkwMDAyMjRagQ8yMDE4MTIwOTAwMDIy
+NFowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFJOaRMrQeFOAKUkE38evMz+ZdV+u
+MB0GA1UdDgQWBBSTmkTK0HhTgClJBN/HrzM/mXVfrjAMBgNVHRMEBTADAQH/MBkG
+CSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4GBAGSJzAOn
+3AryWCDn/RegKHLNh7DNmLUkR2MzMRAQsu+KV3KuTAPgZ5+sYEOEIsGpo+Wxp94J
+1M8NeEYjW49Je/4TIpeU6nJI4SwgeJbpZkUZywllY2E/0UmYsXYQVdVjSmZLpAdr
+3nt/ueaTWxoCW4AO3Y0Y1Iqjwmjxo+AY0U5M
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 913163544 (0x366dc518)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Digital Signature Trust Co., OU=DST-Entrust GTI CA
+        Validity
+            Not Before: Dec  9 00:02:24 1998 GMT
+            Not After : Dec  9 00:32:24 2018 GMT
+        Subject: C=US, O=Digital Signature Trust Co., OU=DST-Entrust GTI CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b6:1d:f7:4b:8d:0f:13:e3:12:f5:09:fe:06:32:
+                    0e:af:4c:41:f5:7d:d4:47:3d:2a:0a:df:83:05:de:
+                    de:7d:e6:03:16:f6:51:3a:cb:47:1a:4a:ad:7e:c4:
+                    fd:1d:b4:be:74:8a:78:dd:0b:83:8e:b4:84:13:c4:
+                    fb:f8:6d:29:ae:a1:e1:0f:0f:43:e3:b5:5e:60:69:
+                    fa:83:94:fc:79:e6:dc:76:ed:d1:44:2b:8e:fd:12:
+                    bb:fe:17:77:17:0c:89:ed:a7:ef:51:7d:c4:ed:38:
+                    c3:3b:a3:7a:fb:e2:4d:a0:60:b5:f2:fd:13:65:d3:
+                    c6:ec:3f:be:35:9c:3d:22:ef
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Digital Signature Trust Co./OU=DST-Entrust GTI CA/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not Before: Dec  9 00:02:24 1998 GMT, Not After: Dec  9 00:02:24 2018 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:93:9A:44:CA:D0:78:53:80:29:49:04:DF:C7:AF:33:3F:99:75:5F:AE
+
+            X509v3 Subject Key Identifier: 
+                93:9A:44:CA:D0:78:53:80:29:49:04:DF:C7:AF:33:3F:99:75:5F:AE
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0
+..V4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+        64:89:cc:03:a7:dc:0a:f2:58:20:e7:fd:17:a0:28:72:cd:87:
+        b0:cd:98:b5:24:47:63:33:31:10:10:b2:ef:8a:57:72:ae:4c:
+        03:e0:67:9f:ac:60:43:84:22:c1:a9:a3:e5:b1:a7:de:09:d4:
+        cf:0d:78:46:23:5b:8f:49:7b:fe:13:22:97:94:ea:72:48:e1:
+        2c:20:78:96:e9:66:45:19:cb:09:65:63:61:3f:d1:49:98:b1:
+        76:10:55:d5:63:4a:66:4b:a4:07:6b:de:7b:7f:b9:e6:93:5b:
+        1a:02:5b:80:0e:dd:8d:18:d4:8a:a3:c2:68:f1:a3:e0:18:d1:
+        4e:4c
+
+Entrust.net Premium 2048 Secure Server CA
+=========================================
+MD5 Fingerprint: BA:21:EA:20:D6:DD:DB:8F:C1:57:8B:40:AD:A1:FC:FC
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIEXDCCA0SgAwIBAgIEOGO5ZjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
+RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
+bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5
+IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0xOTEy
+MjQxODIwNTFaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3
+LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp
+YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG
+A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq
+K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe
+sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX
+MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT
+XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/
+HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH
+4QIDAQABo3QwcjARBglghkgBhvhCAQEEBAMCAAcwHwYDVR0jBBgwFoAUVeSB0RGA
+vtiJuQijMfmhJAkWuXAwHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJFrlwMB0G
+CSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEA
+WUesIYSKF8mciVMeuoCFGsY8Tj6xnLZ8xpJdGGQC49MGCBFhfGPjK50xA3B20qMo
+oPS7mmNz7W3lKtvtFKkrxjYR0CvrB4ul2p5cGZ1WEvVUKcgF7bISKo30Axv/55IQ
+h7A6tcOdBTcSo8f0FbnVpDkWm1M6I5HxqIKiaohowXkCIryqptau37AUX7iH0N18
+f3v/rxzP5tsHrV7bhZ3QKw0z2wTR5klAEyt2+z7pnIkPFc4YsIV4IU9rTw76NmfN
+B/L/CNDi3tm/Kq+4h4YhPATKt5Rof8886ZjXOP/swNlQ8C5LWK5Gb9Auw2DaclVy
+vUxFnmG6v4SBkgPR0ml8xQ==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 946059622 (0x3863b966)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
+        Validity
+            Not Before: Dec 24 17:50:51 1999 GMT
+            Not After : Dec 24 18:20:51 2019 GMT
+        Subject: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ad:4d:4b:a9:12:86:b2:ea:a3:20:07:15:16:64:
+                    2a:2b:4b:d1:bf:0b:4a:4d:8e:ed:80:76:a5:67:b7:
+                    78:40:c0:73:42:c8:68:c0:db:53:2b:dd:5e:b8:76:
+                    98:35:93:8b:1a:9d:7c:13:3a:0e:1f:5b:b7:1e:cf:
+                    e5:24:14:1e:b1:81:a9:8d:7d:b8:cc:6b:4b:03:f1:
+                    02:0c:dc:ab:a5:40:24:00:7f:74:94:a1:9d:08:29:
+                    b3:88:0b:f5:87:77:9d:55:cd:e4:c3:7e:d7:6a:64:
+                    ab:85:14:86:95:5b:97:32:50:6f:3d:c8:ba:66:0c:
+                    e3:fc:bd:b8:49:c1:76:89:49:19:fd:c0:a8:bd:89:
+                    a3:67:2f:c6:9f:bc:71:19:60:b8:2d:e9:2c:c9:90:
+                    76:66:7b:94:e2:af:78:d6:65:53:5d:3c:d6:9c:b2:
+                    cf:29:03:f9:2f:a4:50:b2:d4:48:ce:05:32:55:8a:
+                    fd:b2:64:4c:0e:e4:98:07:75:db:7f:df:b9:08:55:
+                    60:85:30:29:f9:7b:48:a4:69:86:e3:35:3f:1e:86:
+                    5d:7a:7a:15:bd:ef:00:8e:15:22:54:17:00:90:26:
+                    93:bc:0e:49:68:91:bf:f8:47:d3:9d:95:42:c1:0e:
+                    4d:df:6f:26:cf:c3:18:21:62:66:43:70:d6:d5:c0:
+                    07:e1
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 Authority Key Identifier: 
+                keyid:55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70
+
+            X509v3 Subject Key Identifier: 
+                55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70
+            1.2.840.113533.7.65.0: 
+                0...V5.0:4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+        59:47:ac:21:84:8a:17:c9:9c:89:53:1e:ba:80:85:1a:c6:3c:
+        4e:3e:b1:9c:b6:7c:c6:92:5d:18:64:02:e3:d3:06:08:11:61:
+        7c:63:e3:2b:9d:31:03:70:76:d2:a3:28:a0:f4:bb:9a:63:73:
+        ed:6d:e5:2a:db:ed:14:a9:2b:c6:36:11:d0:2b:eb:07:8b:a5:
+        da:9e:5c:19:9d:56:12:f5:54:29:c8:05:ed:b2:12:2a:8d:f4:
+        03:1b:ff:e7:92:10:87:b0:3a:b5:c3:9d:05:37:12:a3:c7:f4:
+        15:b9:d5:a4:39:16:9b:53:3a:23:91:f1:a8:82:a2:6a:88:68:
+        c1:79:02:22:bc:aa:a6:d6:ae:df:b0:14:5f:b8:87:d0:dd:7c:
+        7f:7b:ff:af:1c:cf:e6:db:07:ad:5e:db:85:9d:d0:2b:0d:33:
+        db:04:d1:e6:49:40:13:2b:76:fb:3e:e9:9c:89:0f:15:ce:18:
+        b0:85:78:21:4f:6b:4f:0e:fa:36:67:cd:07:f2:ff:08:d0:e2:
+        de:d9:bf:2a:af:b8:87:86:21:3c:04:ca:b7:94:68:7f:cf:3c:
+        e9:98:d7:38:ff:ec:c0:d9:50:f0:2e:4b:58:ae:46:6f:d0:2e:
+        c3:60:da:72:55:72:bd:4c:45:9e:61:ba:bf:84:81:92:03:d1:
+        d2:69:7c:c5
+
+Entrust.net Secure Personal CA
+==============================
+MD5 Fingerprint: 0C:41:2F:13:5B:A0:54:F5:96:66:2D:7E:CD:0E:03:F4
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIE7TCCBFagAwIBAgIEOAOR7jANBgkqhkiG9w0BAQQFADCByTELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MUgwRgYDVQQLFD93d3cuZW50cnVzdC5u
+ZXQvQ2xpZW50X0NBX0luZm8vQ1BTIGluY29ycC4gYnkgcmVmLiBsaW1pdHMgbGlh
+Yi4xJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV
+BAMTKkVudHJ1c3QubmV0IENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
+Fw05OTEwMTIxOTI0MzBaFw0xOTEwMTIxOTU0MzBaMIHJMQswCQYDVQQGEwJVUzEU
+MBIGA1UEChMLRW50cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9D
+bGllbnRfQ0FfSW5mby9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjEl
+MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMq
+RW50cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0G
+CSqGSIb3DQEBAQUAA4GLADCBhwKBgQDIOpleMRffrCdvkHvkGf9FozTC28GoT/Bo
+6oT9n3V5z8GKUZSvx1cDR2SerYIbWtp/N3hHuzeYEpbOxhN979IMMFGpOZ5V+Pux
+5zDeg7K6PvHViTs7hbqqdCz+PzFur5GVbgbUB01LLFZHGARS2g4Qk79jkJvh34zm
+AqTmT173iwIBA6OCAeAwggHcMBEGCWCGSAGG+EIBAQQEAwIABzCCASIGA1UdHwSC
+ARkwggEVMIHkoIHhoIHepIHbMIHYMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50
+cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0FfSW5m
+by9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UECxMcKGMp
+IDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQg
+Q2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCyg
+KqAohiZodHRwOi8vd3d3LmVudHJ1c3QubmV0L0NSTC9DbGllbnQxLmNybDArBgNV
+HRAEJDAigA8xOTk5MTAxMjE5MjQzMFqBDzIwMTkxMDEyMTkyNDMwWjALBgNVHQ8E
+BAMCAQYwHwYDVR0jBBgwFoAUxPucKXuXzUyW/O5bs8qZdIuV6kwwHQYDVR0OBBYE
+FMT7nCl7l81MlvzuW7PKmXSLlepMMAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EA
+BAwwChsEVjQuMAMCBJAwDQYJKoZIhvcNAQEEBQADgYEAP66K8ddmAwWePvrqHEa7
+pFuPeJoSSJn59DXeDDYHAmsQOokUgZwxpnyyQbJq5wcBoUv5nyU7lsqZwz6hURzz
+wy5E97BnRqqS5TvaHBkUODDV4qIxJS7x7EU47fgGWANzYrAQMY9Av2TgXD7FTx/a
+EkP/TOYGJqibGapEPHayXOw=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 939758062 (0x380391ee)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=Entrust.net, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Client Certification Authority
+        Validity
+            Not Before: Oct 12 19:24:30 1999 GMT
+            Not After : Oct 12 19:54:30 2019 GMT
+        Subject: C=US, O=Entrust.net, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Client Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c8:3a:99:5e:31:17:df:ac:27:6f:90:7b:e4:19:
+                    ff:45:a3:34:c2:db:c1:a8:4f:f0:68:ea:84:fd:9f:
+                    75:79:cf:c1:8a:51:94:af:c7:57:03:47:64:9e:ad:
+                    82:1b:5a:da:7f:37:78:47:bb:37:98:12:96:ce:c6:
+                    13:7d:ef:d2:0c:30:51:a9:39:9e:55:f8:fb:b1:e7:
+                    30:de:83:b2:ba:3e:f1:d5:89:3b:3b:85:ba:aa:74:
+                    2c:fe:3f:31:6e:af:91:95:6e:06:d4:07:4d:4b:2c:
+                    56:47:18:04:52:da:0e:10:93:bf:63:90:9b:e1:df:
+                    8c:e6:02:a4:e6:4f:5e:f7:8b
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Entrust.net/OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab./OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Client Certification Authority/CN=CRL1
+                URI:http://www.entrust.net/CRL/Client1.crl
+
+            X509v3 Private Key Usage Period: 
+                Not Before: Oct 12 19:24:30 1999 GMT, Not After: Oct 12 19:24:30 2019 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:C4:FB:9C:29:7B:97:CD:4C:96:FC:EE:5B:B3:CA:99:74:8B:95:EA:4C
+
+            X509v3 Subject Key Identifier: 
+                C4:FB:9C:29:7B:97:CD:4C:96:FC:EE:5B:B3:CA:99:74:8B:95:EA:4C
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0
+..V4.0....
+    Signature Algorithm: md5WithRSAEncryption
+        3f:ae:8a:f1:d7:66:03:05:9e:3e:fa:ea:1c:46:bb:a4:5b:8f:
+        78:9a:12:48:99:f9:f4:35:de:0c:36:07:02:6b:10:3a:89:14:
+        81:9c:31:a6:7c:b2:41:b2:6a:e7:07:01:a1:4b:f9:9f:25:3b:
+        96:ca:99:c3:3e:a1:51:1c:f3:c3:2e:44:f7:b0:67:46:aa:92:
+        e5:3b:da:1c:19:14:38:30:d5:e2:a2:31:25:2e:f1:ec:45:38:
+        ed:f8:06:58:03:73:62:b0:10:31:8f:40:bf:64:e0:5c:3e:c5:
+        4f:1f:da:12:43:ff:4c:e6:06:26:a8:9b:19:aa:44:3c:76:b2:
+        5c:ec
+
+Entrust.net Secure Server CA
+============================
+MD5 Fingerprint: DF:F2:80:73:CC:F1:E6:61:73:FC:F5:42:E9:C5:7C:EE
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC
+VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u
+ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc
+KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u
+ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1
+MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE
+ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j
+b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF
+bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg
+U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA
+A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/
+I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3
+wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC
+AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb
+oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5
+BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p
+dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk
+MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp
+b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu
+dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0
+MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi
+E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa
+MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI
+hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN
+95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd
+2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 927650371 (0x374ad243)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
+        Validity
+            Not Before: May 25 16:09:40 1999 GMT
+            Not After : May 25 16:39:40 2019 GMT
+        Subject: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:cd:28:83:34:54:1b:89:f3:0f:af:37:91:31:ff:
+                    af:31:60:c9:a8:e8:b2:10:68:ed:9f:e7:93:36:f1:
+                    0a:64:bb:47:f5:04:17:3f:23:47:4d:c5:27:19:81:
+                    26:0c:54:72:0d:88:2d:d9:1f:9a:12:9f:bc:b3:71:
+                    d3:80:19:3f:47:66:7b:8c:35:28:d2:b9:0a:df:24:
+                    da:9c:d6:50:79:81:7a:5a:d3:37:f7:c2:4a:d8:29:
+                    92:26:64:d1:e4:98:6c:3a:00:8a:f5:34:9b:65:f8:
+                    ed:e3:10:ff:fd:b8:49:58:dc:a0:de:82:39:6b:81:
+                    b1:16:19:61:b9:54:b6:e6:43
+                Exponent: 3 (0x3)
+        X509v3 extensions:
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority/CN=CRL1
+                URI:http://www.entrust.net/CRL/net1.crl
+
+            X509v3 Private Key Usage Period: 
+                Not Before: May 25 16:09:40 1999 GMT, Not After: May 25 16:09:40 2019 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A
+
+            X509v3 Subject Key Identifier: 
+                F0:17:62:13:55:3D:B3:FF:0A:00:6B:FB:50:84:97:F3:ED:62:D0:1A
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0
+..V4.0....
+    Signature Algorithm: sha1WithRSAEncryption
+        90:dc:30:02:fa:64:74:c2:a7:0a:a5:7c:21:8d:34:17:a8:fb:
+        47:0e:ff:25:7c:8d:13:0a:fb:e4:98:b5:ef:8c:f8:c5:10:0d:
+        f7:92:be:f1:c3:d5:d5:95:6a:04:bb:2c:ce:26:36:65:c8:31:
+        c6:e7:ee:3f:e3:57:75:84:7a:11:ef:46:4f:18:f4:d3:98:bb:
+        a8:87:32:ba:72:f6:3c:e2:3d:9f:d7:1d:d9:c3:60:43:8c:58:
+        0e:22:96:2f:62:a3:2c:1f:ba:ad:05:ef:ab:32:78:87:a0:54:
+        73:19:b5:5c:05:f9:52:3e:6d:2d:45:0b:f7:0a:93:ea:ed:06:
+        f9:b2
+
+Equifax Premium CA
+==================
+MD5 Fingerprint: A9:E9:A8:9D:0E:73:E3:B1:2F:37:0D:E8:48:3F:86:ED
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDIzCCAoygAwIBAgIENeHvHjANBgkqhkiG9w0BAQUFADBPMQswCQYDVQQGEwJV
+UzEQMA4GA1UEChMHRXF1aWZheDEuMCwGA1UECxMlRXF1aWZheCBQcmVtaXVtIENl
+cnRpZmljYXRlIEF1dGhvcml0eTAeFw05ODA4MjQyMjU0MjNaFw0xODA4MjQyMjU0
+MjNaME8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFcXVpZmF4MS4wLAYDVQQLEyVF
+cXVpZmF4IFByZW1pdW0gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0GCSqGSIb3
+DQEBAQUAA4GNADCBiQKBgQDOoQaOBswIC8GGqN4g1Q0O0Q3En+pq2bPCMkdAb4qI
+pAm9OCwd5svmpPM269rrvPxkswf2Lbyqzp8ZSGhK/PWiRX4JEPWPs0lcIwY56hOL
+uAvNkR12X9k3oUT7X5DyZ7PNGJlDH3YSawLylYM4Q8L2YjTKyXhdX9LYupr/vhBg
+WwIDAQABo4IBCjCCAQYwcQYDVR0fBGowaDBmoGSgYqRgMF4xCzAJBgNVBAYTAlVT
+MRAwDgYDVQQKEwdFcXVpZmF4MS4wLAYDVQQLEyVFcXVpZmF4IFByZW1pdW0gQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIw
+MTgwODI0MjI1NDIzWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUFe6yKFmrbuX4
+z4uB9CThrj91G5gwHQYDVR0OBBYEFBXusihZq27l+M+LgfQk4a4/dRuYMAwGA1Ud
+EwQFMAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEB
+BQUAA4GBAL0LnCepA9so3JipS9DRjqeoGlqR4Jzx9xh8LiKeNh/JqLXNRkpu+jUH
+G4YI65/iqPmdQS06rlxctl80BOv8KmCw+3TkhellOJbuFcfGd2MSvYpoH6tsfdrK
+XBPO6snrCVzFc+cSAdXZUwee4A+W8Iu0u0VIn4bFGVWgy5bFA/xI
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 903999262 (0x35e1ef1e)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Equifax, OU=Equifax Premium Certificate Authority
+        Validity
+            Not Before: Aug 24 22:54:23 1998 GMT
+            Not After : Aug 24 22:54:23 2018 GMT
+        Subject: C=US, O=Equifax, OU=Equifax Premium Certificate Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ce:a1:06:8e:06:cc:08:0b:c1:86:a8:de:20:d5:
+                    0d:0e:d1:0d:c4:9f:ea:6a:d9:b3:c2:32:47:40:6f:
+                    8a:88:a4:09:bd:38:2c:1d:e6:cb:e6:a4:f3:36:eb:
+                    da:eb:bc:fc:64:b3:07:f6:2d:bc:aa:ce:9f:19:48:
+                    68:4a:fc:f5:a2:45:7e:09:10:f5:8f:b3:49:5c:23:
+                    06:39:ea:13:8b:b8:0b:cd:91:1d:76:5f:d9:37:a1:
+                    44:fb:5f:90:f2:67:b3:cd:18:99:43:1f:76:12:6b:
+                    02:f2:95:83:38:43:c2:f6:62:34:ca:c9:78:5d:5f:
+                    d2:d8:ba:9a:ff:be:10:60:5b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Equifax/OU=Equifax Premium Certificate Authority/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not After: Aug 24 22:54:23 2018 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:15:EE:B2:28:59:AB:6E:E5:F8:CF:8B:81:F4:24:E1:AE:3F:75:1B:98
+
+            X509v3 Subject Key Identifier: 
+                15:EE:B2:28:59:AB:6E:E5:F8:CF:8B:81:F4:24:E1:AE:3F:75:1B:98
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0...V3.0c....
+    Signature Algorithm: sha1WithRSAEncryption
+        bd:0b:9c:27:a9:03:db:28:dc:98:a9:4b:d0:d1:8e:a7:a8:1a:
+        5a:91:e0:9c:f1:f7:18:7c:2e:22:9e:36:1f:c9:a8:b5:cd:46:
+        4a:6e:fa:35:07:1b:86:08:eb:9f:e2:a8:f9:9d:41:2d:3a:ae:
+        5c:5c:b6:5f:34:04:eb:fc:2a:60:b0:fb:74:e4:85:e9:65:38:
+        96:ee:15:c7:c6:77:63:12:bd:8a:68:1f:ab:6c:7d:da:ca:5c:
+        13:ce:ea:c9:eb:09:5c:c5:73:e7:12:01:d5:d9:53:07:9e:e0:
+        0f:96:f0:8b:b4:bb:45:48:9f:86:c5:19:55:a0:cb:96:c5:03:
+        fc:48
+
+Equifax Secure CA
+=================
+MD5 Fingerprint: 67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
+UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
+MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
+dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
+BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
+cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
+AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
+aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
+ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
+IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
+MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
+A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
+7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
+1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 903804111 (0x35def4cf)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+        Validity
+            Not Before: Aug 22 16:41:51 1998 GMT
+            Not After : Aug 22 16:41:51 2018 GMT
+        Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c1:5d:b1:58:67:08:62:ee:a0:9a:2d:1f:08:6d:
+                    91:14:68:98:0a:1e:fe:da:04:6f:13:84:62:21:c3:
+                    d1:7c:ce:9f:05:e0:b8:01:f0:4e:34:ec:e2:8a:95:
+                    04:64:ac:f1:6b:53:5f:05:b3:cb:67:80:bf:42:02:
+                    8e:fe:dd:01:09:ec:e1:00:14:4f:fc:fb:f0:0c:dd:
+                    43:ba:5b:2b:e1:1f:80:70:99:15:57:93:16:f1:0f:
+                    97:6a:b7:c2:68:23:1c:cc:4d:59:30:ac:51:1e:3b:
+                    af:2b:d6:ee:63:45:7b:c5:d9:5f:50:d2:e3:50:0f:
+                    3a:88:e7:bf:14:fd:e0:c7:b9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 CRL Distribution Points: 
+                DirName:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority/CN=CRL1
+
+            X509v3 Private Key Usage Period: 
+                Not After: Aug 22 16:41:51 2018 GMT
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Authority Key Identifier: 
+                keyid:48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
+
+            X509v3 Subject Key Identifier: 
+                48:E6:68:F9:2B:D2:B2:95:D7:47:D8:23:20:10:4F:33:98:90:9F:D4
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            1.2.840.113533.7.65.0: 
+                0...V3.0c....
+    Signature Algorithm: sha1WithRSAEncryption
+        58:ce:29:ea:fc:f7:de:b5:ce:02:b9:17:b5:85:d1:b9:e3:e0:
+        95:cc:25:31:0d:00:a6:92:6e:7f:b6:92:63:9e:50:95:d1:9a:
+        6f:e4:11:de:63:85:6e:98:ee:a8:ff:5a:c8:d3:55:b2:66:71:
+        57:de:c0:21:eb:3d:2a:a7:23:49:01:04:86:42:7b:fc:ee:7f:
+        a2:16:52:b5:67:67:d3:40:db:3b:26:58:b2:28:77:3d:ae:14:
+        77:61:d6:fa:2a:66:27:a0:0d:fa:a7:73:5c:ea:70:f1:94:21:
+        65:44:5f:fa:fc:ef:29:68:a9:a2:87:79:ef:79:ef:4f:ac:07:
+        77:38
+
+GTE CyberTrust Global Root
+==========================
+MD5 Fingerprint: CA:3D:D3:68:F1:03:5C:D0:32:FA:B8:2B:59:E8:5A:DB
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
+bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv
+b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
+cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds
+b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH
+iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS
+r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4
+04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r
+GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9
+3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P
+lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 421 (0x1a5)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
+        Validity
+            Not Before: Aug 13 00:29:00 1998 GMT
+            Not After : Aug 13 23:59:00 2018 GMT
+        Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:95:0f:a0:b6:f0:50:9c:e8:7a:c7:88:cd:dd:17:
+                    0e:2e:b0:94:d0:1b:3d:0e:f6:94:c0:8a:94:c7:06:
+                    c8:90:97:c8:b8:64:1a:7a:7e:6c:3c:53:e1:37:28:
+                    73:60:7f:b2:97:53:07:9f:53:f9:6d:58:94:d2:af:
+                    8d:6d:88:67:80:e6:ed:b2:95:cf:72:31:ca:a5:1c:
+                    72:ba:5c:02:e7:64:42:e7:f9:a9:2c:d6:3a:0d:ac:
+                    8d:42:aa:24:01:39:e6:9c:3f:01:85:57:0d:58:87:
+                    45:f8:d3:85:aa:93:69:26:85:70:48:80:3f:12:15:
+                    c7:79:b4:1f:05:2f:3b:62:99
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        6d:eb:1b:09:e9:5e:d9:51:db:67:22:61:a4:2a:3c:48:77:e3:
+        a0:7c:a6:de:73:a2:14:03:85:3d:fb:ab:0e:30:c5:83:16:33:
+        81:13:08:9e:7b:34:4e:df:40:c8:74:d7:b9:7d:dc:f4:76:55:
+        7d:9b:63:54:18:e9:f0:ea:f3:5c:b1:d9:8b:42:1e:b9:c0:95:
+        4e:ba:fa:d5:e2:7c:f5:68:61:bf:8e:ec:05:97:5f:5b:b0:d7:
+        a3:85:34:c4:24:a7:0d:0f:95:93:ef:cb:94:d8:9e:1f:9d:5c:
+        85:6d:c7:aa:ae:4f:1f:22:b5:cd:95:ad:ba:a7:cc:f9:ab:0b:
+        7a:7f
+
+GTE CyberTrust Japan Root CA
+============================
+MD5 Fingerprint: DE:AB:FF:43:2A:65:37:06:9B:28:B5:7A:E8:84:D3:8E
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICETCCAXoCAU4wDQYJKoZIhvcNAQEEBQAwUTELMAkGA1UEBhMCSlAxHzAdBgNV
+BAoTFkN5YmVyVHJ1c3QgSmFwYW4sIEluYy4xITAfBgNVBAMTGEN5YmVyVHJ1c3Qg
+SkFQQU4gUm9vdCBDQTAeFw05ODA4MDQwNzU3MDBaFw0wMzA4MDQyMzU5MDBaMFEx
+CzAJBgNVBAYTAkpQMR8wHQYDVQQKExZDeWJlclRydXN0IEphcGFuLCBJbmMuMSEw
+HwYDVQQDExhDeWJlclRydXN0IEpBUEFOIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEB
+BQADgY0AMIGJAoGBALet/MpHEHaJ/Wes5HMGfIFLHda1fA5Hr+ymVHWoxP1lr+fI
+sbFsNDWN97lkVygLIVredP7ceC6GRhJMfxEf3JO9X75mmIa4t+xtSdOQ2eF5AFZo
+uq1sHyw7H8ksjEOwBELqgXOmzjN1RQ2KRXIvqldV5AfDQ+J1Og+8PNCEzrrvAgMB
+AAEwDQYJKoZIhvcNAQEEBQADgYEAt6ZkowyAPBzE2O5BO+WGpJ5gXdYBMqhqZC0g
+cEC6ck5m+gdlTgOOC/1W4K07IKcy+rISHoDfHuN6GMxX2+bJNGDvdesQFtCkLnDY
+JCO4pXdzQvkHOt0BbAiTBzUmECVgKf8J5WSfabkWSfNc3SRjRpMNsFM2dbxIILsZ
+to/QIv0=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 78 (0x4e)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=JP, O=CyberTrust Japan, Inc., CN=CyberTrust JAPAN Root CA
+        Validity
+            Not Before: Aug  4 07:57:00 1998 GMT
+            Not After : Aug  4 23:59:00 2003 GMT
+        Subject: C=JP, O=CyberTrust Japan, Inc., CN=CyberTrust JAPAN Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b7:ad:fc:ca:47:10:76:89:fd:67:ac:e4:73:06:
+                    7c:81:4b:1d:d6:b5:7c:0e:47:af:ec:a6:54:75:a8:
+                    c4:fd:65:af:e7:c8:b1:b1:6c:34:35:8d:f7:b9:64:
+                    57:28:0b:21:5a:de:74:fe:dc:78:2e:86:46:12:4c:
+                    7f:11:1f:dc:93:bd:5f:be:66:98:86:b8:b7:ec:6d:
+                    49:d3:90:d9:e1:79:00:56:68:ba:ad:6c:1f:2c:3b:
+                    1f:c9:2c:8c:43:b0:04:42:ea:81:73:a6:ce:33:75:
+                    45:0d:8a:45:72:2f:aa:57:55:e4:07:c3:43:e2:75:
+                    3a:0f:bc:3c:d0:84:ce:ba:ef
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        b7:a6:64:a3:0c:80:3c:1c:c4:d8:ee:41:3b:e5:86:a4:9e:60:
+        5d:d6:01:32:a8:6a:64:2d:20:70:40:ba:72:4e:66:fa:07:65:
+        4e:03:8e:0b:fd:56:e0:ad:3b:20:a7:32:fa:b2:12:1e:80:df:
+        1e:e3:7a:18:cc:57:db:e6:c9:34:60:ef:75:eb:10:16:d0:a4:
+        2e:70:d8:24:23:b8:a5:77:73:42:f9:07:3a:dd:01:6c:08:93:
+        07:35:26:10:25:60:29:ff:09:e5:64:9f:69:b9:16:49:f3:5c:
+        dd:24:63:46:93:0d:b0:53:36:75:bc:48:20:bb:19:b6:8f:d0:
+        22:fd
+
+GTE CyberTrust Japan Secure Server CA
+=====================================
+MD5 Fingerprint: DD:0D:0D:B4:78:4B:7D:CE:30:0A:A6:35:C6:AB:4C:88
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICIzCCAYwCAU8wDQYJKoZIhvcNAQEEBQAwWjELMAkGA1UEBhMCSlAxHzAdBgNV
+BAoTFkN5YmVyVHJ1c3QgSmFwYW4sIEluYy4xKjAoBgNVBAMTIUN5YmVyVHJ1c3Qg
+SkFQQU4gU2VjdXJlIFNlcnZlciBDQTAeFw05ODA4MDQwODA2MzJaFw0wMzA4MDQy
+MzU5MDBaMFoxCzAJBgNVBAYTAkpQMR8wHQYDVQQKExZDeWJlclRydXN0IEphcGFu
+LCBJbmMuMSowKAYDVQQDEyFDeWJlclRydXN0IEpBUEFOIFNlY3VyZSBTZXJ2ZXIg
+Q0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKwmo6G4b2rALBL52zEFkuf9
++tSBtLjVKtWQ+vBDZfwSFcrs27lh3jNjN0+vADx/kjcbGHPlnzyI8RoTRP558sMm
+lQ8L8J4UByFsV8Jdw+JRsM2LX81fhjj4eZc57Oi/Ui6xXqqprozt7tfIty4xi7Q5
+kjt8gScHGgFEL0lzILbJAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAaB17Eu5aeSkx
+ygGsi1CpJ5ksAPw4Ghz/wtXwE/4bpzn1gBTrUfrAjXuEG1musTVRbqE+1xvsoJ7f
+4KWCluOxP9io8ct5gI738ESZfhT1I6MR42hLBTZuiOOrhqo4UwNCO9O5+eC/BenT
+X8NKp7b9t12QSfiasq1mpoIAk65g/yA=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 79 (0x4f)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=JP, O=CyberTrust Japan, Inc., CN=CyberTrust JAPAN Secure Server CA
+        Validity
+            Not Before: Aug  4 08:06:32 1998 GMT
+            Not After : Aug  4 23:59:00 2003 GMT
+        Subject: C=JP, O=CyberTrust Japan, Inc., CN=CyberTrust JAPAN Secure Server CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ac:26:a3:a1:b8:6f:6a:c0:2c:12:f9:db:31:05:
+                    92:e7:fd:fa:d4:81:b4:b8:d5:2a:d5:90:fa:f0:43:
+                    65:fc:12:15:ca:ec:db:b9:61:de:33:63:37:4f:af:
+                    00:3c:7f:92:37:1b:18:73:e5:9f:3c:88:f1:1a:13:
+                    44:fe:79:f2:c3:26:95:0f:0b:f0:9e:14:07:21:6c:
+                    57:c2:5d:c3:e2:51:b0:cd:8b:5f:cd:5f:86:38:f8:
+                    79:97:39:ec:e8:bf:52:2e:b1:5e:aa:a9:ae:8c:ed:
+                    ee:d7:c8:b7:2e:31:8b:b4:39:92:3b:7c:81:27:07:
+                    1a:01:44:2f:49:73:20:b6:c9
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        68:1d:7b:12:ee:5a:79:29:31:ca:01:ac:8b:50:a9:27:99:2c:
+        00:fc:38:1a:1c:ff:c2:d5:f0:13:fe:1b:a7:39:f5:80:14:eb:
+        51:fa:c0:8d:7b:84:1b:59:ae:b1:35:51:6e:a1:3e:d7:1b:ec:
+        a0:9e:df:e0:a5:82:96:e3:b1:3f:d8:a8:f1:cb:79:80:8e:f7:
+        f0:44:99:7e:14:f5:23:a3:11:e3:68:4b:05:36:6e:88:e3:ab:
+        86:aa:38:53:03:42:3b:d3:b9:f9:e0:bf:05:e9:d3:5f:c3:4a:
+        a7:b6:fd:b7:5d:90:49:f8:9a:b2:ad:66:a6:82:00:93:ae:60:
+        ff:20
+
+GTE CyberTrust Root 2
+=====================
+MD5 Fingerprint: BA:ED:17:57:9A:4B:FF:7C:F9:C9:1F:A2:CD:1A:D6:87
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbkCAgGbMA0GCSqGSIb3DQEBBAUAMHAxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
+bHV0aW9ucywgSW5jLjEeMBwGA1UEAxMVR1RFIEN5YmVyVHJ1c3QgUm9vdCAyMB4X
+DTk4MDgxMTExMzUwN1oXDTA4MDgxMTExMjIxNlowcDELMAkGA1UEBhMCVVMxGDAW
+BgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3Qg
+U29sdXRpb25zLCBJbmMuMR4wHAYDVQQDExVHVEUgQ3liZXJUcnVzdCBSb290IDIw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANksTE4vaRoj41a6886EwAnAefFE
+XzMfFZF/iogouCRFzI8YzR900bWPcUzWMfZzloSUQMWpg2Akfa9vNLdLTMIJgDtF
+BJ7EPMQndXsADKFkR7UUXYJLUTpYu0RMPdPlBjjoYVyYeLuAs5zacoJioN+cX+v5
+T3fCzGAYAGs0giWzAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAo2SRbxDt526iQkCU
+eM74FAjR+kOF60bNkhTQ7y4tNjkY2brJJ4gp6UgXb/jBqshhbS39QC11QzCXOfgU
+ZL1v72OoK0LfsloNJex7N9jOkSmCFvnoYqLhdsQCfd0li5jh9g1gjPZZkEBRRNHC
++xkkHhc5a3QhFTPWVdeCHnAsJ6g=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 411 (0x19b)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 2
+        Validity
+            Not Before: Aug 11 11:35:07 1998 GMT
+            Not After : Aug 11 11:22:16 2008 GMT
+        Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 2
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d9:2c:4c:4e:2f:69:1a:23:e3:56:ba:f3:ce:84:
+                    c0:09:c0:79:f1:44:5f:33:1f:15:91:7f:8a:88:28:
+                    b8:24:45:cc:8f:18:cd:1f:74:d1:b5:8f:71:4c:d6:
+                    31:f6:73:96:84:94:40:c5:a9:83:60:24:7d:af:6f:
+                    34:b7:4b:4c:c2:09:80:3b:45:04:9e:c4:3c:c4:27:
+                    75:7b:00:0c:a1:64:47:b5:14:5d:82:4b:51:3a:58:
+                    bb:44:4c:3d:d3:e5:06:38:e8:61:5c:98:78:bb:80:
+                    b3:9c:da:72:82:62:a0:df:9c:5f:eb:f9:4f:77:c2:
+                    cc:60:18:00:6b:34:82:25:b3
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        a3:64:91:6f:10:ed:e7:6e:a2:42:40:94:78:ce:f8:14:08:d1:
+        fa:43:85:eb:46:cd:92:14:d0:ef:2e:2d:36:39:18:d9:ba:c9:
+        27:88:29:e9:48:17:6f:f8:c1:aa:c8:61:6d:2d:fd:40:2d:75:
+        43:30:97:39:f8:14:64:bd:6f:ef:63:a8:2b:42:df:b2:5a:0d:
+        25:ec:7b:37:d8:ce:91:29:82:16:f9:e8:62:a2:e1:76:c4:02:
+        7d:dd:25:8b:98:e1:f6:0d:60:8c:f6:59:90:40:51:44:d1:c2:
+        fb:19:24:1e:17:39:6b:74:21:15:33:d6:55:d7:82:1e:70:2c:
+        27:a8
+
+GTE CyberTrust Root 3
+=====================
+MD5 Fingerprint: DB:81:96:57:AE:64:61:EF:77:A7:83:C4:51:24:3C:87
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICUDCCAbkCAgGXMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
+bHV0aW9ucywgSW5jLjEeMBwGA1UEAxMVR1RFIEN5YmVyVHJ1c3QgUm9vdCAzMB4X
+DTk4MDgxMDE5NTkwOFoXDTA4MDgxMDE5MzYzOVowcDELMAkGA1UEBhMCVVMxGDAW
+BgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3Qg
+U29sdXRpb25zLCBJbmMuMR4wHAYDVQQDExVHVEUgQ3liZXJUcnVzdCBSb290IDMw
+gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOHzsSsLztwU2TSXYlASVmOETFP6
+wIXP+sHdD955E39T+6oOYN3iYr/G7k6ZNKpoQzWZ+KP982O9AVRqnrI6lix7eCjG
+WrWNGhUY/eOMLqJQCVtx1g21GB8ZjgQpk5N4q18U53NC8gMMV6IbUDsLu1ngoDoD
+7icbWky5sAjKuRqJAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAheutlCAG6bKiazvy
+ZuvjS7gSJgXl9JGo3IfcmPSUwfRhvdWcbFFzlV7QvdfmRdw8z0aE1ee57ORnY24A
+KHdxXUoF6bl8hszCRLveKUja6t29F58dUQGo6BResVf3/9qPzpX+Le0yEnf/fGph
+la4xcgYI8PnzDY7i76hTXZEDg94=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 407 (0x197)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 3
+        Validity
+            Not Before: Aug 10 19:59:08 1998 GMT
+            Not After : Aug 10 19:36:39 2008 GMT
+        Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e1:f3:b1:2b:0b:ce:dc:14:d9:34:97:62:50:12:
+                    56:63:84:4c:53:fa:c0:85:cf:fa:c1:dd:0f:de:79:
+                    13:7f:53:fb:aa:0e:60:dd:e2:62:bf:c6:ee:4e:99:
+                    34:aa:68:43:35:99:f8:a3:fd:f3:63:bd:01:54:6a:
+                    9e:b2:3a:96:2c:7b:78:28:c6:5a:b5:8d:1a:15:18:
+                    fd:e3:8c:2e:a2:50:09:5b:71:d6:0d:b5:18:1f:19:
+                    8e:04:29:93:93:78:ab:5f:14:e7:73:42:f2:03:0c:
+                    57:a2:1b:50:3b:0b:bb:59:e0:a0:3a:03:ee:27:1b:
+                    5a:4c:b9:b0:08:ca:b9:1a:89
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        85:eb:ad:94:20:06:e9:b2:a2:6b:3b:f2:66:eb:e3:4b:b8:12:
+        26:05:e5:f4:91:a8:dc:87:dc:98:f4:94:c1:f4:61:bd:d5:9c:
+        6c:51:73:95:5e:d0:bd:d7:e6:45:dc:3c:cf:46:84:d5:e7:b9:
+        ec:e4:67:63:6e:00:28:77:71:5d:4a:05:e9:b9:7c:86:cc:c2:
+        44:bb:de:29:48:da:ea:dd:bd:17:9f:1d:51:01:a8:e8:14:5e:
+        b1:57:f7:ff:da:8f:ce:95:fe:2d:ed:32:12:77:ff:7c:6a:61:
+        95:ae:31:72:06:08:f0:f9:f3:0d:8e:e2:ef:a8:53:5d:91:03:
+        83:de
+
+GTE CyberTrust Root 4
+=====================
+MD5 Fingerprint: 33:43:02:B1:B9:E0:73:B1:B1:20:CA:CB:C7:84:03:50
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDVTCCAj0CAgGoMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
+bHV0aW9ucywgSW5jLjEeMBwGA1UEAxMVR1RFIEN5YmVyVHJ1c3QgUm9vdCA0MB4X
+DTk4MDgxMzEzNTEwMFoXDTEzMDgxMzIzNTkwMFowcDELMAkGA1UEBhMCVVMxGDAW
+BgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3Qg
+U29sdXRpb25zLCBJbmMuMR4wHAYDVQQDExVHVEUgQ3liZXJUcnVzdCBSb290IDQw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6nSJuf9pmPDlCsaMqb9P3
+vK6sMVrXEZBHuZ0ZLvnzGyKgw+GnusT8XgqUS5haSybkH/Tc8/6OiNxsLXx3hyZQ
+wF5OqCih6hdpT03GAQ7amg0GViYVtqRdejWvje14Uob5OKuzAdPaBZaxtlCrwKGu
+F1P6QzkgcWUj223Etu2YRYPX0vbiqWv7+XXM78WrcZY16N+OkZuoEHUft84Tjmuz
+lneXGpEvxyxpmfAPKmgAmHZEG4wo0uuO9IO0f6QlXmw72cZo1WG41F4xB7VbkDVS
+V3sXIO0tuB6OiDk+Usvf8FyxZbulErSQY79xnTLB2r9QSpW+BjrEK+vNmHZETQvl
+AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEOvHIfJSbpliTRJPOoHO0eiedSgO5Bs
+3n+oVMPoTEAyvMjsHOXZrEC6/Iw/wnOc9GTq36ntTlvIAWDuOW1DJ/N/qgjS/k5v
+FDJNfeQ0gKU1xNZGULQ7oC1lH09lfjQoLcCndn0xyQ0zFvYgGSARULsDzHBtlrfv
+TKfaNhXPu03UltyITWyY7blz/ihXoO1k+AqBKXP29pcyhzm0ge/ZTRoHNPe6QjXe
+V9xc1vfF6wonDIGmwtBoTv2SW0iD9haKjzZb7TFsP0F6cfeSPzGkCkBM84biYcE8
+SYEtpbjvupcPvCsdm4ny0o4eTYbywqv2LZnAGyoNobZP+SxYTT19Nwo=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 424 (0x1a8)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 4
+        Validity
+            Not Before: Aug 13 13:51:00 1998 GMT
+            Not After : Aug 13 23:59:00 2013 GMT
+        Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 4
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ba:9d:22:6e:7f:da:66:3c:39:42:b1:a3:2a:6f:
+                    d3:f7:bc:ae:ac:31:5a:d7:11:90:47:b9:9d:19:2e:
+                    f9:f3:1b:22:a0:c3:e1:a7:ba:c4:fc:5e:0a:94:4b:
+                    98:5a:4b:26:e4:1f:f4:dc:f3:fe:8e:88:dc:6c:2d:
+                    7c:77:87:26:50:c0:5e:4e:a8:28:a1:ea:17:69:4f:
+                    4d:c6:01:0e:da:9a:0d:06:56:26:15:b6:a4:5d:7a:
+                    35:af:8d:ed:78:52:86:f9:38:ab:b3:01:d3:da:05:
+                    96:b1:b6:50:ab:c0:a1:ae:17:53:fa:43:39:20:71:
+                    65:23:db:6d:c4:b6:ed:98:45:83:d7:d2:f6:e2:a9:
+                    6b:fb:f9:75:cc:ef:c5:ab:71:96:35:e8:df:8e:91:
+                    9b:a8:10:75:1f:b7:ce:13:8e:6b:b3:96:77:97:1a:
+                    91:2f:c7:2c:69:99:f0:0f:2a:68:00:98:76:44:1b:
+                    8c:28:d2:eb:8e:f4:83:b4:7f:a4:25:5e:6c:3b:d9:
+                    c6:68:d5:61:b8:d4:5e:31:07:b5:5b:90:35:52:57:
+                    7b:17:20:ed:2d:b8:1e:8e:88:39:3e:52:cb:df:f0:
+                    5c:b1:65:bb:a5:12:b4:90:63:bf:71:9d:32:c1:da:
+                    bf:50:4a:95:be:06:3a:c4:2b:eb:cd:98:76:44:4d:
+                    0b:e5
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        43:af:1c:87:c9:49:ba:65:89:34:49:3c:ea:07:3b:47:a2:79:
+        d4:a0:3b:90:6c:de:7f:a8:54:c3:e8:4c:40:32:bc:c8:ec:1c:
+        e5:d9:ac:40:ba:fc:8c:3f:c2:73:9c:f4:64:ea:df:a9:ed:4e:
+        5b:c8:01:60:ee:39:6d:43:27:f3:7f:aa:08:d2:fe:4e:6f:14:
+        32:4d:7d:e4:34:80:a5:35:c4:d6:46:50:b4:3b:a0:2d:65:1f:
+        4f:65:7e:34:28:2d:c0:a7:76:7d:31:c9:0d:33:16:f6:20:19:
+        20:11:50:bb:03:cc:70:6d:96:b7:ef:4c:a7:da:36:15:cf:bb:
+        4d:d4:96:dc:88:4d:6c:98:ed:b9:73:fe:28:57:a0:ed:64:f8:
+        0a:81:29:73:f6:f6:97:32:87:39:b4:81:ef:d9:4d:1a:07:34:
+        f7:ba:42:35:de:57:dc:5c:d6:f7:c5:eb:0a:27:0c:81:a6:c2:
+        d0:68:4e:fd:92:5b:48:83:f6:16:8a:8f:36:5b:ed:31:6c:3f:
+        41:7a:71:f7:92:3f:31:a4:0a:40:4c:f3:86:e2:61:c1:3c:49:
+        81:2d:a5:b8:ef:ba:97:0f:bc:2b:1d:9b:89:f2:d2:8e:1e:4d:
+        86:f2:c2:ab:f6:2d:99:c0:1b:2a:0d:a1:b6:4f:f9:2c:58:4d:
+        3d:7d:37:0a
+
+GTE CyberTrust Root 5
+=====================
+MD5 Fingerprint: 7D:6C:86:E4:FC:4D:D1:0B:00:BA:22:BB:4E:7C:6A:8E
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDtjCCAp6gAwIBAgICAbYwDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UEBhMCVVMx
+GDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1
+c3QgU29sdXRpb25zLCBJbmMuMR4wHAYDVQQDExVHVEUgQ3liZXJUcnVzdCBSb290
+IDUwHhcNOTgwODE0MTQ1MDAwWhcNMTMwODE0MjM1OTAwWjBwMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
+cnVzdCBTb2x1dGlvbnMsIEluYy4xHjAcBgNVBAMTFUdURSBDeWJlclRydXN0IFJv
+b3QgNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALwSbj+KfHqXAewe
+uzlaAvR4RKJIG457SVJ6uHtHs6+Um2+7lvoramVcuByUc76/iQoigO5X/IwFu3Cf
+lzkE2qOHXKjlyq/AM5rVN1xLrOSA0KYjYPv9ci6UncfOwgQy73hgXe2thw9FZR48
+mgqavl0dmezn8tHGehfZrZtUln/EfGC/haoVNR1A2hG87FQhKC0joajwzy3N3fx+
+D17hZQdWywe00lboXjHMGGPEhtIthc+Tkqtt/mg5+95zvYb45EZ66p8My/QZ/mO8
+0Sx7iDM29uThnAxTgWAc2i6rlqkWiBNQmbK9Vd8VMH7o5Zj7cH5stQf8/Ea30O03
+ln4y/iECAwEAAaNaMFgwEgYDVR0TAQH/BAgwBgEB/wIBBTAOBgNVHQ8BAf8EBAMC
+AQYwFwYDVR0gBBAwDjAMBgoqhkiG+GMBAgEDMBkGA1UdDgQSBBB2CkkhOEyf3vjE
+ScdxcZGdMA0GCSqGSIb3DQEBBQUAA4IBAQBBOtQYW9q43iEc4Y4J5fFoNP/elvQH
+9ac886xKsZv6kvqb7eYyIapKdsXcTzjl39WG5NXIdn2Y17HNj021kSNsi4rr6nzv
+FJTExvAfSi0ycWMrY5EmAgm2gB3t4sy4f9uHY8jh0GwmsTUdQGYQG82VVBgzYewT
+T9oT95mvPtDPjqZyorPDBZrJJ32SzH5SjbOrcG2eiZ9N6xp1wpiq1QIW1wyKvyXk
+6y28mOlYOBl8uTf+2+KZCHMGx5eDan0QAS8yuRcFSmXmL86+XlOmgumaUwqEdC2D
+ysiUFnZflGEo8IWnObvXi9moshMdVAk0JH0ggX1mfqKQdFwQxr3sqxvC
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 438 (0x1b6)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 5
+        Validity
+            Not Before: Aug 14 14:50:00 1998 GMT
+            Not After : Aug 14 23:59:00 2013 GMT
+        Subject: C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Root 5
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:bc:12:6e:3f:8a:7c:7a:97:01:ec:1e:bb:39:5a:
+                    02:f4:78:44:a2:48:1b:8e:7b:49:52:7a:b8:7b:47:
+                    b3:af:94:9b:6f:bb:96:fa:2b:6a:65:5c:b8:1c:94:
+                    73:be:bf:89:0a:22:80:ee:57:fc:8c:05:bb:70:9f:
+                    97:39:04:da:a3:87:5c:a8:e5:ca:af:c0:33:9a:d5:
+                    37:5c:4b:ac:e4:80:d0:a6:23:60:fb:fd:72:2e:94:
+                    9d:c7:ce:c2:04:32:ef:78:60:5d:ed:ad:87:0f:45:
+                    65:1e:3c:9a:0a:9a:be:5d:1d:99:ec:e7:f2:d1:c6:
+                    7a:17:d9:ad:9b:54:96:7f:c4:7c:60:bf:85:aa:15:
+                    35:1d:40:da:11:bc:ec:54:21:28:2d:23:a1:a8:f0:
+                    cf:2d:cd:dd:fc:7e:0f:5e:e1:65:07:56:cb:07:b4:
+                    d2:56:e8:5e:31:cc:18:63:c4:86:d2:2d:85:cf:93:
+                    92:ab:6d:fe:68:39:fb:de:73:bd:86:f8:e4:46:7a:
+                    ea:9f:0c:cb:f4:19:fe:63:bc:d1:2c:7b:88:33:36:
+                    f6:e4:e1:9c:0c:53:81:60:1c:da:2e:ab:96:a9:16:
+                    88:13:50:99:b2:bd:55:df:15:30:7e:e8:e5:98:fb:
+                    70:7e:6c:b5:07:fc:fc:46:b7:d0:ed:37:96:7e:32:
+                    fe:21
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:5
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Certificate Policies: 
+                Policy: 1.2.840.113763.1.2.1.3
+
+            X509v3 Subject Key Identifier: 
+                76:0A:49:21:38:4C:9F:DE:F8:C4:49:C7:71:71:91:9D
+    Signature Algorithm: sha1WithRSAEncryption
+        41:3a:d4:18:5b:da:b8:de:21:1c:e1:8e:09:e5:f1:68:34:ff:
+        de:96:f4:07:f5:a7:3c:f3:ac:4a:b1:9b:fa:92:fa:9b:ed:e6:
+        32:21:aa:4a:76:c5:dc:4f:38:e5:df:d5:86:e4:d5:c8:76:7d:
+        98:d7:b1:cd:8f:4d:b5:91:23:6c:8b:8a:eb:ea:7c:ef:14:94:
+        c4:c6:f0:1f:4a:2d:32:71:63:2b:63:91:26:02:09:b6:80:1d:
+        ed:e2:cc:b8:7f:db:87:63:c8:e1:d0:6c:26:b1:35:1d:40:66:
+        10:1b:cd:95:54:18:33:61:ec:13:4f:da:13:f7:99:af:3e:d0:
+        cf:8e:a6:72:a2:b3:c3:05:9a:c9:27:7d:92:cc:7e:52:8d:b3:
+        ab:70:6d:9e:89:9f:4d:eb:1a:75:c2:98:aa:d5:02:16:d7:0c:
+        8a:bf:25:e4:eb:2d:bc:98:e9:58:38:19:7c:b9:37:fe:db:e2:
+        99:08:73:06:c7:97:83:6a:7d:10:01:2f:32:b9:17:05:4a:65:
+        e6:2f:ce:be:5e:53:a6:82:e9:9a:53:0a:84:74:2d:83:ca:c8:
+        94:16:76:5f:94:61:28:f0:85:a7:39:bb:d7:8b:d9:a8:b2:13:
+        1d:54:09:34:24:7d:20:81:7d:66:7e:a2:90:74:5c:10:c6:bd:
+        ec:ab:1b:c2
+
+GTE CyberTrust Root CA
+======================
+MD5 Fingerprint: C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
+VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
+b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
+UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
+cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv
+RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
+ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
+1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
+dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl
+IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy
+bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 419 (0x1a3)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, O=GTE Corporation, CN=GTE CyberTrust Root
+        Validity
+            Not Before: Feb 23 23:01:00 1996 GMT
+            Not After : Feb 23 23:59:00 2006 GMT
+        Subject: C=US, O=GTE Corporation, CN=GTE CyberTrust Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b8:e6:4f:ba:db:98:7c:71:7c:af:44:b7:d3:0f:
+                    46:d9:64:e5:93:c1:42:8e:c7:ba:49:8d:35:2d:7a:
+                    e7:8b:bd:e5:05:31:59:c6:b1:2f:0a:0c:fb:9f:a7:
+                    3f:a2:09:66:84:56:1e:37:29:1b:87:e9:7e:0c:ca:
+                    9a:9f:a5:7f:f5:15:94:a3:d5:a2:46:82:d8:68:4c:
+                    d1:37:15:06:68:af:bd:f8:b0:b3:f0:29:f5:95:5a:
+                    09:16:61:77:0a:22:25:d4:4f:45:aa:c7:bd:e5:96:
+                    df:f9:d4:a8:8e:42:cc:24:c0:1e:91:27:4a:b5:6d:
+                    06:80:63:39:c4:a2:5e:38:03
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+        12:b3:75:c6:5f:1d:e1:61:55:80:00:d4:81:4b:7b:31:0f:23:
+        63:e7:3d:f3:03:f9:f4:36:a8:bb:d9:e3:a5:97:4d:ea:2b:29:
+        e0:d6:6a:73:81:e6:c0:89:a3:d3:f1:e0:a5:a5:22:37:9a:63:
+        c2:48:20:b4:db:72:e3:c8:f6:d9:7c:be:b1:af:53:da:14:b4:
+        21:b8:d6:d5:96:e3:fe:4e:0c:59:62:b6:9a:4a:f9:42:dd:8c:
+        6f:81:a9:71:ff:f4:0a:72:6d:6d:44:0e:9d:f3:74:74:a8:d5:
+        34:49:e9:5e:9e:e9:b4:7a:e1:e5:5a:1f:84:30:9c:d3:9f:a5:
+        25:d8
+
+GlobalSign Partners CA
+======================
+MD5 Fingerprint: 3C:75:CD:4C:BD:A9:D0:8A:79:4F:50:16:37:84:F4:2B
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDnjCCAoagAwIBAgILAgAAAAAA1ni50a8wDQYJKoZIhvcNAQEEBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05OTAxMjgxMjAw
+MDBaFw0wOTAxMjgxMjAwMDBaMF8xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRQwEgYDVQQLEwtQYXJ0bmVycyBDQTEfMB0GA1UEAxMWR2xv
+YmFsU2lnbiBQYXJ0bmVycyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBANIs+DKsShJ6N8gpkaWujG4eDsA0M4jlM3EWHHiEaMMYNFAuFj6xlIJPsZqf
+APjGETXGaXuYAq0ABohs50wzKACIJ0Yfh7NxdWO8MruI3mYYDlAGk7T2vBQ3MD0i
+3z3/dX7ZChrFn7P80KyzCHqJ0wHoAFznSgs9TXsmordiBovaRt2TFz8/WwJLC7aI
+IBGSAK27xy7U40Wu9YlafI2krYVkMsAnjMbyioCShiRWWY10aKKDQrOePVBBhm8g
+bvb9ztMZ4zLMj+2aXm0fKPVSrG4YXvg90ZLlumwBiEsK8i3eZTMFQqBMqjF2vv2/
+gXj5cRxGXi0VlS0wWY5MQdFiqz0CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgAGMB0G
+A1UdDgQWBBRDJI1wFQhiVZxPDEAXXYZeD6JM+zAfBgNVHSMEGDAWgBRge2YaRQ2X
+yolQL30EzTSo//z9SzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA4IB
+AQBm7bSIaRGZgiGDrKFti5uErQ8tyB6Mynt+rarUjt4H1p5Fx6W4nAc5YCVVGsBP
+GeXPFylJiRg1ZuXrKEBOV8mvs+S4IAWjO5VQkUmUKX0s5YhBpUWIXp2CJ/fS71u1
+T5++/jVlLFVkn+FR2iJhd7pYTo/GeVlZbjCAok+QbiELrdBoOZAQm+0iZW8eETjm
+f4zS8zltR9Uh6Op1OkHRrfYWnV0LIb3zH2MGJR3BHzVxLOsgGdXBsOw95W/tAgc/
+E3tmktZEwZj3X1CLelvCb22w0fjldKBAN6MlD+Q9ymQxk5BcMHu5OTGaXkzNuUFP
+UOQ9OK7IZtnHO11RR6ybq/Kt
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            02:00:00:00:00:00:d6:78:b9:d1:af
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
+        Validity
+            Not Before: Jan 28 12:00:00 1999 GMT
+            Not After : Jan 28 12:00:00 2009 GMT
+        Subject: C=BE, O=GlobalSign nv-sa, OU=Partners CA, CN=GlobalSign Partners CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:d2:2c:f8:32:ac:4a:12:7a:37:c8:29:91:a5:ae:
+                    8c:6e:1e:0e:c0:34:33:88:e5:33:71:16:1c:78:84:
+                    68:c3:18:34:50:2e:16:3e:b1:94:82:4f:b1:9a:9f:
+                    00:f8:c6:11:35:c6:69:7b:98:02:ad:00:06:88:6c:
+                    e7:4c:33:28:00:88:27:46:1f:87:b3:71:75:63:bc:
+                    32:bb:88:de:66:18:0e:50:06:93:b4:f6:bc:14:37:
+                    30:3d:22:df:3d:ff:75:7e:d9:0a:1a:c5:9f:b3:fc:
+                    d0:ac:b3:08:7a:89:d3:01:e8:00:5c:e7:4a:0b:3d:
+                    4d:7b:26:a2:b7:62:06:8b:da:46:dd:93:17:3f:3f:
+                    5b:02:4b:0b:b6:88:20:11:92:00:ad:bb:c7:2e:d4:
+                    e3:45:ae:f5:89:5a:7c:8d:a4:ad:85:64:32:c0:27:
+                    8c:c6:f2:8a:80:92:86:24:56:59:8d:74:68:a2:83:
+                    42:b3:9e:3d:50:41:86:6f:20:6e:f6:fd:ce:d3:19:
+                    e3:32:cc:8f:ed:9a:5e:6d:1f:28:f5:52:ac:6e:18:
+                    5e:f8:3d:d1:92:e5:ba:6c:01:88:4b:0a:f2:2d:de:
+                    65:33:05:42:a0:4c:aa:31:76:be:fd:bf:81:78:f9:
+                    71:1c:46:5e:2d:15:95:2d:30:59:8e:4c:41:d1:62:
+                    ab:3d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                43:24:8D:70:15:08:62:55:9C:4F:0C:40:17:5D:86:5E:0F:A2:4C:FB
+            X509v3 Authority Key Identifier: 
+                keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        66:ed:b4:88:69:11:99:82:21:83:ac:a1:6d:8b:9b:84:ad:0f:
+        2d:c8:1e:8c:ca:7b:7e:ad:aa:d4:8e:de:07:d6:9e:45:c7:a5:
+        b8:9c:07:39:60:25:55:1a:c0:4f:19:e5:cf:17:29:49:89:18:
+        35:66:e5:eb:28:40:4e:57:c9:af:b3:e4:b8:20:05:a3:3b:95:
+        50:91:49:94:29:7d:2c:e5:88:41:a5:45:88:5e:9d:82:27:f7:
+        d2:ef:5b:b5:4f:9f:be:fe:35:65:2c:55:64:9f:e1:51:da:22:
+        61:77:ba:58:4e:8f:c6:79:59:59:6e:30:80:a2:4f:90:6e:21:
+        0b:ad:d0:68:39:90:10:9b:ed:22:65:6f:1e:11:38:e6:7f:8c:
+        d2:f3:39:6d:47:d5:21:e8:ea:75:3a:41:d1:ad:f6:16:9d:5d:
+        0b:21:bd:f3:1f:63:06:25:1d:c1:1f:35:71:2c:eb:20:19:d5:
+        c1:b0:ec:3d:e5:6f:ed:02:07:3f:13:7b:66:92:d6:44:c1:98:
+        f7:5f:50:8b:7a:5b:c2:6f:6d:b0:d1:f8:e5:74:a0:40:37:a3:
+        25:0f:e4:3d:ca:64:31:93:90:5c:30:7b:b9:39:31:9a:5e:4c:
+        cd:b9:41:4f:50:e4:3d:38:ae:c8:66:d9:c7:3b:5d:51:47:ac:
+        9b:ab:f2:ad
+
+GlobalSign Primary Class 1 CA
+=============================
+MD5 Fingerprint: 5C:AC:59:01:A4:86:53:CB:10:66:B5:D6:D6:71:FF:01
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDrDCCApSgAwIBAgILAgAAAAAA1ni4N88wDQYJKoZIhvcNAQEEBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MTUxMjAw
+MDBaFw0wOTAxMjgxMjAwMDBaMG0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRswGQYDVQQLExJQcmltYXJ5IENsYXNzIDEgQ0ExJjAkBgNV
+BAMTHUdsb2JhbFNpZ24gUHJpbWFyeSBDbGFzcyAxIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAvSA1R9Eo1gijEjkjRw29cCFSDlcxlaY0V2vsfkN5
+wwZSSM28taGZvdgfMrzP125ybS53IpCCTkuPmgwBQprZcFm2nR/mY9EMrR1O+IWB
++a7vn6ZSYUR5GnVF4GFWRW1CjD1yy6akErea9dZg0GBQs46mpuy09BLNf6jO77Ph
+hTD+csTm53eznlhB1lGDiAfGtmlPNt7RC0g/vdafIXRkbycGPkv9Dqabv6RIV4yQ
+7okYCwKBGL5n/lNgiCe6o3M0S1pWtN5zBe2Yll3sSudA/EsJYuvQ4zFPhdF6q1ln
+K/uID+uqg701/WEn7GYOQlf3acIM7/xqwm5J2o9BOK5IqQIDAQABo2MwYTAOBgNV
+HQ8BAf8EBAMCAAYwHQYDVR0OBBYEFPzgZvZaNZnrQB7SuB5DvJiOH4rDMB8GA1Ud
+IwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQEEBQADggEBAJujCETO8pCdcfMyswVqterPKZjeVT6gFn0GekTWr9L6
+E1iM+BzHqx20G+9paJhcCDmP4Pf7SMwh57gz2wWqNCRsSuXpe2Deg7MfCr5BdfzM
+MEi3wSYdBDOqtnjtKsu6VpcybvcxlS5G8hTuJ8f3Yom5XFrTOIpk9Te08bM0ctXV
+IT1L13iT1zFmNR6j2EdJbxyt4YB/+JgkbHOsDsIadwKjJge3x2tdvILVKkgdY89Q
+Mqb7HBhHFQpbDFw4JJoEmKgISF98NIdjqy2NTAB3lBt2uvUWGKMVry+U9ikAdsEV
+F9PpN0121MtLKVkkrNpKoOpj3l9Usfrz0UXLxWS0cyE=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            02:00:00:00:00:00:d6:78:b8:37:cf
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
+        Validity
+            Not Before: Sep 15 12:00:00 1998 GMT
+            Not After : Jan 28 12:00:00 2009 GMT
+        Subject: C=BE, O=GlobalSign nv-sa, OU=Primary Class 1 CA, CN=GlobalSign Primary Class 1 CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:bd:20:35:47:d1:28:d6:08:a3:12:39:23:47:0d:
+                    bd:70:21:52:0e:57:31:95:a6:34:57:6b:ec:7e:43:
+                    79:c3:06:52:48:cd:bc:b5:a1:99:bd:d8:1f:32:bc:
+                    cf:d7:6e:72:6d:2e:77:22:90:82:4e:4b:8f:9a:0c:
+                    01:42:9a:d9:70:59:b6:9d:1f:e6:63:d1:0c:ad:1d:
+                    4e:f8:85:81:f9:ae:ef:9f:a6:52:61:44:79:1a:75:
+                    45:e0:61:56:45:6d:42:8c:3d:72:cb:a6:a4:12:b7:
+                    9a:f5:d6:60:d0:60:50:b3:8e:a6:a6:ec:b4:f4:12:
+                    cd:7f:a8:ce:ef:b3:e1:85:30:fe:72:c4:e6:e7:77:
+                    b3:9e:58:41:d6:51:83:88:07:c6:b6:69:4f:36:de:
+                    d1:0b:48:3f:bd:d6:9f:21:74:64:6f:27:06:3e:4b:
+                    fd:0e:a6:9b:bf:a4:48:57:8c:90:ee:89:18:0b:02:
+                    81:18:be:67:fe:53:60:88:27:ba:a3:73:34:4b:5a:
+                    56:b4:de:73:05:ed:98:96:5d:ec:4a:e7:40:fc:4b:
+                    09:62:eb:d0:e3:31:4f:85:d1:7a:ab:59:67:2b:fb:
+                    88:0f:eb:aa:83:bd:35:fd:61:27:ec:66:0e:42:57:
+                    f7:69:c2:0c:ef:fc:6a:c2:6e:49:da:8f:41:38:ae:
+                    48:a9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                FC:E0:66:F6:5A:35:99:EB:40:1E:D2:B8:1E:43:BC:98:8E:1F:8A:C3
+            X509v3 Authority Key Identifier: 
+                keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        9b:a3:08:44:ce:f2:90:9d:71:f3:32:b3:05:6a:b5:ea:cf:29:
+        98:de:55:3e:a0:16:7d:06:7a:44:d6:af:d2:fa:13:58:8c:f8:
+        1c:c7:ab:1d:b4:1b:ef:69:68:98:5c:08:39:8f:e0:f7:fb:48:
+        cc:21:e7:b8:33:db:05:aa:34:24:6c:4a:e5:e9:7b:60:de:83:
+        b3:1f:0a:be:41:75:fc:cc:30:48:b7:c1:26:1d:04:33:aa:b6:
+        78:ed:2a:cb:ba:56:97:32:6e:f7:31:95:2e:46:f2:14:ee:27:
+        c7:f7:62:89:b9:5c:5a:d3:38:8a:64:f5:37:b4:f1:b3:34:72:
+        d5:d5:21:3d:4b:d7:78:93:d7:31:66:35:1e:a3:d8:47:49:6f:
+        1c:ad:e1:80:7f:f8:98:24:6c:73:ac:0e:c2:1a:77:02:a3:26:
+        07:b7:c7:6b:5d:bc:82:d5:2a:48:1d:63:cf:50:32:a6:fb:1c:
+        18:47:15:0a:5b:0c:5c:38:24:9a:04:98:a8:08:48:5f:7c:34:
+        87:63:ab:2d:8d:4c:00:77:94:1b:76:ba:f5:16:18:a3:15:af:
+        2f:94:f6:29:00:76:c1:15:17:d3:e9:37:4d:76:d4:cb:4b:29:
+        59:24:ac:da:4a:a0:ea:63:de:5f:54:b1:fa:f3:d1:45:cb:c5:
+        64:b4:73:21
+
+GlobalSign Primary Class 2 CA
+=============================
+MD5 Fingerprint: A9:A9:42:59:7E:BE:5A:94:E4:2C:C6:8B:1C:2A:44:B6
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDrDCCApSgAwIBAgILAgAAAAAA1ni4jY0wDQYJKoZIhvcNAQEEBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05OTAxMjgxMjAw
+MDBaFw0wOTAxMjgxMjAwMDBaMG0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRswGQYDVQQLExJQcmltYXJ5IENsYXNzIDIgQ0ExJjAkBgNV
+BAMTHUdsb2JhbFNpZ24gUHJpbWFyeSBDbGFzcyAyIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAkoz+7/RFjhdBbvzYvyFvqwadUsEsAJ0/joW4f0qP
+vaBjKspJJ65agvR04lWS/8LRqnmitvrVnYIET8ayxl5jpzq62O7rim+ftrsoQcAi
++05IGgaS17/Xz7nZvThPOw1EblVB/vwJ29i/844h8egStfYTpdPGTJMisAL/7h0M
+xKhrT3VoVujcKBJQ96gknS4kOfsJBd7lo2RJIdBofnEwkbFg4Dn0UPh6TZgAa3x5
+uk7OSuK6Nh23xTYVlZxkQupfxLr1QAW+4TpZvYSnGbjeTVNQzgfR0lHT7w2BbObn
+bctdfD98zOxPgycl/3BQ9oNZdYQGZlgs3omNAKZJ+aVDdwIDAQABo2MwYTAOBgNV
+HQ8BAf8EBAMCAAYwHQYDVR0OBBYEFHznsrEs3rGna+l2DOGj/U5sx7n2MB8GA1Ud
+IwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQEEBQADggEBAGPdWc6KeaqYnU7FiWQ3foqTZy8Q6m8nw413bfJcVpQZ
+GmlgMEZdj/JtRTyONZd8L7hR4uiJvYjPJxwINFyIwWgk25GF5M/7+0ON6CUBG8QO
+9wBCSIYfJAhYWoyN8mtHLGiRsWlC/Q2NySbmkoamZG6Sxc4+PH1x4yOkq8fVqKnf
+gqc76IbVw08Y40TQ4NzzxWgu/qUvBYTIfkdCU2uHSv4y/14+cIy3qBXMF8L/RuzQ
+7C20bhIoqflA6evUZpdTqWlVwKmqsi7N0Wn0vvi7fGnuVKbbnvtapj7+mu+UUUt1
+7tjU4ZrxAlYTiQ6nQouWi4UMG4W+Jq6rppm8IvFz30I=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            02:00:00:00:00:00:d6:78:b8:8d:8d
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
+        Validity
+            Not Before: Jan 28 12:00:00 1999 GMT
+            Not After : Jan 28 12:00:00 2009 GMT
+        Subject: C=BE, O=GlobalSign nv-sa, OU=Primary Class 2 CA, CN=GlobalSign Primary Class 2 CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:92:8c:fe:ef:f4:45:8e:17:41:6e:fc:d8:bf:21:
+                    6f:ab:06:9d:52:c1:2c:00:9d:3f:8e:85:b8:7f:4a:
+                    8f:bd:a0:63:2a:ca:49:27:ae:5a:82:f4:74:e2:55:
+                    92:ff:c2:d1:aa:79:a2:b6:fa:d5:9d:82:04:4f:c6:
+                    b2:c6:5e:63:a7:3a:ba:d8:ee:eb:8a:6f:9f:b6:bb:
+                    28:41:c0:22:fb:4e:48:1a:06:92:d7:bf:d7:cf:b9:
+                    d9:bd:38:4f:3b:0d:44:6e:55:41:fe:fc:09:db:d8:
+                    bf:f3:8e:21:f1:e8:12:b5:f6:13:a5:d3:c6:4c:93:
+                    22:b0:02:ff:ee:1d:0c:c4:a8:6b:4f:75:68:56:e8:
+                    dc:28:12:50:f7:a8:24:9d:2e:24:39:fb:09:05:de:
+                    e5:a3:64:49:21:d0:68:7e:71:30:91:b1:60:e0:39:
+                    f4:50:f8:7a:4d:98:00:6b:7c:79:ba:4e:ce:4a:e2:
+                    ba:36:1d:b7:c5:36:15:95:9c:64:42:ea:5f:c4:ba:
+                    f5:40:05:be:e1:3a:59:bd:84:a7:19:b8:de:4d:53:
+                    50:ce:07:d1:d2:51:d3:ef:0d:81:6c:e6:e7:6d:cb:
+                    5d:7c:3f:7c:cc:ec:4f:83:27:25:ff:70:50:f6:83:
+                    59:75:84:06:66:58:2c:de:89:8d:00:a6:49:f9:a5:
+                    43:77
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                7C:E7:B2:B1:2C:DE:B1:A7:6B:E9:76:0C:E1:A3:FD:4E:6C:C7:B9:F6
+            X509v3 Authority Key Identifier: 
+                keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        63:dd:59:ce:8a:79:aa:98:9d:4e:c5:89:64:37:7e:8a:93:67:
+        2f:10:ea:6f:27:c3:8d:77:6d:f2:5c:56:94:19:1a:69:60:30:
+        46:5d:8f:f2:6d:45:3c:8e:35:97:7c:2f:b8:51:e2:e8:89:bd:
+        88:cf:27:1c:08:34:5c:88:c1:68:24:db:91:85:e4:cf:fb:fb:
+        43:8d:e8:25:01:1b:c4:0e:f7:00:42:48:86:1f:24:08:58:5a:
+        8c:8d:f2:6b:47:2c:68:91:b1:69:42:fd:0d:8d:c9:26:e6:92:
+        86:a6:64:6e:92:c5:ce:3e:3c:7d:71:e3:23:a4:ab:c7:d5:a8:
+        a9:df:82:a7:3b:e8:86:d5:c3:4f:18:e3:44:d0:e0:dc:f3:c5:
+        68:2e:fe:a5:2f:05:84:c8:7e:47:42:53:6b:87:4a:fe:32:ff:
+        5e:3e:70:8c:b7:a8:15:cc:17:c2:ff:46:ec:d0:ec:2d:b4:6e:
+        12:28:a9:f9:40:e9:eb:d4:66:97:53:a9:69:55:c0:a9:aa:b2:
+        2e:cd:d1:69:f4:be:f8:bb:7c:69:ee:54:a6:db:9e:fb:5a:a6:
+        3e:fe:9a:ef:94:51:4b:75:ee:d8:d4:e1:9a:f1:02:56:13:89:
+        0e:a7:42:8b:96:8b:85:0c:1b:85:be:26:ae:ab:a6:99:bc:22:
+        f1:73:df:42
+
+GlobalSign Primary Class 3 CA
+=============================
+MD5 Fingerprint: 98:12:A3:4B:95:A9:96:64:94:E7:50:8C:3E:E1:83:5A
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDrDCCApSgAwIBAgILAgAAAAAA1ni41sMwDQYJKoZIhvcNAQEEBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05OTAxMjgxMjAw
+MDBaFw0wOTAxMjgxMjAwMDBaMG0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRswGQYDVQQLExJQcmltYXJ5IENsYXNzIDMgQ0ExJjAkBgNV
+BAMTHUdsb2JhbFNpZ24gUHJpbWFyeSBDbGFzcyAzIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAkV5WZdbAwAScv0fEXHt6MQH5WJaZ4xyEL9xWj631
+WYHVQ2ZdWpOMdcqp5xHBURAUYMks1HuvxneGq3onrm+VuQvKtkb7fhr0DRRt0slO
+sq7wVPZcQEw2SHToVIxlZhCnvSu3II0FSa14fdIkI1Dj8LR5mwE5/6870y3u4UmN
+jS88akFFL5vjPeES5JF1ns+gPjySgW+KLhjc4PKMjP2H2Qf0QJTJTk9D32dWb70D
+UHyZZ6S5PJFsAm6E1vxG98xvGD4X8O8LZBZX5qyG8UiqQ8HJJ3hzREXihX26/7Ph
++xsFpEs7mRIlAVAUaq9d6sgM7uTa7EuLXGgTldzDtTA61wIDAQABo2MwYTAOBgNV
+HQ8BAf8EBAMCAAYwHQYDVR0OBBYEFMw2zBe0RZEv7c87MEh3+7UUmb7jMB8GA1Ud
+IwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQEEBQADggEBAFeyVMy9lRdkYIm2U5EMRZLDPahsw8yyGPV4QXTYfaMn
+r3cNWT6UHWn6idMMvRoB9D/o4Hcagiha5mLXt+M2yQ6feuPC08xZiQzvFovwNnci
+yqS2t8FCZwFAY8znOGSHWxSWZnstFO69SW3/d9DiTlvTgMJND8q4nYGXpzRux+Oc
+SOW0qkX19mVMSPISwtKTjMIVJPMrUv/jCK64btYsEs85yxIq56l7X5g9o+HMpmOJ
+XH0xdfnV1l3y0NQ9355xqA7c5CCXeOZ/U6QNUU+OOwOuow1aTcN55zVYcELJXqFe
+tNkio0RTNaTQz3OAxc+fVph2+RRMd4eCydx+XTTVNnU=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            02:00:00:00:00:00:d6:78:b8:d6:c3
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
+        Validity
+            Not Before: Jan 28 12:00:00 1999 GMT
+            Not After : Jan 28 12:00:00 2009 GMT
+        Subject: C=BE, O=GlobalSign nv-sa, OU=Primary Class 3 CA, CN=GlobalSign Primary Class 3 CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:91:5e:56:65:d6:c0:c0:04:9c:bf:47:c4:5c:7b:
+                    7a:31:01:f9:58:96:99:e3:1c:84:2f:dc:56:8f:ad:
+                    f5:59:81:d5:43:66:5d:5a:93:8c:75:ca:a9:e7:11:
+                    c1:51:10:14:60:c9:2c:d4:7b:af:c6:77:86:ab:7a:
+                    27:ae:6f:95:b9:0b:ca:b6:46:fb:7e:1a:f4:0d:14:
+                    6d:d2:c9:4e:b2:ae:f0:54:f6:5c:40:4c:36:48:74:
+                    e8:54:8c:65:66:10:a7:bd:2b:b7:20:8d:05:49:ad:
+                    78:7d:d2:24:23:50:e3:f0:b4:79:9b:01:39:ff:af:
+                    3b:d3:2d:ee:e1:49:8d:8d:2f:3c:6a:41:45:2f:9b:
+                    e3:3d:e1:12:e4:91:75:9e:cf:a0:3e:3c:92:81:6f:
+                    8a:2e:18:dc:e0:f2:8c:8c:fd:87:d9:07:f4:40:94:
+                    c9:4e:4f:43:df:67:56:6f:bd:03:50:7c:99:67:a4:
+                    b9:3c:91:6c:02:6e:84:d6:fc:46:f7:cc:6f:18:3e:
+                    17:f0:ef:0b:64:16:57:e6:ac:86:f1:48:aa:43:c1:
+                    c9:27:78:73:44:45:e2:85:7d:ba:ff:b3:e1:fb:1b:
+                    05:a4:4b:3b:99:12:25:01:50:14:6a:af:5d:ea:c8:
+                    0c:ee:e4:da:ec:4b:8b:5c:68:13:95:dc:c3:b5:30:
+                    3a:d7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                CC:36:CC:17:B4:45:91:2F:ED:CF:3B:30:48:77:FB:B5:14:99:BE:E3
+            X509v3 Authority Key Identifier: 
+                keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
+
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        57:b2:54:cc:bd:95:17:64:60:89:b6:53:91:0c:45:92:c3:3d:
+        a8:6c:c3:cc:b2:18:f5:78:41:74:d8:7d:a3:27:af:77:0d:59:
+        3e:94:1d:69:fa:89:d3:0c:bd:1a:01:f4:3f:e8:e0:77:1a:82:
+        28:5a:e6:62:d7:b7:e3:36:c9:0e:9f:7a:e3:c2:d3:cc:59:89:
+        0c:ef:16:8b:f0:36:77:22:ca:a4:b6:b7:c1:42:67:01:40:63:
+        cc:e7:38:64:87:5b:14:96:66:7b:2d:14:ee:bd:49:6d:ff:77:
+        d0:e2:4e:5b:d3:80:c2:4d:0f:ca:b8:9d:81:97:a7:34:6e:c7:
+        e3:9c:48:e5:b4:aa:45:f5:f6:65:4c:48:f2:12:c2:d2:93:8c:
+        c2:15:24:f3:2b:52:ff:e3:08:ae:b8:6e:d6:2c:12:cf:39:cb:
+        12:2a:e7:a9:7b:5f:98:3d:a3:e1:cc:a6:63:89:5c:7d:31:75:
+        f9:d5:d6:5d:f2:d0:d4:3d:df:9e:71:a8:0e:dc:e4:20:97:78:
+        e6:7f:53:a4:0d:51:4f:8e:3b:03:ae:a3:0d:5a:4d:c3:79:e7:
+        35:58:70:42:c9:5e:a1:5e:b4:d9:22:a3:44:53:35:a4:d0:cf:
+        73:80:c5:cf:9f:56:98:76:f9:14:4c:77:87:82:c9:dc:7e:5d:
+        34:d5:36:75
+
+GlobalSign Root CA
+==================
+MD5 Fingerprint: AB:BF:EA:E3:6B:29:A6:CC:A6:78:35:99:EF:AD:2B:80
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl2gAwIBAgILAgAAAAAA1ni3lAUwDQYJKoZIhvcNAQEEBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
+MDBaFw0xNDAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
+aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
+jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
+xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
+1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
+snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
+U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIABjAdBgNVHQ4EFgQU
+YHtmGkUNl8qJUC99BM00qP/8/UswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
+AQQFAAOCAQEArqqf/LfSyx9fOSkoGJ40yWxPbxrwZKJwSk8ThptgKJ7ogUmYfQq7
+5bCdPTbbjwVR/wkxKh/diXeeDy5slQTthsu0AD+EAk2AaioteAuubyuig0SDH81Q
+gkwkr733pbTIWg/050deSY43lv6aiAU62cDbKYfmGZZHpzqmjIs8d/5GY6dT2iHR
+rH5Jokvmw2dZL7OKDrssvamqQnw1wdh/1acxOk5jQzmvCLBhNIzTmKlDNPYPhyk7
+ncJWWJh3w/cbrPad+D6qp1RF8PX51TFl/mtYnHGzHtdS6jIX/EBgHcl5JLL2bP2o
+Zg6C3ZjL2sJETy6ge/L3ayx2EYRGinij4w==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            02:00:00:00:00:00:d6:78:b7:94:05
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
+        Validity
+            Not Before: Sep  1 12:00:00 1998 GMT
+            Not After : Jan 28 12:00:00 2014 GMT
+        Subject: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:da:0e:e6:99:8d:ce:a3:e3:4f:8a:7e:fb:f1:8b:
+                    83:25:6b:ea:48:1f:f1:2a:b0:b9:95:11:04:bd:f0:
+                    63:d1:e2:67:66:cf:1c:dd:cf:1b:48:2b:ee:8d:89:
+                    8e:9a:af:29:80:65:ab:e9:c7:2d:12:cb:ab:1c:4c:
+                    70:07:a1:3d:0a:30:cd:15:8d:4f:f8:dd:d4:8c:50:
+                    15:1c:ef:50:ee:c4:2e:f7:fc:e9:52:f2:91:7d:e0:
+                    6d:d5:35:30:8e:5e:43:73:f2:41:e9:d5:6a:e3:b2:
+                    89:3a:56:39:38:6f:06:3c:88:69:5b:2a:4d:c5:a7:
+                    54:b8:6c:89:cc:9b:f9:3c:ca:e5:fd:89:f5:12:3c:
+                    92:78:96:d6:dc:74:6e:93:44:61:d1:8d:c7:46:b2:
+                    75:0e:86:e8:19:8a:d5:6d:6c:d5:78:16:95:a2:e9:
+                    c8:0a:38:eb:f2:24:13:4f:73:54:93:13:85:3a:1b:
+                    bc:1e:34:b5:8b:05:8c:b9:77:8b:b1:db:1f:20:91:
+                    ab:09:53:6e:90:ce:7b:37:74:b9:70:47:91:22:51:
+                    63:16:79:ae:b1:ae:41:26:08:c8:19:2b:d1:46:aa:
+                    48:d6:64:2a:d7:83:34:ff:2c:2a:c1:6c:19:43:4a:
+                    07:85:e7:d3:7c:f6:21:68:ef:ea:f2:52:9f:7f:93:
+                    90:cf
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Key Usage: critical
+                Certificate Sign, CRL Sign
+            X509v3 Subject Key Identifier: 
+                60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        ae:aa:9f:fc:b7:d2:cb:1f:5f:39:29:28:18:9e:34:c9:6c:4f:
+        6f:1a:f0:64:a2:70:4a:4f:13:86:9b:60:28:9e:e8:81:49:98:
+        7d:0a:bb:e5:b0:9d:3d:36:db:8f:05:51:ff:09:31:2a:1f:dd:
+        89:77:9e:0f:2e:6c:95:04:ed:86:cb:b4:00:3f:84:02:4d:80:
+        6a:2a:2d:78:0b:ae:6f:2b:a2:83:44:83:1f:cd:50:82:4c:24:
+        af:bd:f7:a5:b4:c8:5a:0f:f4:e7:47:5e:49:8e:37:96:fe:9a:
+        88:05:3a:d9:c0:db:29:87:e6:19:96:47:a7:3a:a6:8c:8b:3c:
+        77:fe:46:63:a7:53:da:21:d1:ac:7e:49:a2:4b:e6:c3:67:59:
+        2f:b3:8a:0e:bb:2c:bd:a9:aa:42:7c:35:c1:d8:7f:d5:a7:31:
+        3a:4e:63:43:39:af:08:b0:61:34:8c:d3:98:a9:43:34:f6:0f:
+        87:29:3b:9d:c2:56:58:98:77:c3:f7:1b:ac:f6:9d:f8:3e:aa:
+        a7:54:45:f0:f5:f9:d5:31:65:fe:6b:58:9c:71:b3:1e:d7:52:
+        ea:32:17:fc:40:60:1d:c9:79:24:b2:f6:6c:fd:a8:66:0e:82:
+        dd:98:cb:da:c2:44:4f:2e:a0:7b:f2:f7:6b:2c:76:11:84:46:
+        8a:78:a3:e3
+
+National Retail Federation by DST
+=================================
+MD5 Fingerprint: AD:8E:0F:9E:01:6B:A0:C5:74:D5:0C:D3:68:65:4F:1E
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIEAjCCAuoCEQDQHkCKAAACfAAAAAMAAAABMA0GCSqGSIb3DQEBBQUAMIG+MQsw
+CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
+dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjEjMCEGA1UE
+CxMaTmF0aW9uYWwgUmV0YWlsIEZlZGVyYXRpb24xGTAXBgNVBAMTEERTVCAoTlJG
+KSBSb290Q0ExITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05
+ODEyMTExNjE0MTZaFw0wODEyMDgxNjE0MTZaMIG+MQswCQYDVQQGEwJ1czENMAsG
+A1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0Rp
+Z2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjEjMCEGA1UECxMaTmF0aW9uYWwgUmV0
+YWlsIEZlZGVyYXRpb24xGTAXBgNVBAMTEERTVCAoTlJGKSBSb290Q0ExITAfBgkq
+hkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBANmsm3f6UNPM3LlArLlyagCHI/wPliHQJq/k4rVf+tOmfSEw
+LswXgo+YdPxnpKbfiJeiQin1p9sRk/teIzDCqrwi50Eb5e0l3sg/295XRXhARoOy
+1Ro93w9FbdVjAnXYL8Zuq5WRdDcNy00JXNHUWzra3Q7Ia5nY1TnM34VVxJJTAqPh
+94DJcKPa3DPEf6JHCBw1lh+hAxwwg/TEzP+Yw7BGRKLAv63b0oH2TJgsp14k84bK
+Y9W6ffCawErQG1ju7Klnz2kCbCLAYCws0cgg6sgt+92cu8tRTNznVwQ7VJsRpTJ0
+7HQB85AVWy98LJNluWZntIGINeWekRh/gahByMsCAwEAATANBgkqhkiG9w0BAQUF
+AAOCAQEAhF4LO+ygjRyb0DwdcWnkGn9kvoFlYcWMatd8AHTgemJV7SR84GHj8t0U
+5hFugw7h6qmegK2aIL/gV37V0LWEYy3ZGOS9GzUsXq5hdqpnhTs44TGBHzF/5tf4
+W9K7Y3mGxIzF3gqu19H8AXT/trYNYoFnHLsm+CSA4Fxe2KSKOo99y/+So/18qTJp
+B1hYYUKZUgOxOD3GcW9s8uh9BqrBfFPLGi2IT8mpp6xpb/ekH9h0gfVKv7FVt9N3
+OKdvwkrI4nOJ01dy4UMvcjz2H7f4BEpuwemUF+SXF/QOE4ZvjavoXy20/2zWorQf
+7LmUaqoSTxrd9Xe1JYzyigrx/FJbWA==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            d0:1e:40:8a:00:00:02:7c:00:00:00:03:00:00:00:01
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=National Retail Federation, CN=DST (NRF) RootCA/Email=ca at digsigtrust.com
+        Validity
+            Not Before: Dec 11 16:14:16 1998 GMT
+            Not After : Dec  8 16:14:16 2008 GMT
+        Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=National Retail Federation, CN=DST (NRF) RootCA/Email=ca at digsigtrust.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:d9:ac:9b:77:fa:50:d3:cc:dc:b9:40:ac:b9:72:
+                    6a:00:87:23:fc:0f:96:21:d0:26:af:e4:e2:b5:5f:
+                    fa:d3:a6:7d:21:30:2e:cc:17:82:8f:98:74:fc:67:
+                    a4:a6:df:88:97:a2:42:29:f5:a7:db:11:93:fb:5e:
+                    23:30:c2:aa:bc:22:e7:41:1b:e5:ed:25:de:c8:3f:
+                    db:de:57:45:78:40:46:83:b2:d5:1a:3d:df:0f:45:
+                    6d:d5:63:02:75:d8:2f:c6:6e:ab:95:91:74:37:0d:
+                    cb:4d:09:5c:d1:d4:5b:3a:da:dd:0e:c8:6b:99:d8:
+                    d5:39:cc:df:85:55:c4:92:53:02:a3:e1:f7:80:c9:
+                    70:a3:da:dc:33:c4:7f:a2:47:08:1c:35:96:1f:a1:
+                    03:1c:30:83:f4:c4:cc:ff:98:c3:b0:46:44:a2:c0:
+                    bf:ad:db:d2:81:f6:4c:98:2c:a7:5e:24:f3:86:ca:
+                    63:d5:ba:7d:f0:9a:c0:4a:d0:1b:58:ee:ec:a9:67:
+                    cf:69:02:6c:22:c0:60:2c:2c:d1:c8:20:ea:c8:2d:
+                    fb:dd:9c:bb:cb:51:4c:dc:e7:57:04:3b:54:9b:11:
+                    a5:32:74:ec:74:01:f3:90:15:5b:2f:7c:2c:93:65:
+                    b9:66:67:b4:81:88:35:e5:9e:91:18:7f:81:a8:41:
+                    c8:cb
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        84:5e:0b:3b:ec:a0:8d:1c:9b:d0:3c:1d:71:69:e4:1a:7f:64:
+        be:81:65:61:c5:8c:6a:d7:7c:00:74:e0:7a:62:55:ed:24:7c:
+        e0:61:e3:f2:dd:14:e6:11:6e:83:0e:e1:ea:a9:9e:80:ad:9a:
+        20:bf:e0:57:7e:d5:d0:b5:84:63:2d:d9:18:e4:bd:1b:35:2c:
+        5e:ae:61:76:aa:67:85:3b:38:e1:31:81:1f:31:7f:e6:d7:f8:
+        5b:d2:bb:63:79:86:c4:8c:c5:de:0a:ae:d7:d1:fc:01:74:ff:
+        b6:b6:0d:62:81:67:1c:bb:26:f8:24:80:e0:5c:5e:d8:a4:8a:
+        3a:8f:7d:cb:ff:92:a3:fd:7c:a9:32:69:07:58:58:61:42:99:
+        52:03:b1:38:3d:c6:71:6f:6c:f2:e8:7d:06:aa:c1:7c:53:cb:
+        1a:2d:88:4f:c9:a9:a7:ac:69:6f:f7:a4:1f:d8:74:81:f5:4a:
+        bf:b1:55:b7:d3:77:38:a7:6f:c2:4a:c8:e2:73:89:d3:57:72:
+        e1:43:2f:72:3c:f6:1f:b7:f8:04:4a:6e:c1:e9:94:17:e4:97:
+        17:f4:0e:13:86:6f:8d:ab:e8:5f:2d:b4:ff:6c:d6:a2:b4:1f:
+        ec:b9:94:6a:aa:12:4f:1a:dd:f5:77:b5:25:8c:f2:8a:0a:f1:
+        fc:52:5b:58
+
+TC TrustCenter, Germany, Class 1 CA
+===================================
+MD5 Fingerprint: 64:3F:F8:3E:52:14:4A:59:BA:93:56:04:0B:23:02:D1
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIENTCCA56gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
+IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
+IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDEgQ0ExKTAnBgkqhkiG9w0B
+CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTYzM1oX
+DTA1MTIzMTEzNTYzM1owgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
+MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
+U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
+dENlbnRlciBDbGFzcyAxIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
+cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsCnrtHaz
+rte2W7Re573jsZxJBFdboavZfxMb/bphq9jncd8tAJRdUUh9I+91YoSQPAofWRF0
+L46Apf0wAj0pUs1yGkkhnLzLUo5IoWOWyBCFMGlXdEXAWobG1T3gaFd9MWokjUWX
+PjF+aGYybiRt7DI2yUHK8DFEyKNhyhugNh8CAwEAAaOCAUMwggE/MEAGCWCGSAGG
++EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
+LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
+ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
+czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
+AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
+bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAx
+IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQAFQlImpAwn
+AUSsXCUowkRCVAi5HcU+bFlmxLNOUKf4+JZ1oZZ16BY4oM1dbvp5pxt7HR7DALlm
+vlrWYg/n8nu470zgwD9Zrjm3hAmeq/GpLmtp4q3M8up4CQUgOEJxGH7Hspfm1QIF
+BlajX/GqwsRP/vfvFg+d7KqFzz0pJPEEzQ==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 1 CA/Email=certificate at trustcenter.de
+        Validity
+            Not Before: Mar  9 13:56:33 1998 GMT
+            Not After : Dec 31 13:56:33 2005 GMT
+        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 1 CA/Email=certificate at trustcenter.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b0:29:eb:b4:76:b3:ae:d7:b6:5b:b4:5e:e7:bd:
+                    e3:b1:9c:49:04:57:5b:a1:ab:d9:7f:13:1b:fd:ba:
+                    61:ab:d8:e7:71:df:2d:00:94:5d:51:48:7d:23:ef:
+                    75:62:84:90:3c:0a:1f:59:11:74:2f:8e:80:a5:fd:
+                    30:02:3d:29:52:cd:72:1a:49:21:9c:bc:cb:52:8e:
+                    48:a1:63:96:c8:10:85:30:69:57:74:45:c0:5a:86:
+                    c6:d5:3d:e0:68:57:7d:31:6a:24:8d:45:97:3e:31:
+                    7e:68:66:32:6e:24:6d:ec:32:36:c9:41:ca:f0:31:
+                    44:c8:a3:61:ca:1b:a0:36:1f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Revocation Url: 
+                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
+            Netscape CA Revocation Url: 
+                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
+            Netscape Renewal Url: 
+                https://www.trustcenter.de/cgi-bin/Renew.cgi?
+            Netscape CA Policy Url: 
+                http://www.trustcenter.de/guidelines/index.html
+            Netscape Comment: 
+                TC TrustCenter Class 1 CA
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+    Signature Algorithm: md5WithRSAEncryption
+        05:42:52:26:a4:0c:27:01:44:ac:5c:25:28:c2:44:42:54:08:
+        b9:1d:c5:3e:6c:59:66:c4:b3:4e:50:a7:f8:f8:96:75:a1:96:
+        75:e8:16:38:a0:cd:5d:6e:fa:79:a7:1b:7b:1d:1e:c3:00:b9:
+        66:be:5a:d6:62:0f:e7:f2:7b:b8:ef:4c:e0:c0:3f:59:ae:39:
+        b7:84:09:9e:ab:f1:a9:2e:6b:69:e2:ad:cc:f2:ea:78:09:05:
+        20:38:42:71:18:7e:c7:b2:97:e6:d5:02:05:06:56:a3:5f:f1:
+        aa:c2:c4:4f:fe:f7:ef:16:0f:9d:ec:aa:85:cf:3d:29:24:f1:
+        04:cd
+
+TC TrustCenter, Germany, Class 2 CA
+===================================
+MD5 Fingerprint: E1:E9:96:53:77:E1:F0:38:A0:02:AB:94:C6:95:7B:FC
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIENTCCA56gAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
+IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
+IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDIgQ0ExKTAnBgkqhkiG9w0B
+CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTc0NFoX
+DTA1MTIzMTEzNTc0NFowgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
+MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
+U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
+dENlbnRlciBDbGFzcyAyIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
+cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2jjo7TIA
+KXGDAQ2/jAHc2satOaSpii/Vi1xoX1DGYvVmvcqRIuyqHVHXPbNRsoNOXctJsPBM
+VeVrLceFCzAckk6C1MoC7fdvvtzg4xS4BVPymvRWi1qehZPRtIJWrk27qEtXFrz+
++Fie+CmNsHvNeMlPrItnDPGc+/xXm1dcTw0CAwEAAaOCAUMwggE/MEAGCWCGSAGG
++EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
+LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
+ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
+czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
+AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
+bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAy
+IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQCJG/Tv6Tji
+bAz2zW9JzinM+6YP+Y0+lUbW/EcyibLIBmF60ucNEwKUC9mLVkf0u+fFX3v0Y0yu
+fDTqDaKpsyyF8+P+J1QQkrCPksGYQhhwSNtOLOsNJGjk0fe+Cakph7vo2tw+o4hC
+MfXR43+u2I4AWnSYsE/G/yN7XHMAeMnbTg==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 3 (0x3)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 2 CA/Email=certificate at trustcenter.de
+        Validity
+            Not Before: Mar  9 13:57:44 1998 GMT
+            Not After : Dec 31 13:57:44 2005 GMT
+        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 2 CA/Email=certificate at trustcenter.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:da:38:e8:ed:32:00:29:71:83:01:0d:bf:8c:01:
+                    dc:da:c6:ad:39:a4:a9:8a:2f:d5:8b:5c:68:5f:50:
+                    c6:62:f5:66:bd:ca:91:22:ec:aa:1d:51:d7:3d:b3:
+                    51:b2:83:4e:5d:cb:49:b0:f0:4c:55:e5:6b:2d:c7:
+                    85:0b:30:1c:92:4e:82:d4:ca:02:ed:f7:6f:be:dc:
+                    e0:e3:14:b8:05:53:f2:9a:f4:56:8b:5a:9e:85:93:
+                    d1:b4:82:56:ae:4d:bb:a8:4b:57:16:bc:fe:f8:58:
+                    9e:f8:29:8d:b0:7b:cd:78:c9:4f:ac:8b:67:0c:f1:
+                    9c:fb:fc:57:9b:57:5c:4f:0d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Revocation Url: 
+                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
+            Netscape CA Revocation Url: 
+                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
+            Netscape Renewal Url: 
+                https://www.trustcenter.de/cgi-bin/Renew.cgi?
+            Netscape CA Policy Url: 
+                http://www.trustcenter.de/guidelines/index.html
+            Netscape Comment: 
+                TC TrustCenter Class 2 CA
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+    Signature Algorithm: md5WithRSAEncryption
+        89:1b:f4:ef:e9:38:e2:6c:0c:f6:cd:6f:49:ce:29:cc:fb:a6:
+        0f:f9:8d:3e:95:46:d6:fc:47:32:89:b2:c8:06:61:7a:d2:e7:
+        0d:13:02:94:0b:d9:8b:56:47:f4:bb:e7:c5:5f:7b:f4:63:4c:
+        ae:7c:34:ea:0d:a2:a9:b3:2c:85:f3:e3:fe:27:54:10:92:b0:
+        8f:92:c1:98:42:18:70:48:db:4e:2c:eb:0d:24:68:e4:d1:f7:
+        be:09:a9:29:87:bb:e8:da:dc:3e:a3:88:42:31:f5:d1:e3:7f:
+        ae:d8:8e:00:5a:74:98:b0:4f:c6:ff:23:7b:5c:73:00:78:c9:
+        db:4e
+
+TC TrustCenter, Germany, Class 3 CA
+===================================
+MD5 Fingerprint: 62:AB:B6:15:4A:B4:B0:16:77:FF:AE:CF:16:16:2B:8C
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIENTCCA56gAwIBAgIBBDANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
+IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
+IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDMgQ0ExKTAnBgkqhkiG9w0B
+CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTEzNTg0OVoX
+DTA1MTIzMTEzNTg0OVowgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
+MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
+U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
+dENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
+cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtrTBNQUu
+DY3soEBqHA4nplCSa1AbB94u53bM4Nr8hKhejGNqK03ZTgJ2EcEL8o15ygC28bAO
+1/ukFz2vq2l6lie/rzOhmipZqsS1NwjyEqUxtkP1MpZxKCirjSiG37vu4wx9MNbD
+UquPXSeca8Cj5wVrV0lEs27qZM/SjnpQd3cCAwEAAaOCAUMwggE/MEAGCWCGSAGG
++EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
+LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
+ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
+czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
+AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
+bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyAz
+IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQCEhlBieaAn
+4SW6CbE0DxMJ7S3Ko+aV+TCszRelzj2Xnex8jyZ/wGHKIveR3Tw2WZqbdfe85Mjt
+7AK2IqfzLPHIknhttu7FKOyAIE+5awjnL6eGHn2xCJ9UuQA3PKDYGsiWHPQyFJw5
+lbfu8ENJwl7oy3lvU7/7SYos2EvZVfIScA==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4 (0x4)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 3 CA/Email=certificate at trustcenter.de
+        Validity
+            Not Before: Mar  9 13:58:49 1998 GMT
+            Not After : Dec 31 13:58:49 2005 GMT
+        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 3 CA/Email=certificate at trustcenter.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b6:b4:c1:35:05:2e:0d:8d:ec:a0:40:6a:1c:0e:
+                    27:a6:50:92:6b:50:1b:07:de:2e:e7:76:cc:e0:da:
+                    fc:84:a8:5e:8c:63:6a:2b:4d:d9:4e:02:76:11:c1:
+                    0b:f2:8d:79:ca:00:b6:f1:b0:0e:d7:fb:a4:17:3d:
+                    af:ab:69:7a:96:27:bf:af:33:a1:9a:2a:59:aa:c4:
+                    b5:37:08:f2:12:a5:31:b6:43:f5:32:96:71:28:28:
+                    ab:8d:28:86:df:bb:ee:e3:0c:7d:30:d6:c3:52:ab:
+                    8f:5d:27:9c:6b:c0:a3:e7:05:6b:57:49:44:b3:6e:
+                    ea:64:cf:d2:8e:7a:50:77:77
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Revocation Url: 
+                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
+            Netscape CA Revocation Url: 
+                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
+            Netscape Renewal Url: 
+                https://www.trustcenter.de/cgi-bin/Renew.cgi?
+            Netscape CA Policy Url: 
+                http://www.trustcenter.de/guidelines/index.html
+            Netscape Comment: 
+                TC TrustCenter Class 3 CA
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+    Signature Algorithm: md5WithRSAEncryption
+        84:86:50:62:79:a0:27:e1:25:ba:09:b1:34:0f:13:09:ed:2d:
+        ca:a3:e6:95:f9:30:ac:cd:17:a5:ce:3d:97:9d:ec:7c:8f:26:
+        7f:c0:61:ca:22:f7:91:dd:3c:36:59:9a:9b:75:f7:bc:e4:c8:
+        ed:ec:02:b6:22:a7:f3:2c:f1:c8:92:78:6d:b6:ee:c5:28:ec:
+        80:20:4f:b9:6b:08:e7:2f:a7:86:1e:7d:b1:08:9f:54:b9:00:
+        37:3c:a0:d8:1a:c8:96:1c:f4:32:14:9c:39:95:b7:ee:f0:43:
+        49:c2:5e:e8:cb:79:6f:53:bf:fb:49:8a:2c:d8:4b:d9:55:f2:
+        12:70
+
+TC TrustCenter, Germany, Class 4 CA
+===================================
+MD5 Fingerprint: BF:AF:EC:C4:DA:F9:30:F9:CA:35:CA:25:E4:3F:8D:89
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIENTCCA56gAwIBAgIBBTANBgkqhkiG9w0BAQQFADCBvDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxOjA4BgNVBAoTMVRD
+IFRydXN0Q2VudGVyIGZvciBTZWN1cml0eSBpbiBEYXRhIE5ldHdvcmtzIEdtYkgx
+IjAgBgNVBAsTGVRDIFRydXN0Q2VudGVyIENsYXNzIDQgQ0ExKTAnBgkqhkiG9w0B
+CQEWGmNlcnRpZmljYXRlQHRydXN0Y2VudGVyLmRlMB4XDTk4MDMwOTE0MDAyMFoX
+DTA1MTIzMTE0MDAyMFowgbwxCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJn
+MRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFUQyBUcnVzdENlbnRlciBmb3Ig
+U2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJIMSIwIAYDVQQLExlUQyBUcnVz
+dENlbnRlciBDbGFzcyA0IENBMSkwJwYJKoZIhvcNAQkBFhpjZXJ0aWZpY2F0ZUB0
+cnVzdGNlbnRlci5kZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvy9j1jZ7
+sg3TVfVkbOYlXca0yBS6JTiD61ZipVWpZaP0I5nCS7nQzVRnpqOgo6kzK3bkva13
+su1cEnTDxbYPUppyk0OQYmYVD0Wl3eDduG9AblfBeXKjYKq6dh0SiVNa/AK+4QkT
+xUov3D2LGa3XiyRF+0z0zVw1HSlMUfPybFUCAwEAAaOCAUMwggE/MEAGCWCGSAGG
++EIBAwQzFjFodHRwczovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL2NoZWNr
+LXJldi5jZ2k/MEAGCWCGSAGG+EIBBAQzFjFodHRwczovL3d3dy50cnVzdGNlbnRl
+ci5kZS9jZ2ktYmluL2NoZWNrLXJldi5jZ2k/MDwGCWCGSAGG+EIBBwQvFi1odHRw
+czovL3d3dy50cnVzdGNlbnRlci5kZS9jZ2ktYmluL1JlbmV3LmNnaT8wPgYJYIZI
+AYb4QgEIBDEWL2h0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lcy9p
+bmRleC5odG1sMCgGCWCGSAGG+EIBDQQbFhlUQyBUcnVzdENlbnRlciBDbGFzcyA0
+IENBMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQQFAAOBgQCUaBQbJZ4p
+mbGyI9JEs5Wf0Z5VBN3jL4IzVZZ3GZ0rnmUc+orjx48l/LEeVUYPj/9PNy+kdlmm
+ZOvVFnC93ZUzDKQNJOtkULRDEfJDvg1xmCLsAa/s98dcccN1kVgZ6N2g9LTxvBBK
+85O0Bkm7H2bSvXRH4Zr569erbR+64R0s2g==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 4 CA/Email=certificate at trustcenter.de
+        Validity
+            Not Before: Mar  9 14:00:20 1998 GMT
+            Not After : Dec 31 14:00:20 2005 GMT
+        Subject: C=DE, ST=Hamburg, L=Hamburg, O=TC TrustCenter for Security in Data Networks GmbH, OU=TC TrustCenter Class 4 CA/Email=certificate at trustcenter.de
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:bf:2f:63:d6:36:7b:b2:0d:d3:55:f5:64:6c:e6:
+                    25:5d:c6:b4:c8:14:ba:25:38:83:eb:56:62:a5:55:
+                    a9:65:a3:f4:23:99:c2:4b:b9:d0:cd:54:67:a6:a3:
+                    a0:a3:a9:33:2b:76:e4:bd:ad:77:b2:ed:5c:12:74:
+                    c3:c5:b6:0f:52:9a:72:93:43:90:62:66:15:0f:45:
+                    a5:dd:e0:dd:b8:6f:40:6e:57:c1:79:72:a3:60:aa:
+                    ba:76:1d:12:89:53:5a:fc:02:be:e1:09:13:c5:4a:
+                    2f:dc:3d:8b:19:ad:d7:8b:24:45:fb:4c:f4:cd:5c:
+                    35:1d:29:4c:51:f3:f2:6c:55
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Revocation Url: 
+                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
+            Netscape CA Revocation Url: 
+                https://www.trustcenter.de/cgi-bin/check-rev.cgi?
+            Netscape Renewal Url: 
+                https://www.trustcenter.de/cgi-bin/Renew.cgi?
+            Netscape CA Policy Url: 
+                http://www.trustcenter.de/guidelines/index.html
+            Netscape Comment: 
+                TC TrustCenter Class 4 CA
+            Netscape Cert Type: 
+                SSL CA, S/MIME CA, Object Signing CA
+    Signature Algorithm: md5WithRSAEncryption
+        94:68:14:1b:25:9e:29:99:b1:b2:23:d2:44:b3:95:9f:d1:9e:
+        55:04:dd:e3:2f:82:33:55:96:77:19:9d:2b:9e:65:1c:fa:8a:
+        e3:c7:8f:25:fc:b1:1e:55:46:0f:8f:ff:4f:37:2f:a4:76:59:
+        a6:64:eb:d5:16:70:bd:dd:95:33:0c:a4:0d:24:eb:64:50:b4:
+        43:11:f2:43:be:0d:71:98:22:ec:01:af:ec:f7:c7:5c:71:c3:
+        75:91:58:19:e8:dd:a0:f4:b4:f1:bc:10:4a:f3:93:b4:06:49:
+        bb:1f:66:d2:bd:74:47:e1:9a:f9:eb:d7:ab:6d:1f:ba:e1:1d:
+        2c:da
+
+Thawte Personal Basic CA
+========================
+MD5 Fingerprint: E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDITCCAoqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
+VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
+ZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFBlcnNvbmFsIEJhc2lj
+IENBMSgwJgYJKoZIhvcNAQkBFhlwZXJzb25hbC1iYXNpY0B0aGF3dGUuY29tMB4X
+DTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgcsxCzAJBgNVBAYTAlpBMRUw
+EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UE
+ChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
+dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQZXJzb25hbCBCYXNpYyBD
+QTEoMCYGCSqGSIb3DQEJARYZcGVyc29uYWwtYmFzaWNAdGhhd3RlLmNvbTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvLyTU23AUE+CFeZIlDWmWr5vQvoPR+53
+dXLdjUmbllegeNTKP1GzaQuRdhciB5dqxFGTS+CN7zeVoQxN2jSQHReJl+A1OFdK
+wPQIcOk8RHtQfmGakOMj04gRRif1CwcOu93RfyAKiLlWCy4cgNrx454p7xS9CkT7
+G1sY0b8jkyECAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQF
+AAOBgQAt4plrsD16iddZopQBHyvdEktTwq1/qqcAXJFAVyVKOKqEcLnZgA+le1z7
+c8a914phXAPjLSeoF+CEhULcXpvGt7Jtu3Sv5D/Lp7ew4F2+eIMllNLbgQ95B21P
+9DkVWlIBe94y1k049hJcBlDfBVu9FEuh3ym6O0GN92NWod8isQ==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Basic CA/Email=personal-basic at thawte.com
+        Validity
+            Not Before: Jan  1 00:00:00 1996 GMT
+            Not After : Dec 31 23:59:59 2020 GMT
+        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Basic CA/Email=personal-basic at thawte.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:bc:bc:93:53:6d:c0:50:4f:82:15:e6:48:94:35:
+                    a6:5a:be:6f:42:fa:0f:47:ee:77:75:72:dd:8d:49:
+                    9b:96:57:a0:78:d4:ca:3f:51:b3:69:0b:91:76:17:
+                    22:07:97:6a:c4:51:93:4b:e0:8d:ef:37:95:a1:0c:
+                    4d:da:34:90:1d:17:89:97:e0:35:38:57:4a:c0:f4:
+                    08:70:e9:3c:44:7b:50:7e:61:9a:90:e3:23:d3:88:
+                    11:46:27:f5:0b:07:0e:bb:dd:d1:7f:20:0a:88:b9:
+                    56:0b:2e:1c:80:da:f1:e3:9e:29:ef:14:bd:0a:44:
+                    fb:1b:5b:18:d1:bf:23:93:21
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        2d:e2:99:6b:b0:3d:7a:89:d7:59:a2:94:01:1f:2b:dd:12:4b:
+        53:c2:ad:7f:aa:a7:00:5c:91:40:57:25:4a:38:aa:84:70:b9:
+        d9:80:0f:a5:7b:5c:fb:73:c6:bd:d7:8a:61:5c:03:e3:2d:27:
+        a8:17:e0:84:85:42:dc:5e:9b:c6:b7:b2:6d:bb:74:af:e4:3f:
+        cb:a7:b7:b0:e0:5d:be:78:83:25:94:d2:db:81:0f:79:07:6d:
+        4f:f4:39:15:5a:52:01:7b:de:32:d6:4d:38:f6:12:5c:06:50:
+        df:05:5b:bd:14:4b:a1:df:29:ba:3b:41:8d:f7:63:56:a1:df:
+        22:b1
+
+Thawte Personal Freemail CA
+===========================
+MD5 Fingerprint: 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDLTCCApagAwIBAgIBADANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
+VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
+ZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVt
+YWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUu
+Y29tMB4XDTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgdExCzAJBgNVBAYT
+AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEa
+MBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRp
+b24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBG
+cmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhh
+d3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1GnX1LCUZFtx6UfY
+DFG26nKRsIRefS0Nj3sS34UldSh0OkIsYyeflXtL734Zhx2G6qPduc6WZBrCFG5E
+rHzmj+hND3EfQDimAKOHePb5lIZererAXnbr2RSjXW56fAylS1V/Bhkpf56aJtVq
+uzgkCGqYx7Hao5iR/Xnb5VrEHLkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zAN
+BgkqhkiG9w0BAQQFAAOBgQDH7JJ+Tvj1lqVnYiqk8E0RYNBvjWBYYawmu1I1XAjP
+MPuoSpaKH2JCI4wXD/S6ZJwXrEcp352YXtJsYHFcoqzceePnbgBHH7UNKOgCneSa
+/RP0ptl8sfjcXyMmCZGAc9AUG95DqYMl8uacLxXK/qarigd1iwzdUYRr5PjRznei
+gQ==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freemail CA/Email=personal-freemail at thawte.com
+        Validity
+            Not Before: Jan  1 00:00:00 1996 GMT
+            Not After : Dec 31 23:59:59 2020 GMT
+        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freemail CA/Email=personal-freemail at thawte.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d4:69:d7:d4:b0:94:64:5b:71:e9:47:d8:0c:51:
+                    b6:ea:72:91:b0:84:5e:7d:2d:0d:8f:7b:12:df:85:
+                    25:75:28:74:3a:42:2c:63:27:9f:95:7b:4b:ef:7e:
+                    19:87:1d:86:ea:a3:dd:b9:ce:96:64:1a:c2:14:6e:
+                    44:ac:7c:e6:8f:e8:4d:0f:71:1f:40:38:a6:00:a3:
+                    87:78:f6:f9:94:86:5e:ad:ea:c0:5e:76:eb:d9:14:
+                    a3:5d:6e:7a:7c:0c:a5:4b:55:7f:06:19:29:7f:9e:
+                    9a:26:d5:6a:bb:38:24:08:6a:98:c7:b1:da:a3:98:
+                    91:fd:79:db:e5:5a:c4:1c:b9
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        c7:ec:92:7e:4e:f8:f5:96:a5:67:62:2a:a4:f0:4d:11:60:d0:
+        6f:8d:60:58:61:ac:26:bb:52:35:5c:08:cf:30:fb:a8:4a:96:
+        8a:1f:62:42:23:8c:17:0f:f4:ba:64:9c:17:ac:47:29:df:9d:
+        98:5e:d2:6c:60:71:5c:a2:ac:dc:79:e3:e7:6e:00:47:1f:b5:
+        0d:28:e8:02:9d:e4:9a:fd:13:f4:a6:d9:7c:b1:f8:dc:5f:23:
+        26:09:91:80:73:d0:14:1b:de:43:a9:83:25:f2:e6:9c:2f:15:
+        ca:fe:a6:ab:8a:07:75:8b:0c:dd:51:84:6b:e4:f8:d1:ce:77:
+        a2:81
+
+Thawte Personal Premium CA
+==========================
+MD5 Fingerprint: 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDKTCCApKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBzzELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD
+VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
+ZXJ2aWNlcyBEaXZpc2lvbjEjMCEGA1UEAxMaVGhhd3RlIFBlcnNvbmFsIFByZW1p
+dW0gQ0ExKjAoBgkqhkiG9w0BCQEWG3BlcnNvbmFsLXByZW1pdW1AdGhhd3RlLmNv
+bTAeFw05NjAxMDEwMDAwMDBaFw0yMDEyMzEyMzU5NTlaMIHPMQswCQYDVQQGEwJa
+QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAY
+BgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9u
+IFNlcnZpY2VzIERpdmlzaW9uMSMwIQYDVQQDExpUaGF3dGUgUGVyc29uYWwgUHJl
+bWl1bSBDQTEqMCgGCSqGSIb3DQEJARYbcGVyc29uYWwtcHJlbWl1bUB0aGF3dGUu
+Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJZtn4B0TPuYwu8KHvE0Vs
+Bd/eJxZRNkERbGw77f4QfRKe5ZtCmv5gMcNmt3M6SK5O0DI3lIi1DbbZ8/JE2dWI
+Et12TfIa/G8jHnrx2JhFTgcQ7xZC0EN1bUre4qrJMf8fAHB8Zs8QJQi6+u4A6UYD
+ZicRFTuqW/KY3TZCstqIdQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBBAUAA4GBAGk2ifc0KjNyL2071CKyuG+axTZmDhs8obF1Wub9NdP4qPIH
+b4Vnjt4rueIXsDqg8A6iAJrf8xQVbrvIhVqYgPn/vnQdPfP+MCXRNzRn+qVxeTBh
+KXLA4CxM+1bkOqhv5TJZUtt1KFBZDPgLGeSs2a+WjS9Q2wfD6h+rM+D1KzGJ
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premium CA/Email=personal-premium at thawte.com
+        Validity
+            Not Before: Jan  1 00:00:00 1996 GMT
+            Not After : Dec 31 23:59:59 2020 GMT
+        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premium CA/Email=personal-premium at thawte.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c9:66:d9:f8:07:44:cf:b9:8c:2e:f0:a1:ef:13:
+                    45:6c:05:df:de:27:16:51:36:41:11:6c:6c:3b:ed:
+                    fe:10:7d:12:9e:e5:9b:42:9a:fe:60:31:c3:66:b7:
+                    73:3a:48:ae:4e:d0:32:37:94:88:b5:0d:b6:d9:f3:
+                    f2:44:d9:d5:88:12:dd:76:4d:f2:1a:fc:6f:23:1e:
+                    7a:f1:d8:98:45:4e:07:10:ef:16:42:d0:43:75:6d:
+                    4a:de:e2:aa:c9:31:ff:1f:00:70:7c:66:cf:10:25:
+                    08:ba:fa:ee:00:e9:46:03:66:27:11:15:3b:aa:5b:
+                    f2:98:dd:36:42:b2:da:88:75
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        69:36:89:f7:34:2a:33:72:2f:6d:3b:d4:22:b2:b8:6f:9a:c5:
+        36:66:0e:1b:3c:a1:b1:75:5a:e6:fd:35:d3:f8:a8:f2:07:6f:
+        85:67:8e:de:2b:b9:e2:17:b0:3a:a0:f0:0e:a2:00:9a:df:f3:
+        14:15:6e:bb:c8:85:5a:98:80:f9:ff:be:74:1d:3d:f3:fe:30:
+        25:d1:37:34:67:fa:a5:71:79:30:61:29:72:c0:e0:2c:4c:fb:
+        56:e4:3a:a8:6f:e5:32:59:52:db:75:28:50:59:0c:f8:0b:19:
+        e4:ac:d9:af:96:8d:2f:50:db:07:c3:ea:1f:ab:33:e0:f5:2b:
+        31:89
+
+Thawte Premium Server CA
+========================
+MD5 Fingerprint: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
+dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
+MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
+MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
+A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
+b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
+cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
+bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
+VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
+ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
+uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
+9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
+hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
+pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/Email=premium-server at thawte.com
+        Validity
+            Not Before: Aug  1 00:00:00 1996 GMT
+            Not After : Dec 31 23:59:59 2020 GMT
+        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/Email=premium-server at thawte.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d2:36:36:6a:8b:d7:c2:5b:9e:da:81:41:62:8f:
+                    38:ee:49:04:55:d6:d0:ef:1c:1b:95:16:47:ef:18:
+                    48:35:3a:52:f4:2b:6a:06:8f:3b:2f:ea:56:e3:af:
+                    86:8d:9e:17:f7:9e:b4:65:75:02:4d:ef:cb:09:a2:
+                    21:51:d8:9b:d0:67:d0:ba:0d:92:06:14:73:d4:93:
+                    cb:97:2a:00:9c:5c:4e:0c:bc:fa:15:52:fc:f2:44:
+                    6e:da:11:4a:6e:08:9f:2f:2d:e3:f9:aa:3a:86:73:
+                    b6:46:53:58:c8:89:05:bd:83:11:b8:73:3f:aa:07:
+                    8d:f4:42:4d:e7:40:9d:1c:37
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        26:48:2c:16:c2:58:fa:e8:16:74:0c:aa:aa:5f:54:3f:f2:d7:
+        c9:78:60:5e:5e:6e:37:63:22:77:36:7e:b2:17:c4:34:b9:f5:
+        08:85:fc:c9:01:38:ff:4d:be:f2:16:42:43:e7:bb:5a:46:fb:
+        c1:c6:11:1f:f1:4a:b0:28:46:c9:c3:c4:42:7d:bc:fa:ab:59:
+        6e:d5:b7:51:88:11:e3:a4:85:19:6b:82:4c:a4:0c:12:ad:e9:
+        a4:ae:3f:f1:c3:49:65:9a:8c:c5:c8:3e:25:b7:94:99:bb:92:
+        32:71:07:f0:86:5e:ed:50:27:a6:0d:a6:23:f9:bb:cb:a6:07:
+        14:42
+
+Thawte Server CA
+================
+MD5 Fingerprint: C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
+FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
+VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
+MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx
+MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT
+DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3
+dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
+cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3
+DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
+gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91
+yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX
+L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj
+EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG
+7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
+QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ
+qdq5snUb9kLy78fyGPmJvKP/iiMucEc=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/Email=server-certs at thawte.com
+        Validity
+            Not Before: Aug  1 00:00:00 1996 GMT
+            Not After : Dec 31 23:59:59 2020 GMT
+        Subject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA/Email=server-certs at thawte.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d3:a4:50:6e:c8:ff:56:6b:e6:cf:5d:b6:ea:0c:
+                    68:75:47:a2:aa:c2:da:84:25:fc:a8:f4:47:51:da:
+                    85:b5:20:74:94:86:1e:0f:75:c9:e9:08:61:f5:06:
+                    6d:30:6e:15:19:02:e9:52:c0:62:db:4d:99:9e:e2:
+                    6a:0c:44:38:cd:fe:be:e3:64:09:70:c5:fe:b1:6b:
+                    29:b6:2f:49:c8:3b:d4:27:04:25:10:97:2f:e7:90:
+                    6d:c0:28:42:99:d7:4c:43:de:c3:f5:21:6d:54:9f:
+                    5d:c3:58:e1:c0:e4:d9:5b:b0:b8:dc:b4:7b:df:36:
+                    3a:c2:b5:66:22:12:d6:87:0d
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: critical
+                CA:TRUE
+    Signature Algorithm: md5WithRSAEncryption
+        07:fa:4c:69:5c:fb:95:cc:46:ee:85:83:4d:21:30:8e:ca:d9:
+        a8:6f:49:1a:e6:da:51:e3:60:70:6c:84:61:11:a1:1a:c8:48:
+        3e:59:43:7d:4f:95:3d:a1:8b:b7:0b:62:98:7a:75:8a:dd:88:
+        4e:4e:9e:40:db:a8:cc:32:74:b9:6f:0d:c6:e3:b3:44:0b:d9:
+        8a:6f:9a:29:9b:99:18:28:3b:d1:e3:40:28:9a:5a:3c:d5:b5:
+        e7:20:1b:8b:ca:a4:ab:8d:e9:51:d9:e2:4c:2c:59:a9:da:b9:
+        b2:75:1b:f6:42:f2:ef:c7:f2:18:f9:89:bc:a3:ff:8a:23:2e:
+        70:47
+
+Thawte Universal CA Root
+========================
+MD5 Fingerprint: 17:AF:71:16:52:7B:73:65:22:05:29:28:84:71:9D:13
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIRIjCCCQoCAQAwDQYJKoZIhvcNAQEFBQAwVzEPMA0GA1UEChMGVGhhd3RlMSEw
+HwYDVQQLExhUaGF3dGUgVW5pdmVyc2FsIENBIFJvb3QxITAfBgNVBAMTGFRoYXd0
+ZSBVbml2ZXJzYWwgQ0EgUm9vdDAeFw05OTEyMDUxMzU2MDVaFw0zNzA0MDMxMzU2
+MDVaMFcxDzANBgNVBAoTBlRoYXd0ZTEhMB8GA1UECxMYVGhhd3RlIFVuaXZlcnNh
+bCBDQSBSb290MSEwHwYDVQQDExhUaGF3dGUgVW5pdmVyc2FsIENBIFJvb3Qwgggi
+MA0GCSqGSIb3DQEBAQUAA4IIDwAwgggKAoIIAQDiiQVtw3+tpok6/7vHzZ03seHS
+IR6bYSoV53tXT1U80Lv52T0+przstK1TmhYC6wty/Yryj0QFxevT5b22RDnm+0e/
+ap4KlRjiaOLWltYhrYj99Rf109pCpZDtKZWWdTrah6HU9dOH3gVipuNmdJLPpby7
+32j/cXVWQVk16zNaZlHy0qMKwYzOc1wRby2MlYyRsf3P5a1WlcyFkoOQVUHJwnft
++aN0QgpoCPPQ0WX9Zyw0/yR/53nIBzslV92kDJg9vuDMGWXb8lSir0LUneKuhCMl
+CTMStWoedsSL2UkAbF66H/Ib2mfKJ6qjRCMbg4LO8qsz7VSk3MmrWWXROA7BPhtn
+j9Z1AeBVIt12d+yO3fTPeSJtuVcD9ZkIpzw+NPvEF64jWM0k8yPKagIolAGBNLRs
+a66LGsOj0gk8FlT1Nl8k459KoeJkxhbDpoF6JDZHjsFeDvv5FXgE1g5Z2Z1YZmLS
+lCkyMsh4uWb2tVbhbMYUS5ZSWZECJGpVR9c/tiMaYHeXLuJAr54EV56tEcXJQ3Dv
+SLRerBxpLi6C1VuLvoK+GRRe5w0ix1Eb/x6b8TCPcTEGszQnj196ZoJPii0Tq0LP
+IVael45mNg+Wm+Ur9AKpKmqMLMTDuHAsLSkeP1B3Hm0qVORVCpE4ocW1ZqJ2Wu4P
+v7Rn4ShuD+E2oYLRv9R34cRnMpN4yOdUU/4jeeZozCaQ9hBjXSpvkS2kczJRIfK7
+Fd+qJAhIBt6hnia/uoO/fKTIoIy90v+8hGknEyQYxEUYIyZeGBTKLoiHYqNT5iG3
+uIV7moW7FSZy+Ln3anQPST+SvqkFt5knv78JF0uZTK0REHzfdDH2jyZfqoiuOFfI
+VS3T+9gbUZm+JRs6usB9G+3O0km5z/PFfYmQgdhpSCAQo/jvklEYMosRGMA/G4VW
+zlfJ8oJkxt8CCS5KES+xJ203UvDwFmHxZ43fh3Kvh9rP+1CUbtSUheuKLOoh9ZZK
+RNXgzmp0RE3QBdOHFe020KSLZlVwk+5HBsF+LqUYeWfzKIXxcPcOg6R+VJ5adjLL
+ZRu4zfvIKAPSVJHRp8WFQwgXdqXmL2cI2KGigi0M+MGvY9RQd21rRkpBhdWQX3kt
+xOzXEYdAiuFo4mT4VTL7b5Ms2nfZIcEX5TYsTn6Qf6yUKzJnvjhQdriuQbnXIcUJ
+TGDIo1HENJtXN9/LyTNXi+v7dp8ZTcVqHypFrivtL42npQDLBPolYi50SBvKKoy6
+27Z+9rsCfKnD21h4ob/w/hoQVRHO6GlOlmXGFwPWB2iMVIKuHCJVP/H0CZcowEb3
+TgslHfcH1wkdOhhXODvoMwbnj3hGHlv1BrbsuKYN8boTS9YYIN1pM0ozFa64yJiK
+JyyTvC377jO/ZuZNurabBlVgl0u8RM1+9KHYqi/AAighFmJ42whU8vz0NOPGjxxD
+V86QGkvcLjsokYk/eto1HY4s7kns9DOtyVOojJ8EUz4kHFLJEvliV6O87izrQHwg
+I3ArlflzF4rRwRxpprc4mmf3cB16WgxAz2IPhTzCAk5+tfbFKimEsx83KuGqckLE
+7Wsaj5IcXb7R8lvyq6qp0vW4pEErK5FuEkjKmNg3jcjtADC1tgROfpzahOzA+nvl
+HYikU0awlORcG6ElLA9IUneXCWzsWxgzgwLlgn7NhSEwEf0nT8/kHuw/pVds6Sow
+GSqI5cNpOKtvOXF/hOFBw+HMKokgUi6DD2w5P0stFqwt8CSsAHP0m7MGPwW4FIUf
+q55cPJ5inQ5tO4AJ/ALqopd0ysf541bhw8qlpprAkOAkElPSwovavu0CQ15n4YmY
+ee7LqsrDG9znpUalfGsWh7ZaKNfbJzxepb22Ud0fQ887Jsg6jSVhwUn0PBvJROqv
+HMIrlAEqDjDRW4srR+XD0QQDmw45LNYn1OZwWtl1zyrYyQAF5BOI7MM5+4dhMDZD
+A8ienKIGwi/F/PCAY7FUBKBMqS7G9XZ62NDk1JQR5RW1eAbcuICPmakgMz0QhUxl
+Cco+WF5gk5qqYl3AUQYcXWCgDZxLQ/anFiGkh6rywS7ukjC4nt/fEAGLhglw2Gyo
+t1AeFpa092f9NTohkCoyxwB7TQcQCbkvc9gYfmeZBE8G/FDHhZudQJ2zljf6pdyy
+ck7vTgks/ZH9Tfe7pqE+q3uiA0CmqVUn4vr5Gc6HdarxdTbz87iR+JHDi3UTjkxl
+mhY5auU06HqWWX81sAD9W2n8Qyb69Shu/ofZfiT7tKCCblSi/66/YrT0cgHCy5hH
+mOFMtReAgM6PpijuHkVq+9/xHfxaO9bq9GwdYklXO4qPhurwUwTOnBZo/7q5/IgP
+R/cCRHJAuMo7LVOd3DxWjFl7aBosjXG7bADHGs5vQJKxoy8P2UTyo3Aunu4OrjLQ
+Oz6LB+rmebNcKeJ9a6he+Vox6AiWoowDmEbxuH2QVCbtdmL+numabl7JScdcNFMp
+VNns5EbhgDt12d/7edWH8bqe6xnOTFJz5luHriVPOXnMxrj5EHvs8JtxpAWg0ynT
+Tn8f9C0oeMxVlXsekS/MVhhzi7LbvGkH5tDYT+2i/1iFo23gSlO3Z32NDFxbe3co
+AjVEegTTKEPIazAXXTK4KTW6dto7FEp2GFik+JI8nk0zb0ZrCNkxSGjd9PskVjSy
+z2lmvkjSimYizfJpzcJTE0UpQSLWXZgftqSyo8LuAi9RG9yDpOxwJajUCGEyb+Sh
+gS58Y3L6KWW8cETPXQIDAQABMA0GCSqGSIb3DQEBBQUAA4IIAQBVmjRqIgZpCUUz
+x66pXMcJTpuGvEGQ1JRS9s0jKZRLIs3ovf6dzVLyve2rh8mrq0YEtL2iPyIwR1DA
+S4x2DwP1ktKxLcR6NZzJc4frpp/eD3ON03+Z2LqPb8Tzvhqui6KUNpDi5euNBfT8
+Zd+V8cSUTRdW1588j1A853e/lYYmZPtq/8ba6YyuQrtp5TPG2OkNxlUhScEMtKP5
+m0tc3oNPQQPOKnloOH3wVEkg9bYQ/wjcM2aWm/8G3gCe185WQ5pR/HDN9vBRo7fN
+tFyFYs1xt8YrIyvdw25AQvo3/zcc9npXlIeFI9fUycdfwU0vyQ3XXOycJe6eMIKR
+lnK4dR34CWhXl7ItS+4l7HokKe5y1JwT26vcAwrYShTJCFdEXaG1U4A08hSXz1Le
+og6KEOkU79BgvmGh8SVd1RhzP5MQypbus0DS26NVz1dapQ5PdUff6veQmm31cC4d
+FBw3ZARZULDccoZvnDc9XSivc1Xv0u4kdHQT79zbMUn7P2P10wg+M6XnnQreUyxR
+jmfbm0FlQVC91KSWbIe8EuCUx9PA5MtzWACD4awnhdadU51cvQo+A0OcDJH1bXv4
+QHJ1qxF2kSvhxqofcGl2cBUJ/pPQ1i23FWqbZ1y0aZ8lpn2K+30iqXHyzk6MuCEt
+3v5BcQ3/nexzprsHT4gOWEcufqnCx3jdunqeTuAwTmNvhdQgQen6/kNF5/uverLO
+pAUdIppYht/kzkyp/tgWpW/72M5We/XWIO/kR81jJP+5vvFIo8EBcua9wK3tJg3K
+NJ/8Ai0gTwUgriE9DMIgPD/wBITcz4n9uSWRjtBD5rMgq1wt1UCeoEvY9LLMffFY
+Co6H7YisNpbkVqARivKa0LNXozS7Gas44XRrIsQxzgHVGzbjHjhMM5PfQONZV06s
+bnseWj3FHVusyBCCNQIisvx16BCRjcR9eJNHnhydrGtiAliM1hwj1q94woCcpKok
+VBS1FJjG+CsaJMtxMgrimw5pa91+jGTRLmPvDn+xPohMnVXlyW4XBLdB/72KQcsl
+MW9Edz9HsfyBiAeOBUkgtxHZaQMqA525M4Sa399640Zzo9iijFMZiFVMdLj2RIQr
+0RQtTjkukmj/afyFYhvrVU/vJYRiRZnW2E5vP1MIfR0GlYGAf09OdDaYteKHcJjc
+1/XcUhXmxtZ5ljl/j5XPq4BTrRsLRUAO1Bi9LN6Kd3b98kRHxiHQ5HTw2BgFyHww
+csff8bv8AjCp9EImWQ2TBYKhc+005ThdzVCQ/pT8E7y9/KiiiKdzxLKo0V2IxAKi
+evEEyf6MdMnvHWRBn6welmdkrKsoQced98CYG24HwmR9WoNmVig2nOf7HHcOKKDE
+92t5OQQghMdXk7wboOq860LlqBH+/KxlzP34KIj0pZrlc1HgqJsNA3dO5eCYs4ja
+febGnnwUZsEuU0qSBzegfuk9CeQVfM/9uEGl755mncReBx2H+EGt6ucv0kFjGDf5
+FONN0OX3Q/0V4/k2cwYm3wFPqcNO3iBGd5i0eiQrO3UrTliNm12kxxagvDKIP6GD
+8wDI+NhY6WNdTCu18HJB2Kt3N9ZydK62NpzIpoNJS+DJVgspvgAwy93WyEKKANns
+FdE0cfJbZIf2J9K364awkL8p2yGeNozjIC+VI1FsG8Kk1ebYAkNnoP6bUANEf7vk
+ctXR5NqPkhRk+10UEBJKlQbJZQgpyiGjJjgRySffcGcE/cpIMn9jskV0MVBPh9kg
+cNIhcLHWEJ0zXXiDkW1Vguza5GJjx4FG1xllcipDGZC41yNNTBzgRKlmZ6zucXkn
+Jnhtcg71XUsjtXx8ZekXxjoLDd1eHlHDhrjsf8cnSqVG6GotGcGHo8uZk4dkolUU
+TLdDpZPX59JOeUDKZZlGPT96gHqIaswe5WszRvRQwNUfCbjNii6hJ+tdc6foawrl
+V4IqsPziVFJW8KupEsYjlgcknOC8RqW0IATaCZNj5dQuwn7FMe21FXSGF7mz8yaK
+HQJq2ho/6LrxBG2UUVTiWrRZgx1g0C1zzAe1Joz518aIke+Az10PoWDLRdRCItGx
+cB390LcwkDrGSG1n5TLaj9vjqOMdICWiHOFMuaT2xj9cWA27xrJ3ARaRnxcGDbdA
+PsyPjpxL4J1+mx4Fq4gi+tMoG1cUZEo+JCw4TSFpAHMu0FUtdPIV6JRDPkAqxsa5
+alveoswYUFRdTiqFbPaSiykZfufqSuAiKyW892bPd5pBdPI8FA10afVQg83NLyHb
+IkaK0PdRGpVX8gWLGhntO0XoNsJufvtXIgAfBlOprpPGj3EqMUWS545t5pkiwIP8
+79xXZndPojYx+6ETjeXKo5V9AQxkcDtTQmiAx7udqAA1aZgMqGfYQ+Wqz5XgUZWk
+Fz9CnbgEztN5ecjTihYykuDXou7XN0wvrLh7vkX28RgznHs3piTZvECrAOnDN4ur
+2LbzXoFOsBRrBz4f7ML2RCKVu7Pmb9b5cGW6CoNlqg4TL4MTI1OLQBb6zi/8TQT4
+69isxTbCFVdIOOxVs7Qeuq3SQgYXDXPIV6a+lk2p8sD7eiEc9clwqYKQtfEM1HkQ
+voGm6VxhnHd5mqTDNyZXN8lSLPoI/9BfxmHA9Ha+/N5Oz6tRmXHH33701s8GVhkT
+UwttdFlIGZtTBS2dMlTT5SxTi2Q+1GR744AJFMz+FkZja3Fp+PnLJ/aIVLxFs84C
+yJTuQFv5QgLC/7DYLOsof17JJgGZpw==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 0 (0x0)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: O=Thawte, OU=Thawte Universal CA Root, CN=Thawte Universal CA Root
+        Validity
+            Not Before: Dec  5 13:56:05 1999 GMT
+            Not After : Apr  3 13:56:05 2037 GMT
+        Subject: O=Thawte, OU=Thawte Universal CA Root, CN=Thawte Universal CA Root
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (16384 bit)
+                Modulus (16384 bit):
+                    00:e2:89:05:6d:c3:7f:ad:a6:89:3a:ff:bb:c7:cd:
+                    9d:37:b1:e1:d2:21:1e:9b:61:2a:15:e7:7b:57:4f:
+                    55:3c:d0:bb:f9:d9:3d:3e:a6:bc:ec:b4:ad:53:9a:
+                    16:02:eb:0b:72:fd:8a:f2:8f:44:05:c5:eb:d3:e5:
+                    bd:b6:44:39:e6:fb:47:bf:6a:9e:0a:95:18:e2:68:
+                    e2:d6:96:d6:21:ad:88:fd:f5:17:f5:d3:da:42:a5:
+                    90:ed:29:95:96:75:3a:da:87:a1:d4:f5:d3:87:de:
+                    05:62:a6:e3:66:74:92:cf:a5:bc:bb:df:68:ff:71:
+                    75:56:41:59:35:eb:33:5a:66:51:f2:d2:a3:0a:c1:
+                    8c:ce:73:5c:11:6f:2d:8c:95:8c:91:b1:fd:cf:e5:
+                    ad:56:95:cc:85:92:83:90:55:41:c9:c2:77:ed:f9:
+                    a3:74:42:0a:68:08:f3:d0:d1:65:fd:67:2c:34:ff:
+                    24:7f:e7:79:c8:07:3b:25:57:dd:a4:0c:98:3d:be:
+                    e0:cc:19:65:db:f2:54:a2:af:42:d4:9d:e2:ae:84:
+                    23:25:09:33:12:b5:6a:1e:76:c4:8b:d9:49:00:6c:
+                    5e:ba:1f:f2:1b:da:67:ca:27:aa:a3:44:23:1b:83:
+                    82:ce:f2:ab:33:ed:54:a4:dc:c9:ab:59:65:d1:38:
+                    0e:c1:3e:1b:67:8f:d6:75:01:e0:55:22:dd:76:77:
+                    ec:8e:dd:f4:cf:79:22:6d:b9:57:03:f5:99:08:a7:
+                    3c:3e:34:fb:c4:17:ae:23:58:cd:24:f3:23:ca:6a:
+                    02:28:94:01:81:34:b4:6c:6b:ae:8b:1a:c3:a3:d2:
+                    09:3c:16:54:f5:36:5f:24:e3:9f:4a:a1:e2:64:c6:
+                    16:c3:a6:81:7a:24:36:47:8e:c1:5e:0e:fb:f9:15:
+                    78:04:d6:0e:59:d9:9d:58:66:62:d2:94:29:32:32:
+                    c8:78:b9:66:f6:b5:56:e1:6c:c6:14:4b:96:52:59:
+                    91:02:24:6a:55:47:d7:3f:b6:23:1a:60:77:97:2e:
+                    e2:40:af:9e:04:57:9e:ad:11:c5:c9:43:70:ef:48:
+                    b4:5e:ac:1c:69:2e:2e:82:d5:5b:8b:be:82:be:19:
+                    14:5e:e7:0d:22:c7:51:1b:ff:1e:9b:f1:30:8f:71:
+                    31:06:b3:34:27:8f:5f:7a:66:82:4f:8a:2d:13:ab:
+                    42:cf:21:56:9e:97:8e:66:36:0f:96:9b:e5:2b:f4:
+                    02:a9:2a:6a:8c:2c:c4:c3:b8:70:2c:2d:29:1e:3f:
+                    50:77:1e:6d:2a:54:e4:55:0a:91:38:a1:c5:b5:66:
+                    a2:76:5a:ee:0f:bf:b4:67:e1:28:6e:0f:e1:36:a1:
+                    82:d1:bf:d4:77:e1:c4:67:32:93:78:c8:e7:54:53:
+                    fe:23:79:e6:68:cc:26:90:f6:10:63:5d:2a:6f:91:
+                    2d:a4:73:32:51:21:f2:bb:15:df:aa:24:08:48:06:
+                    de:a1:9e:26:bf:ba:83:bf:7c:a4:c8:a0:8c:bd:d2:
+                    ff:bc:84:69:27:13:24:18:c4:45:18:23:26:5e:18:
+                    14:ca:2e:88:87:62:a3:53:e6:21:b7:b8:85:7b:9a:
+                    85:bb:15:26:72:f8:b9:f7:6a:74:0f:49:3f:92:be:
+                    a9:05:b7:99:27:bf:bf:09:17:4b:99:4c:ad:11:10:
+                    7c:df:74:31:f6:8f:26:5f:aa:88:ae:38:57:c8:55:
+                    2d:d3:fb:d8:1b:51:99:be:25:1b:3a:ba:c0:7d:1b:
+                    ed:ce:d2:49:b9:cf:f3:c5:7d:89:90:81:d8:69:48:
+                    20:10:a3:f8:ef:92:51:18:32:8b:11:18:c0:3f:1b:
+                    85:56:ce:57:c9:f2:82:64:c6:df:02:09:2e:4a:11:
+                    2f:b1:27:6d:37:52:f0:f0:16:61:f1:67:8d:df:87:
+                    72:af:87:da:cf:fb:50:94:6e:d4:94:85:eb:8a:2c:
+                    ea:21:f5:96:4a:44:d5:e0:ce:6a:74:44:4d:d0:05:
+                    d3:87:15:ed:36:d0:a4:8b:66:55:70:93:ee:47:06:
+                    c1:7e:2e:a5:18:79:67:f3:28:85:f1:70:f7:0e:83:
+                    a4:7e:54:9e:5a:76:32:cb:65:1b:b8:cd:fb:c8:28:
+                    03:d2:54:91:d1:a7:c5:85:43:08:17:76:a5:e6:2f:
+                    67:08:d8:a1:a2:82:2d:0c:f8:c1:af:63:d4:50:77:
+                    6d:6b:46:4a:41:85:d5:90:5f:79:2d:c4:ec:d7:11:
+                    87:40:8a:e1:68:e2:64:f8:55:32:fb:6f:93:2c:da:
+                    77:d9:21:c1:17:e5:36:2c:4e:7e:90:7f:ac:94:2b:
+                    32:67:be:38:50:76:b8:ae:41:b9:d7:21:c5:09:4c:
+                    60:c8:a3:51:c4:34:9b:57:37:df:cb:c9:33:57:8b:
+                    eb:fb:76:9f:19:4d:c5:6a:1f:2a:45:ae:2b:ed:2f:
+                    8d:a7:a5:00:cb:04:fa:25:62:2e:74:48:1b:ca:2a:
+                    8c:ba:db:b6:7e:f6:bb:02:7c:a9:c3:db:58:78:a1:
+                    bf:f0:fe:1a:10:55:11:ce:e8:69:4e:96:65:c6:17:
+                    03:d6:07:68:8c:54:82:ae:1c:22:55:3f:f1:f4:09:
+                    97:28:c0:46:f7:4e:0b:25:1d:f7:07:d7:09:1d:3a:
+                    18:57:38:3b:e8:33:06:e7:8f:78:46:1e:5b:f5:06:
+                    b6:ec:b8:a6:0d:f1:ba:13:4b:d6:18:20:dd:69:33:
+                    4a:33:15:ae:b8:c8:98:8a:27:2c:93:bc:2d:fb:ee:
+                    33:bf:66:e6:4d:ba:b6:9b:06:55:60:97:4b:bc:44:
+                    cd:7e:f4:a1:d8:aa:2f:c0:02:28:21:16:62:78:db:
+                    08:54:f2:fc:f4:34:e3:c6:8f:1c:43:57:ce:90:1a:
+                    4b:dc:2e:3b:28:91:89:3f:7a:da:35:1d:8e:2c:ee:
+                    49:ec:f4:33:ad:c9:53:a8:8c:9f:04:53:3e:24:1c:
+                    52:c9:12:f9:62:57:a3:bc:ee:2c:eb:40:7c:20:23:
+                    70:2b:95:f9:73:17:8a:d1:c1:1c:69:a6:b7:38:9a:
+                    67:f7:70:1d:7a:5a:0c:40:cf:62:0f:85:3c:c2:02:
+                    4e:7e:b5:f6:c5:2a:29:84:b3:1f:37:2a:e1:aa:72:
+                    42:c4:ed:6b:1a:8f:92:1c:5d:be:d1:f2:5b:f2:ab:
+                    aa:a9:d2:f5:b8:a4:41:2b:2b:91:6e:12:48:ca:98:
+                    d8:37:8d:c8:ed:00:30:b5:b6:04:4e:7e:9c:da:84:
+                    ec:c0:fa:7b:e5:1d:88:a4:53:46:b0:94:e4:5c:1b:
+                    a1:25:2c:0f:48:52:77:97:09:6c:ec:5b:18:33:83:
+                    02:e5:82:7e:cd:85:21:30:11:fd:27:4f:cf:e4:1e:
+                    ec:3f:a5:57:6c:e9:2a:30:19:2a:88:e5:c3:69:38:
+                    ab:6f:39:71:7f:84:e1:41:c3:e1:cc:2a:89:20:52:
+                    2e:83:0f:6c:39:3f:4b:2d:16:ac:2d:f0:24:ac:00:
+                    73:f4:9b:b3:06:3f:05:b8:14:85:1f:ab:9e:5c:3c:
+                    9e:62:9d:0e:6d:3b:80:09:fc:02:ea:a2:97:74:ca:
+                    c7:f9:e3:56:e1:c3:ca:a5:a6:9a:c0:90:e0:24:12:
+                    53:d2:c2:8b:da:be:ed:02:43:5e:67:e1:89:98:79:
+                    ee:cb:aa:ca:c3:1b:dc:e7:a5:46:a5:7c:6b:16:87:
+                    b6:5a:28:d7:db:27:3c:5e:a5:bd:b6:51:dd:1f:43:
+                    cf:3b:26:c8:3a:8d:25:61:c1:49:f4:3c:1b:c9:44:
+                    ea:af:1c:c2:2b:94:01:2a:0e:30:d1:5b:8b:2b:47:
+                    e5:c3:d1:04:03:9b:0e:39:2c:d6:27:d4:e6:70:5a:
+                    d9:75:cf:2a:d8:c9:00:05:e4:13:88:ec:c3:39:fb:
+                    87:61:30:36:43:03:c8:9e:9c:a2:06:c2:2f:c5:fc:
+                    f0:80:63:b1:54:04:a0:4c:a9:2e:c6:f5:76:7a:d8:
+                    d0:e4:d4:94:11:e5:15:b5:78:06:dc:b8:80:8f:99:
+                    a9:20:33:3d:10:85:4c:65:09:ca:3e:58:5e:60:93:
+                    9a:aa:62:5d:c0:51:06:1c:5d:60:a0:0d:9c:4b:43:
+                    f6:a7:16:21:a4:87:aa:f2:c1:2e:ee:92:30:b8:9e:
+                    df:df:10:01:8b:86:09:70:d8:6c:a8:b7:50:1e:16:
+                    96:b4:f7:67:fd:35:3a:21:90:2a:32:c7:00:7b:4d:
+                    07:10:09:b9:2f:73:d8:18:7e:67:99:04:4f:06:fc:
+                    50:c7:85:9b:9d:40:9d:b3:96:37:fa:a5:dc:b2:72:
+                    4e:ef:4e:09:2c:fd:91:fd:4d:f7:bb:a6:a1:3e:ab:
+                    7b:a2:03:40:a6:a9:55:27:e2:fa:f9:19:ce:87:75:
+                    aa:f1:75:36:f3:f3:b8:91:f8:91:c3:8b:75:13:8e:
+                    4c:65:9a:16:39:6a:e5:34:e8:7a:96:59:7f:35:b0:
+                    00:fd:5b:69:fc:43:26:fa:f5:28:6e:fe:87:d9:7e:
+                    24:fb:b4:a0:82:6e:54:a2:ff:ae:bf:62:b4:f4:72:
+                    01:c2:cb:98:47:98:e1:4c:b5:17:80:80:ce:8f:a6:
+                    28:ee:1e:45:6a:fb:df:f1:1d:fc:5a:3b:d6:ea:f4:
+                    6c:1d:62:49:57:3b:8a:8f:86:ea:f0:53:04:ce:9c:
+                    16:68:ff:ba:b9:fc:88:0f:47:f7:02:44:72:40:b8:
+                    ca:3b:2d:53:9d:dc:3c:56:8c:59:7b:68:1a:2c:8d:
+                    71:bb:6c:00:c7:1a:ce:6f:40:92:b1:a3:2f:0f:d9:
+                    44:f2:a3:70:2e:9e:ee:0e:ae:32:d0:3b:3e:8b:07:
+                    ea:e6:79:b3:5c:29:e2:7d:6b:a8:5e:f9:5a:31:e8:
+                    08:96:a2:8c:03:98:46:f1:b8:7d:90:54:26:ed:76:
+                    62:fe:9e:e9:9a:6e:5e:c9:49:c7:5c:34:53:29:54:
+                    d9:ec:e4:46:e1:80:3b:75:d9:df:fb:79:d5:87:f1:
+                    ba:9e:eb:19:ce:4c:52:73:e6:5b:87:ae:25:4f:39:
+                    79:cc:c6:b8:f9:10:7b:ec:f0:9b:71:a4:05:a0:d3:
+                    29:d3:4e:7f:1f:f4:2d:28:78:cc:55:95:7b:1e:91:
+                    2f:cc:56:18:73:8b:b2:db:bc:69:07:e6:d0:d8:4f:
+                    ed:a2:ff:58:85:a3:6d:e0:4a:53:b7:67:7d:8d:0c:
+                    5c:5b:7b:77:28:02:35:44:7a:04:d3:28:43:c8:6b:
+                    30:17:5d:32:b8:29:35:ba:76:da:3b:14:4a:76:18:
+                    58:a4:f8:92:3c:9e:4d:33:6f:46:6b:08:d9:31:48:
+                    68:dd:f4:fb:24:56:34:b2:cf:69:66:be:48:d2:8a:
+                    66:22:cd:f2:69:cd:c2:53:13:45:29:41:22:d6:5d:
+                    98:1f:b6:a4:b2:a3:c2:ee:02:2f:51:1b:dc:83:a4:
+                    ec:70:25:a8:d4:08:61:32:6f:e4:a1:81:2e:7c:63:
+                    72:fa:29:65:bc:70:44:cf:5d
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        55:9a:34:6a:22:06:69:09:45:33:c7:ae:a9:5c:c7:09:4e:9b:
+        86:bc:41:90:d4:94:52:f6:cd:23:29:94:4b:22:cd:e8:bd:fe:
+        9d:cd:52:f2:bd:ed:ab:87:c9:ab:ab:46:04:b4:bd:a2:3f:22:
+        30:47:50:c0:4b:8c:76:0f:03:f5:92:d2:b1:2d:c4:7a:35:9c:
+        c9:73:87:eb:a6:9f:de:0f:73:8d:d3:7f:99:d8:ba:8f:6f:c4:
+        f3:be:1a:ae:8b:a2:94:36:90:e2:e5:eb:8d:05:f4:fc:65:df:
+        95:f1:c4:94:4d:17:56:d7:9f:3c:8f:50:3c:e7:77:bf:95:86:
+        26:64:fb:6a:ff:c6:da:e9:8c:ae:42:bb:69:e5:33:c6:d8:e9:
+        0d:c6:55:21:49:c1:0c:b4:a3:f9:9b:4b:5c:de:83:4f:41:03:
+        ce:2a:79:68:38:7d:f0:54:49:20:f5:b6:10:ff:08:dc:33:66:
+        96:9b:ff:06:de:00:9e:d7:ce:56:43:9a:51:fc:70:cd:f6:f0:
+        51:a3:b7:cd:b4:5c:85:62:cd:71:b7:c6:2b:23:2b:dd:c3:6e:
+        40:42:fa:37:ff:37:1c:f6:7a:57:94:87:85:23:d7:d4:c9:c7:
+        5f:c1:4d:2f:c9:0d:d7:5c:ec:9c:25:ee:9e:30:82:91:96:72:
+        b8:75:1d:f8:09:68:57:97:b2:2d:4b:ee:25:ec:7a:24:29:ee:
+        72:d4:9c:13:db:ab:dc:03:0a:d8:4a:14:c9:08:57:44:5d:a1:
+        b5:53:80:34:f2:14:97:cf:52:de:a2:0e:8a:10:e9:14:ef:d0:
+        60:be:61:a1:f1:25:5d:d5:18:73:3f:93:10:ca:96:ee:b3:40:
+        d2:db:a3:55:cf:57:5a:a5:0e:4f:75:47:df:ea:f7:90:9a:6d:
+        f5:70:2e:1d:14:1c:37:64:04:59:50:b0:dc:72:86:6f:9c:37:
+        3d:5d:28:af:73:55:ef:d2:ee:24:74:74:13:ef:dc:db:31:49:
+        fb:3f:63:f5:d3:08:3e:33:a5:e7:9d:0a:de:53:2c:51:8e:67:
+        db:9b:41:65:41:50:bd:d4:a4:96:6c:87:bc:12:e0:94:c7:d3:
+        c0:e4:cb:73:58:00:83:e1:ac:27:85:d6:9d:53:9d:5c:bd:0a:
+        3e:03:43:9c:0c:91:f5:6d:7b:f8:40:72:75:ab:11:76:91:2b:
+        e1:c6:aa:1f:70:69:76:70:15:09:fe:93:d0:d6:2d:b7:15:6a:
+        9b:67:5c:b4:69:9f:25:a6:7d:8a:fb:7d:22:a9:71:f2:ce:4e:
+        8c:b8:21:2d:de:fe:41:71:0d:ff:9d:ec:73:a6:bb:07:4f:88:
+        0e:58:47:2e:7e:a9:c2:c7:78:dd:ba:7a:9e:4e:e0:30:4e:63:
+        6f:85:d4:20:41:e9:fa:fe:43:45:e7:fb:af:7a:b2:ce:a4:05:
+        1d:22:9a:58:86:df:e4:ce:4c:a9:fe:d8:16:a5:6f:fb:d8:ce:
+        56:7b:f5:d6:20:ef:e4:47:cd:63:24:ff:b9:be:f1:48:a3:c1:
+        01:72:e6:bd:c0:ad:ed:26:0d:ca:34:9f:fc:02:2d:20:4f:05:
+        20:ae:21:3d:0c:c2:20:3c:3f:f0:04:84:dc:cf:89:fd:b9:25:
+        91:8e:d0:43:e6:b3:20:ab:5c:2d:d5:40:9e:a0:4b:d8:f4:b2:
+        cc:7d:f1:58:0a:8e:87:ed:88:ac:36:96:e4:56:a0:11:8a:f2:
+        9a:d0:b3:57:a3:34:bb:19:ab:38:e1:74:6b:22:c4:31:ce:01:
+        d5:1b:36:e3:1e:38:4c:33:93:df:40:e3:59:57:4e:ac:6e:7b:
+        1e:5a:3d:c5:1d:5b:ac:c8:10:82:35:02:22:b2:fc:75:e8:10:
+        91:8d:c4:7d:78:93:47:9e:1c:9d:ac:6b:62:02:58:8c:d6:1c:
+        23:d6:af:78:c2:80:9c:a4:aa:24:54:14:b5:14:98:c6:f8:2b:
+        1a:24:cb:71:32:0a:e2:9b:0e:69:6b:dd:7e:8c:64:d1:2e:63:
+        ef:0e:7f:b1:3e:88:4c:9d:55:e5:c9:6e:17:04:b7:41:ff:bd:
+        8a:41:cb:25:31:6f:44:77:3f:47:b1:fc:81:88:07:8e:05:49:
+        20:b7:11:d9:69:03:2a:03:9d:b9:33:84:9a:df:df:7a:e3:46:
+        73:a3:d8:a2:8c:53:19:88:55:4c:74:b8:f6:44:84:2b:d1:14:
+        2d:4e:39:2e:92:68:ff:69:fc:85:62:1b:eb:55:4f:ef:25:84:
+        62:45:99:d6:d8:4e:6f:3f:53:08:7d:1d:06:95:81:80:7f:4f:
+        4e:74:36:98:b5:e2:87:70:98:dc:d7:f5:dc:52:15:e6:c6:d6:
+        79:96:39:7f:8f:95:cf:ab:80:53:ad:1b:0b:45:40:0e:d4:18:
+        bd:2c:de:8a:77:76:fd:f2:44:47:c6:21:d0:e4:74:f0:d8:18:
+        05:c8:7c:30:72:c7:df:f1:bb:fc:02:30:a9:f4:42:26:59:0d:
+        93:05:82:a1:73:ed:34:e5:38:5d:cd:50:90:fe:94:fc:13:bc:
+        bd:fc:a8:a2:88:a7:73:c4:b2:a8:d1:5d:88:c4:02:a2:7a:f1:
+        04:c9:fe:8c:74:c9:ef:1d:64:41:9f:ac:1e:96:67:64:ac:ab:
+        28:41:c7:9d:f7:c0:98:1b:6e:07:c2:64:7d:5a:83:66:56:28:
+        36:9c:e7:fb:1c:77:0e:28:a0:c4:f7:6b:79:39:04:20:84:c7:
+        57:93:bc:1b:a0:ea:bc:eb:42:e5:a8:11:fe:fc:ac:65:cc:fd:
+        f8:28:88:f4:a5:9a:e5:73:51:e0:a8:9b:0d:03:77:4e:e5:e0:
+        98:b3:88:da:7d:e6:c6:9e:7c:14:66:c1:2e:53:4a:92:07:37:
+        a0:7e:e9:3d:09:e4:15:7c:cf:fd:b8:41:a5:ef:9e:66:9d:c4:
+        5e:07:1d:87:f8:41:ad:ea:e7:2f:d2:41:63:18:37:f9:14:e3:
+        4d:d0:e5:f7:43:fd:15:e3:f9:36:73:06:26:df:01:4f:a9:c3:
+        4e:de:20:46:77:98:b4:7a:24:2b:3b:75:2b:4e:58:8d:9b:5d:
+        a4:c7:16:a0:bc:32:88:3f:a1:83:f3:00:c8:f8:d8:58:e9:63:
+        5d:4c:2b:b5:f0:72:41:d8:ab:77:37:d6:72:74:ae:b6:36:9c:
+        c8:a6:83:49:4b:e0:c9:56:0b:29:be:00:30:cb:dd:d6:c8:42:
+        8a:00:d9:ec:15:d1:34:71:f2:5b:64:87:f6:27:d2:b7:eb:86:
+        b0:90:bf:29:db:21:9e:36:8c:e3:20:2f:95:23:51:6c:1b:c2:
+        a4:d5:e6:d8:02:43:67:a0:fe:9b:50:03:44:7f:bb:e4:72:d5:
+        d1:e4:da:8f:92:14:64:fb:5d:14:10:12:4a:95:06:c9:65:08:
+        29:ca:21:a3:26:38:11:c9:27:df:70:67:04:fd:ca:48:32:7f:
+        63:b2:45:74:31:50:4f:87:d9:20:70:d2:21:70:b1:d6:10:9d:
+        33:5d:78:83:91:6d:55:82:ec:da:e4:62:63:c7:81:46:d7:19:
+        65:72:2a:43:19:90:b8:d7:23:4d:4c:1c:e0:44:a9:66:67:ac:
+        ee:71:79:27:26:78:6d:72:0e:f5:5d:4b:23:b5:7c:7c:65:e9:
+        17:c6:3a:0b:0d:dd:5e:1e:51:c3:86:b8:ec:7f:c7:27:4a:a5:
+        46:e8:6a:2d:19:c1:87:a3:cb:99:93:87:64:a2:55:14:4c:b7:
+        43:a5:93:d7:e7:d2:4e:79:40:ca:65:99:46:3d:3f:7a:80:7a:
+        88:6a:cc:1e:e5:6b:33:46:f4:50:c0:d5:1f:09:b8:cd:8a:2e:
+        a1:27:eb:5d:73:a7:e8:6b:0a:e5:57:82:2a:b0:fc:e2:54:52:
+        56:f0:ab:a9:12:c6:23:96:07:24:9c:e0:bc:46:a5:b4:20:04:
+        da:09:93:63:e5:d4:2e:c2:7e:c5:31:ed:b5:15:74:86:17:b9:
+        b3:f3:26:8a:1d:02:6a:da:1a:3f:e8:ba:f1:04:6d:94:51:54:
+        e2:5a:b4:59:83:1d:60:d0:2d:73:cc:07:b5:26:8c:f9:d7:c6:
+        88:91:ef:80:cf:5d:0f:a1:60:cb:45:d4:42:22:d1:b1:70:1d:
+        fd:d0:b7:30:90:3a:c6:48:6d:67:e5:32:da:8f:db:e3:a8:e3:
+        1d:20:25:a2:1c:e1:4c:b9:a4:f6:c6:3f:5c:58:0d:bb:c6:b2:
+        77:01:16:91:9f:17:06:0d:b7:40:3e:cc:8f:8e:9c:4b:e0:9d:
+        7e:9b:1e:05:ab:88:22:fa:d3:28:1b:57:14:64:4a:3e:24:2c:
+        38:4d:21:69:00:73:2e:d0:55:2d:74:f2:15:e8:94:43:3e:40:
+        2a:c6:c6:b9:6a:5b:de:a2:cc:18:50:54:5d:4e:2a:85:6c:f6:
+        92:8b:29:19:7e:e7:ea:4a:e0:22:2b:25:bc:f7:66:cf:77:9a:
+        41:74:f2:3c:14:0d:74:69:f5:50:83:cd:cd:2f:21:db:22:46:
+        8a:d0:f7:51:1a:95:57:f2:05:8b:1a:19:ed:3b:45:e8:36:c2:
+        6e:7e:fb:57:22:00:1f:06:53:a9:ae:93:c6:8f:71:2a:31:45:
+        92:e7:8e:6d:e6:99:22:c0:83:fc:ef:dc:57:66:77:4f:a2:36:
+        31:fb:a1:13:8d:e5:ca:a3:95:7d:01:0c:64:70:3b:53:42:68:
+        80:c7:bb:9d:a8:00:35:69:98:0c:a8:67:d8:43:e5:aa:cf:95:
+        e0:51:95:a4:17:3f:42:9d:b8:04:ce:d3:79:79:c8:d3:8a:16:
+        32:92:e0:d7:a2:ee:d7:37:4c:2f:ac:b8:7b:be:45:f6:f1:18:
+        33:9c:7b:37:a6:24:d9:bc:40:ab:00:e9:c3:37:8b:ab:d8:b6:
+        f3:5e:81:4e:b0:14:6b:07:3e:1f:ec:c2:f6:44:22:95:bb:b3:
+        e6:6f:d6:f9:70:65:ba:0a:83:65:aa:0e:13:2f:83:13:23:53:
+        8b:40:16:fa:ce:2f:fc:4d:04:f8:eb:d8:ac:c5:36:c2:15:57:
+        48:38:ec:55:b3:b4:1e:ba:ad:d2:42:06:17:0d:73:c8:57:a6:
+        be:96:4d:a9:f2:c0:fb:7a:21:1c:f5:c9:70:a9:82:90:b5:f1:
+        0c:d4:79:10:be:81:a6:e9:5c:61:9c:77:79:9a:a4:c3:37:26:
+        57:37:c9:52:2c:fa:08:ff:d0:5f:c6:61:c0:f4:76:be:fc:de:
+        4e:cf:ab:51:99:71:c7:df:7e:f4:d6:cf:06:56:19:13:53:0b:
+        6d:74:59:48:19:9b:53:05:2d:9d:32:54:d3:e5:2c:53:8b:64:
+        3e:d4:64:7b:e3:80:09:14:cc:fe:16:46:63:6b:71:69:f8:f9:
+        cb:27:f6:88:54:bc:45:b3:ce:02:c8:94:ee:40:5b:f9:42:02:
+        c2:ff:b0:d8:2c:eb:28:7f:5e:c9:26:01:99:a7
+
+UPS Document Exchange by DST
+============================
+MD5 Fingerprint: 78:A5:FB:10:4B:E4:63:2E:D2:6B:FB:F2:B6:C2:4B:8E
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIID+DCCAuACEQDQHkCLAAACfAAAAAcAAAABMA0GCSqGSIb3DQEBBQUAMIG5MQsw
+CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
+dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjEeMBwGA1UE
+CxMVVW5pdGVkIFBhcmNlbCBTZXJ2aWNlMRkwFwYDVQQDExBEU1QgKFVQUykgUm9v
+dENBMSEwHwYJKoZIhvcNAQkBFhJjYUBkaWdzaWd0cnVzdC5jb20wHhcNOTgxMjEw
+MDAyNTQ2WhcNMDgxMjA3MDAyNTQ2WjCBuTELMAkGA1UEBhMCdXMxDTALBgNVBAgT
+BFV0YWgxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MSQwIgYDVQQKExtEaWdpdGFs
+IFNpZ25hdHVyZSBUcnVzdCBDby4xHjAcBgNVBAsTFVVuaXRlZCBQYXJjZWwgU2Vy
+dmljZTEZMBcGA1UEAxMQRFNUIChVUFMpIFJvb3RDQTEhMB8GCSqGSIb3DQEJARYS
+Y2FAZGlnc2lndHJ1c3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA7xfsrynm2SsnwNt7JJ9m9ASjwq0KyrDNhCuqN/OAoWDvQo/lXXdfV0JU3Svb
+YbJxXpN7b1/rJCvnpPLr8XOzC431Wdcy36yQjk4xuiVNtgym8eWvDOHlb1IDFcHf
+vn5KpqYYRnA/76dNqNz1dNlhekA8oZQo6sKUiMs3FQUZPJViuhwt+yiM0ciekjxb
+EVQ7eNlHO5stSuY+e2vf9PYFzyj2upg2AJ48N4UKnN63pIXFY/23YhRtFx7MioCF
+QjIRsCHinXfJgBZBnuvlFIl/t8O8T8Gfh5uW7GP2+ZBWDpWjIwqMZNqbuxx3sExd
+5sjo9X15LVckP8zjPSyYzxKfFwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQC7OI4E
+IiZYDiFEVsy9WXwpaMtcD8iGVD+BeKetj8xG9xxUuHktW3IFaugh0OwdHf6kNFG+
+7u3OzJwWaOJddXMIQzGRahArEMJLafjJrZio/bjv9qvwXyHvy4VrCe0vSGa1YHLA
+6KDHmNsO9xtzjTQICnvFd2KqMCObsB6LgJhU3AWHs6liWfyLtxWarETszzUa9w8u
+XZJLAch77qA37eQdgg2ZQUMXrdTVyuP5fReiAdAwD0C53LkEgmmDtvkP+gaS96j0
+1hcc8F5/xCnI5uHi/zZoIVGu/6m6hJKtinsz2JDSwXltMzM5dKwbOHGfLAeQ6h3g
+04lfy+8UjSdUpb1G
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            d0:1e:40:8b:00:00:02:7c:00:00:00:07:00:00:00:01
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=United Parcel Service, CN=DST (UPS) RootCA/Email=ca at digsigtrust.com
+        Validity
+            Not Before: Dec 10 00:25:46 1998 GMT
+            Not After : Dec  7 00:25:46 2008 GMT
+        Subject: C=us, ST=Utah, L=Salt Lake City, O=Digital Signature Trust Co., OU=United Parcel Service, CN=DST (UPS) RootCA/Email=ca at digsigtrust.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ef:17:ec:af:29:e6:d9:2b:27:c0:db:7b:24:9f:
+                    66:f4:04:a3:c2:ad:0a:ca:b0:cd:84:2b:aa:37:f3:
+                    80:a1:60:ef:42:8f:e5:5d:77:5f:57:42:54:dd:2b:
+                    db:61:b2:71:5e:93:7b:6f:5f:eb:24:2b:e7:a4:f2:
+                    eb:f1:73:b3:0b:8d:f5:59:d7:32:df:ac:90:8e:4e:
+                    31:ba:25:4d:b6:0c:a6:f1:e5:af:0c:e1:e5:6f:52:
+                    03:15:c1:df:be:7e:4a:a6:a6:18:46:70:3f:ef:a7:
+                    4d:a8:dc:f5:74:d9:61:7a:40:3c:a1:94:28:ea:c2:
+                    94:88:cb:37:15:05:19:3c:95:62:ba:1c:2d:fb:28:
+                    8c:d1:c8:9e:92:3c:5b:11:54:3b:78:d9:47:3b:9b:
+                    2d:4a:e6:3e:7b:6b:df:f4:f6:05:cf:28:f6:ba:98:
+                    36:00:9e:3c:37:85:0a:9c:de:b7:a4:85:c5:63:fd:
+                    b7:62:14:6d:17:1e:cc:8a:80:85:42:32:11:b0:21:
+                    e2:9d:77:c9:80:16:41:9e:eb:e5:14:89:7f:b7:c3:
+                    bc:4f:c1:9f:87:9b:96:ec:63:f6:f9:90:56:0e:95:
+                    a3:23:0a:8c:64:da:9b:bb:1c:77:b0:4c:5d:e6:c8:
+                    e8:f5:7d:79:2d:57:24:3f:cc:e3:3d:2c:98:cf:12:
+                    9f:17
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        bb:38:8e:04:22:26:58:0e:21:44:56:cc:bd:59:7c:29:68:cb:
+        5c:0f:c8:86:54:3f:81:78:a7:ad:8f:cc:46:f7:1c:54:b8:79:
+        2d:5b:72:05:6a:e8:21:d0:ec:1d:1d:fe:a4:34:51:be:ee:ed:
+        ce:cc:9c:16:68:e2:5d:75:73:08:43:31:91:6a:10:2b:10:c2:
+        4b:69:f8:c9:ad:98:a8:fd:b8:ef:f6:ab:f0:5f:21:ef:cb:85:
+        6b:09:ed:2f:48:66:b5:60:72:c0:e8:a0:c7:98:db:0e:f7:1b:
+        73:8d:34:08:0a:7b:c5:77:62:aa:30:23:9b:b0:1e:8b:80:98:
+        54:dc:05:87:b3:a9:62:59:fc:8b:b7:15:9a:ac:44:ec:cf:35:
+        1a:f7:0f:2e:5d:92:4b:01:c8:7b:ee:a0:37:ed:e4:1d:82:0d:
+        99:41:43:17:ad:d4:d5:ca:e3:f9:7d:17:a2:01:d0:30:0f:40:
+        b9:dc:b9:04:82:69:83:b6:f9:0f:fa:06:92:f7:a8:f4:d6:17:
+        1c:f0:5e:7f:c4:29:c8:e6:e1:e2:ff:36:68:21:51:ae:ff:a9:
+        ba:84:92:ad:8a:7b:33:d8:90:d2:c1:79:6d:33:33:39:74:ac:
+        1b:38:71:9f:2c:07:90:ea:1d:e0:d3:89:5f:cb:ef:14:8d:27:
+        54:a5:bd:46
+
+ValiCert Class 1 VA
+===================
+MD5 Fingerprint: 65:58:AB:15:AD:57:6C:1E:A8:A7:B5:69:AC:BF:FF:EB
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNTIyMjM0OFoXDTE5MDYy
+NTIyMjM0OFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYWYJ6ibiWuqYvaG9Y
+LqdUHAZu9OqNSLwxlBfw8068srg1knaw0KWlAdcAAxIiGQj4/xEjm84H9b9pGib+
+TunRf50sQB1ZaG6m+FiwnRqP0z/x3BkGgagO4DrdyFNFCQbmD3DD+kCmDuJWBQ8Y
+TfwggtFzVXSNdnKgHZ0dwN0/cQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFBoPUn0
+LBwGlN+VYH+Wexf+T3GtZMjdd9LvWVXoP+iOBSoh8gfStadS/pyxtuJbdxdA6nLW
+I8sogTLDAHkY7FkXicnGah5xyf23dKUlRWnFSKsZ4UWKJWsZ7uW7EvV/96aNUcPw
+nXS3qT6gpf+2SQMT2iLM7XGCK5nPOrf1LXLI
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 1 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com
+        Validity
+            Not Before: Jun 25 22:23:48 1999 GMT
+            Not After : Jun 25 22:23:48 2019 GMT
+        Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 1 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d8:59:82:7a:89:b8:96:ba:a6:2f:68:6f:58:2e:
+                    a7:54:1c:06:6e:f4:ea:8d:48:bc:31:94:17:f0:f3:
+                    4e:bc:b2:b8:35:92:76:b0:d0:a5:a5:01:d7:00:03:
+                    12:22:19:08:f8:ff:11:23:9b:ce:07:f5:bf:69:1a:
+                    26:fe:4e:e9:d1:7f:9d:2c:40:1d:59:68:6e:a6:f8:
+                    58:b0:9d:1a:8f:d3:3f:f1:dc:19:06:81:a8:0e:e0:
+                    3a:dd:c8:53:45:09:06:e6:0f:70:c3:fa:40:a6:0e:
+                    e2:56:05:0f:18:4d:fc:20:82:d1:73:55:74:8d:76:
+                    72:a0:1d:9d:1d:c0:dd:3f:71
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        50:68:3d:49:f4:2c:1c:06:94:df:95:60:7f:96:7b:17:fe:4f:
+        71:ad:64:c8:dd:77:d2:ef:59:55:e8:3f:e8:8e:05:2a:21:f2:
+        07:d2:b5:a7:52:fe:9c:b1:b6:e2:5b:77:17:40:ea:72:d6:23:
+        cb:28:81:32:c3:00:79:18:ec:59:17:89:c9:c6:6a:1e:71:c9:
+        fd:b7:74:a5:25:45:69:c5:48:ab:19:e1:45:8a:25:6b:19:ee:
+        e5:bb:12:f5:7f:f7:a6:8d:51:c3:f0:9d:74:b7:a9:3e:a0:a5:
+        ff:b6:49:03:13:da:22:cc:ed:71:82:2b:99:cf:3a:b7:f5:2d:
+        72:c8
+
+ValiCert Class 2 VA
+===================
+MD5 Fingerprint: A9:23:75:9B:BA:49:36:6E:31:C2:DB:F2:E7:66:BA:87
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
+NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY
+dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9
+WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS
+v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v
+UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu
+IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
+W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com
+        Validity
+            Not Before: Jun 26 00:19:54 1999 GMT
+            Not After : Jun 26 00:19:54 2019 GMT
+        Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ce:3a:71:ca:e5:ab:c8:59:92:55:d7:ab:d8:74:
+                    0e:f9:ee:d9:f6:55:47:59:65:47:0e:05:55:dc:eb:
+                    98:36:3c:5c:53:5d:d3:30:cf:38:ec:bd:41:89:ed:
+                    25:42:09:24:6b:0a:5e:b3:7c:dd:52:2d:4c:e6:d4:
+                    d6:7d:5a:59:a9:65:d4:49:13:2d:24:4d:1c:50:6f:
+                    b5:c1:85:54:3b:fe:71:e4:d3:5c:42:f9:80:e0:91:
+                    1a:0a:5b:39:36:67:f3:3f:55:7c:1b:3f:b4:5f:64:
+                    73:34:e3:b4:12:bf:87:64:f8:da:12:ff:37:27:c1:
+                    b3:43:bb:ef:7b:6e:2e:69:f7
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        3b:7f:50:6f:6f:50:94:99:49:62:38:38:1f:4b:f8:a5:c8:3e:
+        a7:82:81:f6:2b:c7:e8:c5:ce:e8:3a:10:82:cb:18:00:8e:4d:
+        bd:a8:58:7f:a1:79:00:b5:bb:e9:8d:af:41:d9:0f:34:ee:21:
+        81:19:a0:32:49:28:f4:c4:8e:56:d5:52:33:fd:50:d5:7e:99:
+        6c:03:e4:c9:4c:fc:cb:6c:ab:66:b3:4a:21:8c:e5:b5:0c:32:
+        3e:10:b2:cc:6c:a1:dc:9a:98:4c:02:5b:f3:ce:b9:9e:a5:72:
+        0e:4a:b7:3f:3c:e6:16:68:f8:be:ed:74:4c:bc:5b:d5:62:1f:
+        43:dd
+
+ValiCert Class 3 VA
+===================
+MD5 Fingerprint: A2:6F:53:B7:EE:40:DB:4A:68:E7:FA:18:D9:10:4B:72
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMjIzM1oXDTE5MDYy
+NjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjmFGWHOjVsQaBalfD
+cnWTq8+epvzzFlLWLU2fNUSoLgRNB0mKOCn1dzfnt6td3zZxFJmP3MKS8edgkpfs
+2Ejcv8ECIMYkpChMMFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89HBFx1cQqY
+JJgpp0lZpd34t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliE
+Zwgs3x/be0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJ
+n0WuPIqpsHEzXcjFV9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/A
+PhmcGcwTTYJBtYze4D1gCCAPRX5ron+jjBXu
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com
+        Validity
+            Not Before: Jun 26 00:22:33 1999 GMT
+            Not After : Jun 26 00:22:33 2019 GMT
+        Subject: L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 3 Policy Validation Authority, CN=http://www.valicert.com//Email=info@valicert.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e3:98:51:96:1c:e8:d5:b1:06:81:6a:57:c3:72:
+                    75:93:ab:cf:9e:a6:fc:f3:16:52:d6:2d:4d:9f:35:
+                    44:a8:2e:04:4d:07:49:8a:38:29:f5:77:37:e7:b7:
+                    ab:5d:df:36:71:14:99:8f:dc:c2:92:f1:e7:60:92:
+                    97:ec:d8:48:dc:bf:c1:02:20:c6:24:a4:28:4c:30:
+                    5a:76:6d:b1:5c:f3:dd:de:9e:10:71:a1:88:c7:5b:
+                    9b:41:6d:ca:b0:b8:8e:15:ee:ad:33:2b:cf:47:04:
+                    5c:75:71:0a:98:24:98:29:a7:49:59:a5:dd:f8:b7:
+                    43:62:61:f3:d3:e2:d0:55:3f
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        56:bb:02:58:84:67:08:2c:df:1f:db:7b:49:33:f5:d3:67:9d:
+        f4:b4:0a:10:b3:c9:c5:2c:e2:92:6a:71:78:27:f2:70:83:42:
+        d3:3e:cf:a9:54:f4:f1:d8:92:16:8c:d1:04:cb:4b:ab:c9:9f:
+        45:ae:3c:8a:a9:b0:71:33:5d:c8:c5:57:df:af:a8:35:b3:7f:
+        89:87:e9:e8:25:92:b8:7f:85:7a:ae:d6:bc:1e:37:58:2a:67:
+        c9:91:cf:2a:81:3e:ed:c6:39:df:c0:3e:19:9c:19:cc:13:4d:
+        82:41:b5:8c:de:e0:3d:60:08:20:0f:45:7e:6b:a2:7f:a3:8c:
+        15:ee
+
+VeriSign Class 4 Primary CA
+===========================
+MD5 Fingerprint: 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
+Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
+biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
+9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
+IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
+O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
+AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
+g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
+yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            02:a6:00:00:01
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority
+        Validity
+            Not Before: Jan 29 00:00:00 1996 GMT
+            Not After : Dec 31 23:59:59 1999 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:d0:b2:75:f6:78:d0:ae:5a:50:f4:e9:50:a9:9f:
+                    8c:d7:ef:91:94:70:e8:d2:24:90:76:89:85:d6:df:
+                    ac:e6:01:17:32:80:f0:9d:93:47:bc:9a:65:9d:1f:
+                    97:ae:bf:e9:86:75:63:20:89:bd:80:58:9d:04:0c:
+                    9d:a8:c1:24:e9:0b:e5:31:78:bd:fc:2d:0c:37:6a:
+                    9e:78:80:e9:46:75:f9:ed:a3:fb:13:7b:c8:c1:4c:
+                    d2:a3:ef:f5:3c:b0:62:8f:4a:5d:3b:dd:95:67:8f:
+                    13:b9:c1:3c:d6:a7:26:9b:ec:c3:3b:7a:d9:4d:bc:
+                    6d:9b:e8:15:01:e3:f0:47:a9
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        53:dd:d3:f0:9c:24:7e:40:aa:e2:fc:00:1a:d7:da:0c:fc:32:
+        61:b8:15:0d:96:f3:fa:57:1b:7f:33:7c:af:e9:98:9a:61:c8:
+        7a:b3:b7:ff:b1:dc:99:83:dc:ac:12:fc:70:c9:1f:38:42:ed:
+        44:f6:80:2e:5b:6b:33:69:ac:9c:d3:5c:e7:5f:5a:18:c7:b1:
+        2d:79:04:96:41:91:99:41:b1:3c:0d:ba:84:39:c6:3b:97:f0:
+        26:c9:8e:ee:bd:cc:42:95:ff:1e:c7:02:3f:54:0c:78:f5:bc:
+        aa:60:7c:02:69:e8:dc:ac:e2:02:76:61:c4:3e:03:ea:d2:8a:
+        24:d1
+
+Verisign Class 1 Public Primary Certification Authority
+=======================================================
+MD5 Fingerprint: 97:60:E8:57:5F:D3:50:47:E5:43:0C:94:36:8A:B0:62
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICPTCCAaYCEQDNun9W8N/kvFT+IqyzcqpVMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
+c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
+NjAxMjkwMDAwMDBaFw0yODA4MDEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
+VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJp
+bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
+jQAwgYkCgYEA5Rm/baNWYS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0N
+H8xlbgyw0FaEGIeaBpsQoXPftFg5a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR
+4k5FVmkfeAKA2txHkSm7NsljXMXg1y2He6G3MrB7MLoqLzGq7qNn2tsCAwEAATAN
+BgkqhkiG9w0BAQIFAAOBgQBMP7iLxmjf7kMzDl3ppssHhE16M/+SG/Q2rdiVIjZo
+EWx8QszznC7EBz8UsA9P/5CSdvnivErpj82ggAr3xSnxgiJduLHdgSOjeyUVRjB5
+FvjqBUuUfx3CHMjjt/QQQDwTw18fU+hI5Ia0e6E1sHslurjTjqs/OJ0ANACY89Fx
+lA==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            cd:ba:7f:56:f0:df:e4:bc:54:fe:22:ac:b3:72:aa:55
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority
+        Validity
+            Not Before: Jan 29 00:00:00 1996 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:e5:19:bf:6d:a3:56:61:2d:99:48:71:f6:67:de:
+                    b9:8d:eb:b7:9e:86:80:0a:91:0e:fa:38:25:af:46:
+                    88:82:e5:73:a8:a0:9b:24:5d:0d:1f:cc:65:6e:0c:
+                    b0:d0:56:84:18:87:9a:06:9b:10:a1:73:df:b4:58:
+                    39:6b:6e:c1:f6:15:d5:a8:a8:3f:aa:12:06:8d:31:
+                    ac:7f:b0:34:d7:8f:34:67:88:09:cd:14:11:e2:4e:
+                    45:56:69:1f:78:02:80:da:dc:47:91:29:bb:36:c9:
+                    63:5c:c5:e0:d7:2d:87:7b:a1:b7:32:b0:7b:30:ba:
+                    2a:2f:31:aa:ee:a3:67:da:db
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        4c:3f:b8:8b:c6:68:df:ee:43:33:0e:5d:e9:a6:cb:07:84:4d:
+        7a:33:ff:92:1b:f4:36:ad:d8:95:22:36:68:11:6c:7c:42:cc:
+        f3:9c:2e:c4:07:3f:14:b0:0f:4f:ff:90:92:76:f9:e2:bc:4a:
+        e9:8f:cd:a0:80:0a:f7:c5:29:f1:82:22:5d:b8:b1:dd:81:23:
+        a3:7b:25:15:46:30:79:16:f8:ea:05:4b:94:7f:1d:c2:1c:c8:
+        e3:b7:f4:10:40:3c:13:c3:5f:1f:53:e8:48:e4:86:b4:7b:a1:
+        35:b0:7b:25:ba:b8:d3:8e:ab:3f:38:9d:00:34:00:98:f3:d1:
+        71:94
+
+Verisign Class 1 Public Primary Certification Authority - G2
+============================================================
+MD5 Fingerprint: F2:7D:E9:54:E4:A3:22:0D:76:9F:E7:0B:BB:B3:24:2B
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAmsCEDnKVIn+UCIy/jLZ2/sbhBkwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTE4MDUxODIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMSBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQCq0Lq+Fi24g9TK0g+8djHKlNgdk4xWArzZbxpvUjZudVYK
+VdPfQ4chEWWKfo+9Id5rMj8bhDSVBZ1BNeuS65bdqlk/AVNtmU/t5eIqWpDBucSm
+Fc/IReumXY6cPvBkJHalzasab7bYe1FhbqZ/h8jit+U03EGI6glAvnOSPWvndQID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAIv3GhDOdlwHq4OZ3BeAbzQ5XZg+a3Is4cei
+e0ApuXiIukzFo2penm574/ICQQxmvq37rqIUzpLzojSLtLK2JPLl1eDI5WJthHvL
+vrsDi3xXyvA3qZCviu4Dvh0onNkmdqDNxJ1O8K4HFtW+r1cIatCgQkJCHvQgzKV4
+gpUmOIpH
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            39:ca:54:89:fe:50:22:32:fe:32:d9:db:fb:1b:84:19
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Validity
+            Not Before: May 18 00:00:00 1998 GMT
+            Not After : May 18 23:59:59 2018 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:aa:d0:ba:be:16:2d:b8:83:d4:ca:d2:0f:bc:76:
+                    31:ca:94:d8:1d:93:8c:56:02:bc:d9:6f:1a:6f:52:
+                    36:6e:75:56:0a:55:d3:df:43:87:21:11:65:8a:7e:
+                    8f:bd:21:de:6b:32:3f:1b:84:34:95:05:9d:41:35:
+                    eb:92:eb:96:dd:aa:59:3f:01:53:6d:99:4f:ed:e5:
+                    e2:2a:5a:90:c1:b9:c4:a6:15:cf:c8:45:eb:a6:5d:
+                    8e:9c:3e:f0:64:24:76:a5:cd:ab:1a:6f:b6:d8:7b:
+                    51:61:6e:a6:7f:87:c8:e2:b7:e5:34:dc:41:88:ea:
+                    09:40:be:73:92:3d:6b:e7:75
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        8b:f7:1a:10:ce:76:5c:07:ab:83:99:dc:17:80:6f:34:39:5d:
+        98:3e:6b:72:2c:e1:c7:a2:7b:40:29:b9:78:88:ba:4c:c5:a3:
+        6a:5e:9e:6e:7b:e3:f2:02:41:0c:66:be:ad:fb:ae:a2:14:ce:
+        92:f3:a2:34:8b:b4:b2:b6:24:f2:e5:d5:e0:c8:e5:62:6d:84:
+        7b:cb:be:bb:03:8b:7c:57:ca:f0:37:a9:90:af:8a:ee:03:be:
+        1d:28:9c:d9:26:76:a0:cd:c4:9d:4e:f0:ae:07:16:d5:be:af:
+        57:08:6a:d0:a0:42:42:42:1e:f4:20:cc:a5:78:82:95:26:38:
+        8a:47
+
+Verisign Class 1 Public Primary Certification Authority - G3
+============================================================
+MD5 Fingerprint: B1:47:BC:18:57:D1:18:A0:78:2D:EC:71:E8:2A:95:73
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4
+nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO
+8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV
+ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb
+PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2
+6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr
+n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a
+qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4
+wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3
+ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs
+pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4
+E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7g==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            8b:5b:75:56:84:54:85:0b:00:cf:af:38:48:ce:b1:a4
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3
+        Validity
+            Not Before: Oct  1 00:00:00 1999 GMT
+            Not After : Jul 16 23:59:59 2036 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:dd:84:d4:b9:b4:f9:a7:d8:f3:04:78:9c:de:3d:
+                    dc:6c:13:16:d9:7a:dd:24:51:66:c0:c7:26:59:0d:
+                    ac:06:08:c2:94:d1:33:1f:f0:83:35:1f:6e:1b:c8:
+                    de:aa:6e:15:4e:54:27:ef:c4:6d:1a:ec:0b:e3:0e:
+                    f0:44:a5:57:c7:40:58:1e:a3:47:1f:71:ec:60:f6:
+                    6d:94:c8:18:39:ed:fe:42:18:56:df:e4:4c:49:10:
+                    78:4e:01:76:35:63:12:36:dd:66:bc:01:04:36:a3:
+                    55:68:d5:a2:36:09:ac:ab:21:26:54:06:ad:3f:ca:
+                    14:e0:ac:ca:ad:06:1d:95:e2:f8:9d:f1:e0:60:ff:
+                    c2:7f:75:2b:4c:cc:da:fe:87:99:21:ea:ba:fe:3e:
+                    54:d7:d2:59:78:db:3c:6e:cf:a0:13:00:1a:b8:27:
+                    a1:e4:be:67:96:ca:a0:c5:b3:9c:dd:c9:75:9e:eb:
+                    30:9a:5f:a3:cd:d9:ae:78:19:3f:23:e9:5c:db:29:
+                    bd:ad:55:c8:1b:54:8c:63:f6:e8:a6:ea:c7:37:12:
+                    5c:a3:29:1e:02:d9:db:1f:3b:b4:d7:0f:56:47:81:
+                    15:04:4a:af:83:27:d1:c5:58:88:c1:dd:f6:aa:a7:
+                    a3:18:da:68:aa:6d:11:51:e1:bf:65:6b:9f:96:76:
+                    d1:3d
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        ab:66:8d:d7:b3:ba:c7:9a:b6:e6:55:d0:05:f1:9f:31:8d:5a:
+        aa:d9:aa:46:26:0f:71:ed:a5:ad:53:56:62:01:47:2a:44:e9:
+        fe:3f:74:0b:13:9b:b9:f4:4d:1b:b2:d1:5f:b2:b6:d2:88:5c:
+        b3:9f:cd:cb:d4:a7:d9:60:95:84:3a:f8:c1:37:1d:61:ca:e7:
+        b0:c5:e5:91:da:54:a6:ac:31:81:ae:97:de:cd:08:ac:b8:c0:
+        97:80:7f:6e:72:a4:e7:69:13:95:65:1f:c4:93:3c:fd:79:8f:
+        04:d4:3e:4f:ea:f7:9e:ce:cd:67:7c:4f:65:02:ff:91:85:54:
+        73:c7:ff:36:f7:86:2d:ec:d0:5e:4f:ff:11:9f:72:06:d6:b8:
+        1a:f1:4c:0d:26:65:e2:44:80:1e:c7:9f:e3:dd:e8:0a:da:ec:
+        a5:20:80:69:68:a1:4f:7e:e1:6b:cf:07:41:fa:83:8e:bc:38:
+        dd:b0:2e:11:b1:6b:b2:42:cc:9a:bc:f9:48:22:79:4a:19:0f:
+        b2:1c:3e:20:74:d9:6a:c3:be:f2:28:78:13:56:79:4f:6d:50:
+        ea:1b:b0:b5:57:b1:37:66:58:23:f3:dc:0f:df:0a:87:c4:ef:
+        86:05:d5:38:14:60:99:a3:4b:de:06:96:71:2c:f2:db:b6:1f:
+        a4:ef:3f:ee
+
+Verisign Class 2 Public Primary Certification Authority
+=======================================================
+MD5 Fingerprint: B3:9C:25:B1:C3:2E:32:53:80:15:30:9D:4D:02:77:3E
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEC0b/EoXjaOR6+f/9YtFvgswDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAyIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQC2WoujDWojg4BrzzmH9CETMwZMJaLtVRKXxaeAufqDwSCg+i8VDXyh
+YGt+eSz6Bg86rvYbb7HS/y8oUl+DfUvEerf4Zh+AVPy3wo5ZShRXRtGak75BkQO7
+FYCTXOvnzAhsPz6zSvz/S2wj1VCCJkQZjiPDceoZJEcEnnW/yKYAHwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBAIobK/o5wXTXXtgZZKJYSi034DNHD6zt96rbHuSLBlxg
+J8pFUs4W7z8GZOeUaHxgMxURaa+dYo2jA1Rrpr7l7gUYYAS/QoD90KioHgE796Nc
+r6Pc5iaAIzy4RHT3Cq5Ji2F4zCS/iIqnDupzGUH9TQPwiNHleI2lKk/2lw0Xd8rY
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            2d:1b:fc:4a:17:8d:a3:91:eb:e7:ff:f5:8b:45:be:0b
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority
+        Validity
+            Not Before: Jan 29 00:00:00 1996 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b6:5a:8b:a3:0d:6a:23:83:80:6b:cf:39:87:f4:
+                    21:13:33:06:4c:25:a2:ed:55:12:97:c5:a7:80:b9:
+                    fa:83:c1:20:a0:fa:2f:15:0d:7c:a1:60:6b:7e:79:
+                    2c:fa:06:0f:3a:ae:f6:1b:6f:b1:d2:ff:2f:28:52:
+                    5f:83:7d:4b:c4:7a:b7:f8:66:1f:80:54:fc:b7:c2:
+                    8e:59:4a:14:57:46:d1:9a:93:be:41:91:03:bb:15:
+                    80:93:5c:eb:e7:cc:08:6c:3f:3e:b3:4a:fc:ff:4b:
+                    6c:23:d5:50:82:26:44:19:8e:23:c3:71:ea:19:24:
+                    47:04:9e:75:bf:c8:a6:00:1f
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        8a:1b:2b:fa:39:c1:74:d7:5e:d8:19:64:a2:58:4a:2d:37:e0:
+        33:47:0f:ac:ed:f7:aa:db:1e:e4:8b:06:5c:60:27:ca:45:52:
+        ce:16:ef:3f:06:64:e7:94:68:7c:60:33:15:11:69:af:9d:62:
+        8d:a3:03:54:6b:a6:be:e5:ee:05:18:60:04:bf:42:80:fd:d0:
+        a8:a8:1e:01:3b:f7:a3:5c:af:a3:dc:e6:26:80:23:3c:b8:44:
+        74:f7:0a:ae:49:8b:61:78:cc:24:bf:88:8a:a7:0e:ea:73:19:
+        41:fd:4d:03:f0:88:d1:e5:78:8d:a5:2a:4f:f6:97:0d:17:77:
+        ca:d8
+
+Verisign Class 2 Public Primary Certification Authority - G2
+============================================================
+MD5 Fingerprint: 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDAzCCAmwCEQC5L2DMiJ+hekYJuFtwbIqvMA0GCSqGSIb3DQEBBQUAMIHBMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0Ns
+YXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH
+MjE6MDgGA1UECxMxKGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9y
+aXplZCB1c2Ugb25seTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazAe
+Fw05ODA1MTgwMDAwMDBaFw0yODA4MDEyMzU5NTlaMIHBMQswCQYDVQQGEwJVUzEX
+MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0NsYXNzIDIgUHVibGlj
+IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjE6MDgGA1UECxMx
+KGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAp4gBIXQs5xoD8JjhlzwPIQjxnNuX6Zr8wgQGE75fUsjM
+HiwSViy4AWkszJkfrbCWrnkE8hM5wXuYuggs6MKEEyyqaekJ9MepAqRCwiNPStjw
+DqL7MWzJ5m+ZJwf15vRMeJ5t60aG+rmGyVTyssSv1EYcWskVMP8NbPUtDm3Of3cC
+AwEAATANBgkqhkiG9w0BAQUFAAOBgQByLvl/0fFx+8Se9sVeUYpAmLho+Jscg9ji
+nb3/7aHmZuovCfTK1+qlK5X2JGCGTUQug6XELaDTrnhpb3LabK4I8GOSN+a7xDAX
+rXfMSTWqz9iP0b63GJZHc2pUIjRkLbYWm1lbtFFZOrMLFPQS32eg9K0yZF6xRnIn
+jBJ7xUS0rg==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            b9:2f:60:cc:88:9f:a1:7a:46:09:b8:5b:70:6c:8a:af
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Validity
+            Not Before: May 18 00:00:00 1998 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:a7:88:01:21:74:2c:e7:1a:03:f0:98:e1:97:3c:
+                    0f:21:08:f1:9c:db:97:e9:9a:fc:c2:04:06:13:be:
+                    5f:52:c8:cc:1e:2c:12:56:2c:b8:01:69:2c:cc:99:
+                    1f:ad:b0:96:ae:79:04:f2:13:39:c1:7b:98:ba:08:
+                    2c:e8:c2:84:13:2c:aa:69:e9:09:f4:c7:a9:02:a4:
+                    42:c2:23:4f:4a:d8:f0:0e:a2:fb:31:6c:c9:e6:6f:
+                    99:27:07:f5:e6:f4:4c:78:9e:6d:eb:46:86:fa:b9:
+                    86:c9:54:f2:b2:c4:af:d4:46:1c:5a:c9:15:30:ff:
+                    0d:6c:f5:2d:0e:6d:ce:7f:77
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        72:2e:f9:7f:d1:f1:71:fb:c4:9e:f6:c5:5e:51:8a:40:98:b8:
+        68:f8:9b:1c:83:d8:e2:9d:bd:ff:ed:a1:e6:66:ea:2f:09:f4:
+        ca:d7:ea:a5:2b:95:f6:24:60:86:4d:44:2e:83:a5:c4:2d:a0:
+        d3:ae:78:69:6f:72:da:6c:ae:08:f0:63:92:37:e6:bb:c4:30:
+        17:ad:77:cc:49:35:aa:cf:d8:8f:d1:be:b7:18:96:47:73:6a:
+        54:22:34:64:2d:b6:16:9b:59:5b:b4:51:59:3a:b3:0b:14:f4:
+        12:df:67:a0:f4:ad:32:64:5e:b1:46:72:27:8c:12:7b:c5:44:
+        b4:ae
+
+Verisign Class 2 Public Primary Certification Authority - G3
+============================================================
+MD5 Fingerprint: F8:BE:C4:63:22:C9:A8:46:74:8B:B8:1D:1E:4A:2B:F6
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy
+aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s
+IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp
+Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV
+BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp
+Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu
+Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g
+Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt
+IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU
+J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO
+JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY
+wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o
+koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN
+qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E
+Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe
+xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u
+7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU
+sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI
+sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP
+cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            61:70:cb:49:8c:5f:98:45:29:e7:b0:a6:d9:50:5b:7a
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3
+        Validity
+            Not Before: Oct  1 00:00:00 1999 GMT
+            Not After : Jul 16 23:59:59 2036 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:af:0a:0d:c2:d5:2c:db:67:b9:2d:e5:94:27:dd:
+                    a5:be:e0:b0:4d:8f:b3:61:56:3c:d6:7c:c3:f4:cd:
+                    3e:86:cb:a2:88:e2:e1:d8:a4:69:c5:b5:e2:bf:c1:
+                    a6:47:50:5e:46:39:8b:d5:96:ba:b5:6f:14:bf:10:
+                    ce:27:13:9e:05:47:9b:31:7a:13:d8:1f:d9:d3:02:
+                    37:8b:ad:2c:47:f0:8e:81:06:a7:0d:30:0c:eb:f7:
+                    3c:0f:20:1d:dc:72:46:ee:a5:02:c8:5b:c3:c9:56:
+                    69:4c:c5:18:c1:91:7b:0b:d5:13:00:9b:bc:ef:c3:
+                    48:3e:46:60:20:85:2a:d5:90:b6:cd:8b:a0:cc:32:
+                    dd:b7:fd:40:55:b2:50:1c:56:ae:cc:8d:77:4d:c7:
+                    20:4d:a7:31:76:ef:68:92:8a:90:1e:08:81:56:b2:
+                    ad:69:a3:52:d0:cb:1c:c4:23:3d:1f:99:fe:4c:e8:
+                    16:63:8e:c6:08:8e:f6:31:f6:d2:fa:e5:76:dd:b5:
+                    1c:92:a3:49:cd:cd:01:cd:68:cd:a9:69:ba:a3:eb:
+                    1d:0d:9c:a4:20:a6:c1:a0:c5:d1:46:4c:17:6d:d2:
+                    ac:66:3f:96:8c:e0:84:d4:36:ff:22:59:c5:f9:11:
+                    60:a8:5f:04:7d:f2:1a:f6:25:42:61:0f:c4:4a:b8:
+                    3e:89
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        34:26:15:3c:c0:8d:4d:43:49:1d:bd:e9:21:92:d7:66:9c:b7:
+        de:c5:b8:d0:e4:5d:5f:76:22:c0:26:f9:84:3a:3a:f9:8c:b5:
+        fb:ec:60:f1:e8:ce:04:b0:c8:dd:a7:03:8f:30:f3:98:df:a4:
+        e6:a4:31:df:d3:1c:0b:46:dc:72:20:3f:ae:ee:05:3c:a4:33:
+        3f:0b:39:ac:70:78:73:4b:99:2b:df:30:c2:54:b0:a8:3b:55:
+        a1:fe:16:28:cd:42:bd:74:6e:80:db:27:44:a7:ce:44:5d:d4:
+        1b:90:98:0d:1e:42:94:b1:00:2c:04:d0:74:a3:02:05:22:63:
+        63:cd:83:b5:fb:c1:6d:62:6b:69:75:fd:5d:70:41:b9:f5:bf:
+        7c:df:be:c1:32:73:22:21:8b:58:81:7b:15:91:7a:ba:e3:64:
+        48:b0:7f:fb:36:25:da:95:d0:f1:24:14:17:dd:18:80:6b:46:
+        23:39:54:f5:8e:62:09:04:1d:94:90:a6:9b:e6:25:e2:42:45:
+        aa:b8:90:ad:be:08:8f:a9:0b:42:18:94:cf:72:39:e1:b1:43:
+        e0:28:cf:b7:e7:5a:6c:13:6b:49:b3:ff:e3:18:7c:89:8b:33:
+        5d:ac:33:d7:a7:f9:da:3a:55:c9:58:10:f9:aa:ef:5a:b6:cf:
+        4b:4b:df:2a
+
+Verisign Class 3 Public Primary Certification Authority
+=======================================================
+MD5 Fingerprint: 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
+cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
+MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
+BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
+ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
+BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
+I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
+CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
+lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
+AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+        Validity
+            Not Before: Jan 29 00:00:00 1996 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:c9:5c:59:9e:f2:1b:8a:01:14:b4:10:df:04:40:
+                    db:e3:57:af:6a:45:40:8f:84:0c:0b:d1:33:d9:d9:
+                    11:cf:ee:02:58:1f:25:f7:2a:a8:44:05:aa:ec:03:
+                    1f:78:7f:9e:93:b9:9a:00:aa:23:7d:d6:ac:85:a2:
+                    63:45:c7:72:27:cc:f4:4c:c6:75:71:d2:39:ef:4f:
+                    42:f0:75:df:0a:90:c6:8e:20:6f:98:0f:f8:ac:23:
+                    5f:70:29:36:a4:c9:86:e7:b1:9a:20:cb:53:a5:85:
+                    e7:3d:be:7d:9a:fe:24:45:33:dc:76:15:ed:0f:a2:
+                    71:64:4c:65:2e:81:68:45:a7
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        bb:4c:12:2b:cf:2c:26:00:4f:14:13:dd:a6:fb:fc:0a:11:84:
+        8c:f3:28:1c:67:92:2f:7c:b6:c5:fa:df:f0:e8:95:bc:1d:8f:
+        6c:2c:a8:51:cc:73:d8:a4:c0:53:f0:4e:d6:26:c0:76:01:57:
+        81:92:5e:21:f1:d1:b1:ff:e7:d0:21:58:cd:69:17:e3:44:1c:
+        9c:19:44:39:89:5c:dc:9c:00:0f:56:8d:02:99:ed:a2:90:45:
+        4c:e4:bb:10:a4:3d:f0:32:03:0e:f1:ce:f8:e8:c9:51:8c:e6:
+        62:9f:e6:9f:c0:7d:b7:72:9c:c9:36:3a:6b:9f:4e:a8:ff:64:
+        0d:64
+
+Verisign Class 3 Public Primary Certification Authority - G2
+============================================================
+MD5 Fingerprint: A2:33:9B:4C:74:78:73:D4:6C:E7:C1:F3:8D:CB:5C:E9
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4
+pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0
+13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk
+U01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i
+F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY
+oJ2daZH9
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            7d:d9:fe:07:cf:a8:1e:b7:10:79:67:fb:a7:89:34:c6
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Validity
+            Not Before: May 18 00:00:00 1998 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:cc:5e:d1:11:5d:5c:69:d0:ab:d3:b9:6a:4c:99:
+                    1f:59:98:30:8e:16:85:20:46:6d:47:3f:d4:85:20:
+                    84:e1:6d:b3:f8:a4:ed:0c:f1:17:0f:3b:f9:a7:f9:
+                    25:d7:c1:cf:84:63:f2:7c:63:cf:a2:47:f2:c6:5b:
+                    33:8e:64:40:04:68:c1:80:b9:64:1c:45:77:c7:d8:
+                    6e:f5:95:29:3c:50:e8:34:d7:78:1f:a8:ba:6d:43:
+                    91:95:8f:45:57:5e:7e:c5:fb:ca:a4:04:eb:ea:97:
+                    37:54:30:6f:bb:01:47:32:33:cd:dc:57:9b:64:69:
+                    61:f8:9b:1d:1c:89:4f:5c:67
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        51:4d:cd:be:5c:cb:98:19:9c:15:b2:01:39:78:2e:4d:0f:67:
+        70:70:99:c6:10:5a:94:a4:53:4d:54:6d:2b:af:0d:5d:40:8b:
+        64:d3:d7:ee:de:56:61:92:5f:a6:c4:1d:10:61:36:d3:2c:27:
+        3c:e8:29:09:b9:11:64:74:cc:b5:73:9f:1c:48:a9:bc:61:01:
+        ee:e2:17:a6:0c:e3:40:08:3b:0e:e7:eb:44:73:2a:9a:f1:69:
+        92:ef:71:14:c3:39:ac:71:a7:91:09:6f:e4:71:06:b3:ba:59:
+        57:26:79:00:f6:f8:0d:a2:33:30:28:d4:aa:58:a0:9d:9d:69:
+        91:fd
+
+Verisign Class 3 Public Primary Certification Authority - G3
+============================================================
+MD5 Fingerprint: CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b
+N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t
+KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu
+kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm
+CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ
+Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu
+imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te
+2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe
+DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC
+/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p
+F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt
+TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
+        Validity
+            Not Before: Oct  1 00:00:00 1999 GMT
+            Not After : Jul 16 23:59:59 2036 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:cb:ba:9c:52:fc:78:1f:1a:1e:6f:1b:37:73:bd:
+                    f8:c9:6b:94:12:30:4f:f0:36:47:f5:d0:91:0a:f5:
+                    17:c8:a5:61:c1:16:40:4d:fb:8a:61:90:e5:76:20:
+                    c1:11:06:7d:ab:2c:6e:a6:f5:11:41:8e:fa:2d:ad:
+                    2a:61:59:a4:67:26:4c:d0:e8:bc:52:5b:70:20:04:
+                    58:d1:7a:c9:a4:69:bc:83:17:64:ad:05:8b:bc:d0:
+                    58:ce:8d:8c:f5:eb:f0:42:49:0b:9d:97:27:67:32:
+                    6e:e1:ae:93:15:1c:70:bc:20:4d:2f:18:de:92:88:
+                    e8:6c:85:57:11:1a:e9:7e:e3:26:11:54:a2:45:96:
+                    55:83:ca:30:89:e8:dc:d8:a3:ed:2a:80:3f:7f:79:
+                    65:57:3e:15:20:66:08:2f:95:93:bf:aa:47:2f:a8:
+                    46:97:f0:12:e2:fe:c2:0a:2b:51:e6:76:e6:b7:46:
+                    b7:e2:0d:a6:cc:a8:c3:4c:59:55:89:e6:e8:53:5c:
+                    1c:ea:9d:f0:62:16:0b:a7:c9:5f:0c:f0:de:c2:76:
+                    ce:af:f7:6a:f2:fa:41:a6:a2:33:14:c9:e5:7a:63:
+                    d3:9e:62:37:d5:85:65:9e:0e:e6:53:24:74:1b:5e:
+                    1d:12:53:5b:c7:2c:e7:83:49:3b:15:ae:8a:68:b9:
+                    57:97
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        11:14:96:c1:ab:92:08:f7:3f:2f:c9:b2:fe:e4:5a:9f:64:de:
+        db:21:4f:86:99:34:76:36:57:dd:d0:15:2f:c5:ad:7f:15:1f:
+        37:62:73:3e:d4:e7:5f:ce:17:03:db:35:fa:2b:db:ae:60:09:
+        5f:1e:5f:8f:6e:bb:0b:3d:ea:5a:13:1e:0c:60:6f:b5:c0:b5:
+        23:22:2e:07:0b:cb:a9:74:cb:47:bb:1d:c1:d7:a5:6b:cc:2f:
+        d2:42:fd:49:dd:a7:89:cf:53:ba:da:00:5a:28:bf:82:df:f8:
+        ba:13:1d:50:86:82:fd:8e:30:8f:29:46:b0:1e:3d:35:da:38:
+        62:16:18:4a:ad:e6:b6:51:6c:de:af:62:eb:01:d0:1e:24:fe:
+        7a:8f:12:1a:12:68:b8:fb:66:99:14:14:45:5c:ae:e7:ae:69:
+        17:81:2b:5a:37:c9:5e:2a:f4:c6:e2:a1:5c:54:9b:a6:54:00:
+        cf:f0:f1:c1:c7:98:30:1a:3b:36:16:db:a3:6e:ea:fd:ad:b2:
+        c2:da:ef:02:47:13:8a:c0:f1:b3:31:ad:4f:1c:e1:4f:9c:af:
+        0f:0c:9d:f7:78:0d:d8:f4:35:56:80:da:b7:6d:17:8f:9d:1e:
+        81:64:e1:fe:c5:45:ba:ad:6b:b9:0a:7a:4e:4f:4b:84:ee:4b:
+        f1:7d:dd:11
+
+Verisign Class 4 Public Primary Certification Authority - G2
+============================================================
+MD5 Fingerprint: 26:6D:2C:19:98:B6:70:68:38:50:54:19:EC:90:34:60
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIDAjCCAmsCEDKIjprS9esTR/h/xCA3JfgwDQYJKoZIhvcNAQEFBQAwgcExCzAJ
+BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh
+c3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
+MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
+emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
+DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
+FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgNCBQdWJsaWMg
+UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo
+YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
+MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQC68OTP+cSuhVS5B1f5j8V/aBH4xBewRNzjMHPVKmIquNDM
+HO0oW369atyzkSTKQWI8/AIBvxwWMZQFl3Zuoq29YRdsTjCG8FE3KlDHqGKB3FtK
+qsGgtG7rL+VXxbErQHDbWk2hjh+9Ax/YA9SPTJlxvOKCzFjomDqG04Y48wApHwID
+AQABMA0GCSqGSIb3DQEBBQUAA4GBAIWMEsGnuVAVess+rLhDityq3RS6iYF+ATwj
+cSGIL4LcY/oCRaxFWdcqWERbt5+BO5JoPeI3JPV7bI92NZYJqFmduc4jq3TWg/0y
+cyfYaT5DdPauxYma51N86Xv2S/PBZYPejYqcPIiNOVn8qj8ijaHBZlCBckztImRP
+T8qAkbYp
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            32:88:8e:9a:d2:f5:eb:13:47:f8:7f:c4:20:37:25:f8
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Validity
+            Not Before: May 18 00:00:00 1998 GMT
+            Not After : Aug  1 23:59:59 2028 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:ba:f0:e4:cf:f9:c4:ae:85:54:b9:07:57:f9:8f:
+                    c5:7f:68:11:f8:c4:17:b0:44:dc:e3:30:73:d5:2a:
+                    62:2a:b8:d0:cc:1c:ed:28:5b:7e:bd:6a:dc:b3:91:
+                    24:ca:41:62:3c:fc:02:01:bf:1c:16:31:94:05:97:
+                    76:6e:a2:ad:bd:61:17:6c:4e:30:86:f0:51:37:2a:
+                    50:c7:a8:62:81:dc:5b:4a:aa:c1:a0:b4:6e:eb:2f:
+                    e5:57:c5:b1:2b:40:70:db:5a:4d:a1:8e:1f:bd:03:
+                    1f:d8:03:d4:8f:4c:99:71:bc:e2:82:cc:58:e8:98:
+                    3a:86:d3:86:38:f3:00:29:1f
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        85:8c:12:c1:a7:b9:50:15:7a:cb:3e:ac:b8:43:8a:dc:aa:dd:
+        14:ba:89:81:7e:01:3c:23:71:21:88:2f:82:dc:63:fa:02:45:
+        ac:45:59:d7:2a:58:44:5b:b7:9f:81:3b:92:68:3d:e2:37:24:
+        f5:7b:6c:8f:76:35:96:09:a8:59:9d:b9:ce:23:ab:74:d6:83:
+        fd:32:73:27:d8:69:3e:43:74:f6:ae:c5:89:9a:e7:53:7c:e9:
+        7b:f6:4b:f3:c1:65:83:de:8d:8a:9c:3c:88:8d:39:59:fc:aa:
+        3f:22:8d:a1:c1:66:50:81:72:4c:ed:22:64:4f:4f:ca:80:91:
+        b6:29
+
+Verisign Class 4 Public Primary Certification Authority - G3
+============================================================
+MD5 Fingerprint: DB:C8:F2:27:2E:B1:EA:6A:29:23:5D:FE:56:3E:33:DF
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3LpRFpxlmr8Y+1
+GQ9Wzsy1HyDkniYlS+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaStBO3IFsJ
++mGuqPKljYXCKtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0Gbd
+U6LM8BDcVHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLm
+NxdLMEYH5IBtptiWLugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XY
+ufTsgsbSPZUd5cBPhMnZo0QoBmrXRazwa2rvTl/4EYIeOGM0ZlDUPpNz+jDDZq3/
+ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAj/ola09b5KROJ1WrIhVZPMq1
+CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXttmhwwjIDLk5Mq
+g6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csKvE+MW8VLADsfKoKm
+fjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluPQSjA1egtTaRezarZ7c7c
+2NU8Qh0XwRJdRTjDOPP8hS6DRkiy1yBfkjaP53kPmF6Z6PDQpLv1U70qzlmwr25/
+bLvSHgCwIe34QWKCudiyxLtGUPMxxY8BqHTr9Xgn2uf3ZkPznoM+IKrDNWCRzg==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            ec:a0:a7:8b:6e:75:6a:01:cf:c4:7c:cc:2f:94:5e:d7
+        Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3
+        Validity
+            Not Before: Oct  1 00:00:00 1999 GMT
+            Not After : Jul 16 23:59:59 2036 GMT
+        Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (2048 bit)
+                Modulus (2048 bit):
+                    00:ad:cb:a5:11:69:c6:59:ab:f1:8f:b5:19:0f:56:
+                    ce:cc:b5:1f:20:e4:9e:26:25:4b:e0:73:65:89:59:
+                    de:d0:83:e4:f5:0f:b5:bb:ad:f1:7c:e8:21:fc:e4:
+                    e8:0c:ee:7c:45:22:19:76:92:b4:13:b7:20:5b:09:
+                    fa:61:ae:a8:f2:a5:8d:85:c2:2a:d6:de:66:36:d2:
+                    9b:02:f4:a8:92:60:7c:9c:69:b4:8f:24:1e:d0:86:
+                    52:f6:32:9c:41:58:1e:22:bd:cd:45:62:95:08:6e:
+                    d0:66:dd:53:a2:cc:f0:10:dc:54:73:8b:04:a1:46:
+                    33:33:5c:17:40:b9:9e:4d:d3:f3:be:55:83:e8:b1:
+                    89:8e:5a:7c:9a:96:22:90:3b:88:25:f2:d2:53:88:
+                    02:0c:0b:78:f2:e6:37:17:4b:30:46:07:e4:80:6d:
+                    a6:d8:96:2e:e8:2c:f8:11:b3:38:0d:66:a6:9b:ea:
+                    c9:23:5b:db:8e:e2:f3:13:8e:1a:59:2d:aa:02:f0:
+                    ec:a4:87:66:dc:c1:3f:f5:d8:b9:f4:ec:82:c6:d2:
+                    3d:95:1d:e5:c0:4f:84:c9:d9:a3:44:28:06:6a:d7:
+                    45:ac:f0:6b:6a:ef:4e:5f:f8:11:82:1e:38:63:34:
+                    66:50:d4:3e:93:73:fa:30:c3:66:ad:ff:93:2d:97:
+                    ef:03
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha1WithRSAEncryption
+        8f:fa:25:6b:4f:5b:e4:a4:4e:27:55:ab:22:15:59:3c:ca:b5:
+        0a:d4:4a:db:ab:dd:a1:5f:53:c5:a0:57:39:c2:ce:47:2b:be:
+        3a:c8:56:bf:c2:d9:27:10:3a:b1:05:3c:c0:77:31:bb:3a:d3:
+        05:7b:6d:9a:1c:30:8c:80:cb:93:93:2a:83:ab:05:51:82:02:
+        00:11:67:6b:f3:88:61:47:5f:03:93:d5:5b:0d:e0:f1:d4:a1:
+        32:35:85:b2:3a:db:b0:82:ab:d1:cb:0a:bc:4f:8c:5b:c5:4b:
+        00:3b:1f:2a:82:a6:7e:36:85:dc:7e:3c:67:00:b5:e4:3b:52:
+        e0:a8:eb:5d:15:f9:c6:6d:f0:ad:1d:0e:85:b7:a9:9a:73:14:
+        5a:5b:8f:41:28:c0:d5:e8:2d:4d:a4:5e:cd:aa:d9:ed:ce:dc:
+        d8:d5:3c:42:1d:17:c1:12:5d:45:38:c3:38:f3:fc:85:2e:83:
+        46:48:b2:d7:20:5f:92:36:8f:e7:79:0f:98:5e:99:e8:f0:d0:
+        a4:bb:f5:53:bd:2a:ce:59:b0:af:6e:7f:6c:bb:d2:1e:00:b0:
+        21:ed:f8:41:62:82:b9:d8:b2:c4:bb:46:50:f3:31:c5:8f:01:
+        a8:74:eb:f5:78:27:da:e7:f7:66:43:f3:9e:83:3e:20:aa:c3:
+        35:60:91:ce
+
+Verisign/RSA Commercial CA
+==========================
+MD5 Fingerprint: 5A:0B:DD:42:9E:B2:B4:62:97:32:7F:7F:0A:AA:9A:39
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
+HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
+Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
+OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
+ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
+975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
+touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
+7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
+9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
+0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
+MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            02:41:00:00:16
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=RSA Data Security, Inc., OU=Commercial Certification Authority
+        Validity
+            Not Before: Nov  4 18:58:34 1994 GMT
+            Not After : Nov  3 18:58:34 1999 GMT
+        Subject: C=US, O=RSA Data Security, Inc., OU=Commercial Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1000 bit)
+                Modulus (1000 bit):
+                    00:a4:fb:81:62:7b:ce:10:27:dd:e8:f7:be:6c:6e:
+                    c6:70:99:db:b8:d5:05:03:69:28:82:9c:72:7f:96:
+                    3f:8e:ec:ac:29:92:3f:8a:14:f8:42:76:be:bd:5d:
+                    03:b9:90:d4:d0:bc:06:b2:51:33:5f:c4:c2:bf:b6:
+                    8b:8f:99:b6:62:22:60:dd:db:df:20:82:b4:ca:a2:
+                    2f:2d:50:ed:94:32:de:e0:55:8d:d4:68:e2:e0:4c:
+                    d2:cd:05:16:2e:95:66:5c:61:52:38:1e:51:a8:82:
+                    a1:c4:ef:25:e9:0a:e6:8b:2b:8e:31:66:d9:f8:d9:
+                    fd:bd:3b:69:d9:eb
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        76:b5:b6:10:fe:23:f7:f7:59:62:4b:b0:5f:9c:c1:68:bc:49:
+        bb:b3:49:6f:21:47:5d:2b:9d:54:c4:00:28:3f:98:b9:f2:8a:
+        83:9b:60:7f:eb:50:c7:ab:05:10:2d:3d:ed:38:02:c1:a5:48:
+        d2:fe:65:a0:c0:bc:ea:a6:23:16:66:6c:1b:24:a9:f3:ec:79:
+        35:18:4f:26:c8:e3:af:50:4a:c7:a7:31:6b:d0:7c:18:9d:50:
+        bf:a9:26:fa:26:2b:46:9c:14:a9:bb:5b:30:98:42:28:b5:4b:
+        53:bb:43:09:92:40:ba:a8:aa:5a:a4:c6:b6:8b:57:4d:c5
+
+Verisign/RSA Secure Server CA
+=============================
+MD5 Fingerprint: 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
+PEM Data:
+-----BEGIN CERTIFICATE-----
+MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+-----END CERTIFICATE-----
+Certificate Ingredients:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
+        Signature Algorithm: md2WithRSAEncryption
+        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Validity
+            Not Before: Nov  9 00:00:00 1994 GMT
+            Not After : Jan  7 23:59:59 2010 GMT
+        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1000 bit)
+                Modulus (1000 bit):
+                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
+                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
+                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
+                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
+                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
+                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
+                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
+                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
+                    dd:2d:d6:c8:1e:7b
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md2WithRSAEncryption
+        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
+        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
+        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
+        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
+        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
+        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
+        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
diff --git a/db/Makefile.am b/db/Makefile.am
index c972523..a8bac3d 100644
--- a/db/Makefile.am
+++ b/db/Makefile.am
@@ -1,5 +1,5 @@
 ## -*- mode: makefile; tab-width: 4 -*-
-## $Id: Makefile.am 25911 2012-07-30 19:52:51Z romw $
+## $Id$
 
 include $(top_srcdir)/Makefile.incl
 
diff --git a/db/boinc_db.cpp b/db/boinc_db.cpp
index 1944e98..9fcd91a 100644
--- a/db/boinc_db.cpp
+++ b/db/boinc_db.cpp
@@ -2406,4 +2406,4 @@ void DB_VDA_CHUNK_HOST::db_parse(MYSQL_ROW &r) {
     transfer_send_time = atof(r[i++]);
 }
 
-const char *BOINC_RCSID_ac374386c8 = "$Id: boinc_db.cpp 25356 2012-02-29 20:58:45Z davea $";
+const char *BOINC_RCSID_ac374386c8 = "$Id$";
diff --git a/db/db_base.cpp b/db/db_base.cpp
index 9b0bb45..5a9ccd7 100644
--- a/db/db_base.cpp
+++ b/db/db_base.cpp
@@ -525,4 +525,4 @@ void escape_mysql_like_pattern(const char* in, char* out) {
     }
 }
 
-const char *BOINC_RCSID_43d919556b = "$Id: db_base.cpp 25405 2012-03-12 21:45:29Z davea $";
+const char *BOINC_RCSID_43d919556b = "$Id$";
diff --git a/db/init_db b/db/init_db
deleted file mode 100755
index 353b195..0000000
--- a/db/init_db
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-
-if [ -z "$1" ]; then
-    echo "syntax: $0 DB_NAME"
-    exit 1
-fi
-
-mysql $1 < schema.sql
diff --git a/doc/Makefile.am b/doc/Makefile.am
index a68199e..e5e82d5 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -1,5 +1,5 @@
 ## -*- mode: makefile; tab-width: 4 -*-
-## $Id: Makefile.am 15375 2008-06-08 22:18:52Z davea $
+## $Id$
 
 include $(top_srcdir)/Makefile.incl
 
diff --git a/doc/acct_mgt.png b/doc/acct_mgt.png
deleted file mode 100644
index b481f40..0000000
Binary files a/doc/acct_mgt.png and /dev/null differ
diff --git a/doc/acct_mgt.sxi b/doc/acct_mgt.sxi
deleted file mode 100644
index 4c2855f..0000000
Binary files a/doc/acct_mgt.sxi and /dev/null differ
diff --git a/doc/acct_mgt2.odg b/doc/acct_mgt2.odg
deleted file mode 100644
index ea640c3..0000000
Binary files a/doc/acct_mgt2.odg and /dev/null differ
diff --git a/doc/acct_mgt2.png b/doc/acct_mgt2.png
deleted file mode 100644
index 1a504d0..0000000
Binary files a/doc/acct_mgt2.png and /dev/null differ
diff --git a/doc/comm.png b/doc/comm.png
deleted file mode 100644
index 97827bb..0000000
Binary files a/doc/comm.png and /dev/null differ
diff --git a/doc/comm.sxd b/doc/comm.sxd
deleted file mode 100644
index ab6c140..0000000
Binary files a/doc/comm.sxd and /dev/null differ
diff --git a/doc/comm_simple.png b/doc/comm_simple.png
deleted file mode 100644
index 9ba60b5..0000000
Binary files a/doc/comm_simple.png and /dev/null differ
diff --git a/doc/comm_simple.sxd b/doc/comm_simple.sxd
deleted file mode 100644
index 2277264..0000000
Binary files a/doc/comm_simple.sxd and /dev/null differ
diff --git a/doc/credit.png b/doc/credit.png
deleted file mode 100644
index 8f2ae88..0000000
Binary files a/doc/credit.png and /dev/null differ
diff --git a/doc/credit.sxd b/doc/credit.sxd
deleted file mode 100644
index 04b4ba6..0000000
Binary files a/doc/credit.sxd and /dev/null differ
diff --git a/doc/debian_linux_install.txt b/doc/debian_linux_install.txt
deleted file mode 100644
index 8f4c71a..0000000
--- a/doc/debian_linux_install.txt
+++ /dev/null
@@ -1,45 +0,0 @@
-Packages required for running the server:
-
-  mysql-server mysql-client libmysqlclient
-
-  apache, apache2, apache-ssl
-  php4-cgi (or php4 if running apache 1)
-
-  python-mysqldb, python-xml
-
-Packages required for compilation:
-
-  g++
-
-  libgl-dev libglu-dev
-    (these are virtual packages; one example of packages that provide these are:
-       mesag-dev xlibmesa-glu-dev
-    )
-
-  libmysqlclient-dev
-
-  libglutg3 libglut3-dev
- 
-  libgtk2.0 libgtk2.0-dev
-
-  libwxgtk2.2 libwxgtk2.2-dev
-    (Note: after installing these packages, you will still need to
-     download/compile/install a newer version. Make sure you end up
-     with a libwx_gtk-2.4.a as well as libwx_gtk-2.4.so. You'll need
-     to configure with the --disable-shared option to get the .a).
-    (Another Note: Depending on what gtk packages you have installed,
-     you may be missing the script "gtk-config" which wxwidgets needs
-     to configure (it uses the script to determine gtk version. At worst,
-     just make a script called gtk-config that spits out the version
-     number of GTK when called with the "--version" command line option,
-     i.e.:
-             # gtk-config --version
-             1.2.10
-    ).
-
-Packages required if you change makefiles:
-
-  autoconf (>= 2.59)
-  automake (>= 1.9.3)
-    (both are very easy to download from gnu and compile/install)
-
diff --git a/doc/fortran_numerics.txt b/doc/fortran_numerics.txt
deleted file mode 100644
index 71f0d56..0000000
--- a/doc/fortran_numerics.txt
+++ /dev/null
@@ -1,76 +0,0 @@
-[ Notes from Eric McIntosh at CERN on how to
-  eliminate numerical discrepancies between platforms. ]
-
-First I found a problem with data input on Windows using
-an "old" Compaq Visual Fortran compiler. Approximately
-1000 out of 16 million magnet errors were one bit too big
-on the Windows system. This problem is apparently fixed with
-"more modern" compilers, and my colleague Flrent Denichin
-from Lyon says we could also have specified a larger number of
-decimal digits to avoid this........
-
-However I found that the Lahey Fortran compilers
-produce identical results on Linux and Windows.
-The company claims it strives for this but does
-not guarantee it. I use compatible releases
-of their compiler e.g. 5.7 on Windows and 6.1 on Linux
-but am now in production with 7.1.1 on Windows and 6.2 on Linux.
-The data input problem was thus resolved.
-
-It is very important to note that the compiler disables
-extended precision on Intel boxes and has an option to
-generate compatible code for any Pentium. Lahey do NOT use
-extended 80-bit precision, SSE, or Multiply/ADD in one
-instruction, with the appropriate compiler switch settings,
-and I make a statically linked executable. I also compile at 
-the same optimisation level of course to avoid
-differences due to different optimisation.
-
-Given all this I was delighted, until I started finding
-small numerical difference in a small percentage of runs.
-This was relatively easy to spot, as even a difference of
-1 in the least significant bit of the mantissa of an IEEE
-floating-point number, will be magnified as the SixTrack
-particles pass through ~10,000 computational steps of
-each of up to one million turns.
-
-To cut a long story short; I finally found that the culprits
-were the exp and log functions. Certain parameters to these
-functions produce a result which is 1 least significant bit different
-between an IA-32 and an ATHLON AMD64. A WEB search uncovered the
-crlibm, a library of Elementary functions developed at the
-Ecole Normale Sperieur in Lyon (just a couple of hours
-drive from Geneva!). I downloaded and tested this library,
-and developed a Fortran interface and converted it for
-Windows as well. (It had been developed using C on Linux.)
-The library provides, sin, cos, sinh, cosh, tan, atan, log, log10 and
-exp that I use. It offers rounding to nearest, or rounding up
-or down. It is also optimised in the sense that it computes a
-sufficient but minimum number of binary digits to produce
-a correctly rounded result.
-
-I also implemented some missing elementary functions in terms of
-the others they provide; namely acos_rn, asin_rn, atan2_rn in
-terms of atan_rn, where _rn implies round to nearest.
-
-This library GUARANTEES to deliver the correctly rounded double
-precision result on virtually any computer, and certainly on the
-IEEE IA-32, AMD64 machines I am using. The results are also proven 
-theoretically to be correct. This is a tremendous piece of work and to
-me represents an enormous step forward in the history of computing.
-The greatest advance since the invention of IEEE arithmetic itself.
-(I have not yet verified on the Intel IA-64 due to the pressure of
-work, but I will do, as soon as possible, and Lyon have certainly
-tested it.)
-
-My colleague Florent de Dinechen of ENS Lyon, whom we invited to CERN 
-afterwards to lecture on floating-point arithmetic, points you to
-http://lipforge.ens-lyon.fr/projects/crlibm/
-where their work is described.
-
-We shall make a joint presentation (I hope) at the
-19th International Symposium on Distributed Computing
-DISC 2005
-Krakow, Poland, September 25-29, 2005.
-
-and also at CHEP 06 in Mumbai.
diff --git a/doc/graphics.png b/doc/graphics.png
deleted file mode 100644
index a55a37a..0000000
Binary files a/doc/graphics.png and /dev/null differ
diff --git a/doc/graphics.sxd b/doc/graphics.sxd
deleted file mode 100644
index 18fb3c0..0000000
Binary files a/doc/graphics.sxd and /dev/null differ
diff --git a/doc/hpux.html b/doc/hpux.html
deleted file mode 100644
index 5d67bc1..0000000
--- a/doc/hpux.html
+++ /dev/null
@@ -1,382 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-  <meta content="text/html; charset=ISO-8859-1"
- http-equiv="content-type">
-  <title>boinc and seti at home quick install guide</title>
-</head>
-<body>
-              <big>
-
-<big style="font-weight: bold;"><big>BOINC and SETI at home quick install
-guide for HPUX</big></big></big><br>
-<br>
-From Lars Bausch
-<br>
-<big><br>
-<big>0. Releases </big></big><br>
-<br>
-There are some different depots for specifiy (optimized) plattforms
-available :<br>
-<br>
- - seti-boinc_parisc_32.depot.gz :  32 Bit PARISC (PARISC 1.1
-CPUs, aka PARISC <br>
-
-   7x00 and 2.0 8x00 CPUs (aka PARISC 2.0). Runs on 64 Bit
-also, The seti app <br>
-   is 20 % slower than the 64 bit optimized binary). Should
-also run on IA64 <br>
-   (Itanium), but very slow. HPUX 11.x (11.0, 11.11 (11i
-Version 1) and 11.23 (<br>
-   11i Version 2)<br>
-<br>
- - seti-boinc_parisc_64.depot.gz : 64 bit for PARISC 8x00 (aka
-PARISC 2.0). <br>
-   Should run slow on IA64. HPUX 11.x (11.0, 11.11 (11i
-Version 1) and 11.23 (<br>
-
-   11i Version 2)<br>
-<br>
- - seti-boinc_ia64_32.depot.gz : 32 bit for Itanium on HPUX 11.2x
-(11i Version <br>
-   1 and Version 2).<br>
-<br>
->From more informations about the defintion from
-workstation/server/model to <br>
-architecure and cpu version look at /usr/bin/sched.models.<br>
-<br>
-<br>
-<br>
-<big><big>1. Install the package</big></big><br>
-
-<br>
-<big>1.1 Install with swinstall</big><br>
-<br>
-Unzip the depot package : <br>
-        gunzip
-seti-boinc_32.depot.gz <br>
-<br>
-Swinstall the depot <br>
-        swinstall -s
-$PATH_TO_BOINC_DEPOT/seti-boinc_32.depot \*  <br>
-
-<br>
-Source your /etc/profile with the new entries required for boinc and
-seti : <br>
-        . /etc/profi<big>le<br>
-<br>
-<br>
-1.2 Install not via swinstall</big><br>
-<br>
-If you don't wan't to intstall the binaries with swinstall. i<br>
-
-<br>
-gunzip seti-boinc_parisc-64_1.4.depot.gz<br>
-<br>
-tar -xvf seti-boinc_parisc-64_1.4.depot<br>
-<br>
-cp -R seti-boinc_64/*/opt/boinc /opt/<br>
-<br>
-cp ./catalog/seti-boinc_64/SETI_BOINC-LIB/postinstall /opt/boinc<br>
-    -> now you can make a tar file for example, from
-the destination directory <br>
-       /opt/boinc to copy it to other
-sytems, or move wherever you want. <br>
-
-<br>
-Add this to /etc/profile, or the in the profile of the user  : <br>
-       
-SHLIB_PATH=$DESTINATION_DIR_FROM_BOINC/lib:$SHLIB_PATH<br>
-        -> for example
-SHLIB_PATH=/home/seti/lib <br>
-
-        export SHLIB-PATH<br>
-<br>
-Source your /etc/profile, with the new entries required for boinc and
-seti : <br>
-        . /etc/profile<br>
-
-<small><br>
-<br>
-</small><br>
-<big><big>2. add a group and a user</big> </big><br>
-<br>
-Don't run the boinc client and seti app as root !<br>
-<br>
-This steps require a root account :<br>
-<br>
-Add a group (groupadd -g $GROUPID $GROUPNAME ) : <br>
-        groupadd -g 200 seti<br>
-
-<br>
-Add a user (useradd -u $USERID -g $GROUPID  -d $HOMEDIRECTORY
-$USERNAME) : <br>
-        useradd -u 200 -g 200 
--d /opt/boinc seti<br>
-<br>
-Change the password for you new user (passwd $USERNAME):<br>
-        passwd seti<br>
-
-<br>
-Change the owner and group for the boinc directory, where the client is
-located (<br>
-chown $USERNAME:$GROUPNAME $SETIDIRECTORY)<br>
-        chown seti:seti /opt/boinc<br>
-<br>
-Feel free to change the directories, if you want... <br>
-<br>
-<br>
-<big><br>
-
-<big>3. Register your Account for seti at home</big></big><br>
-<br>
-You can use the standard registration mechanism within the client : <br>
-        ./boinc_client
--attach_project setiweb.berkeley.edu $ACCOUNT_KEY<br>
-<br>
-If this don't work, whis workaround helps :<br>
-<br>
-Change $ACCOUNT_KEY in the file
-/opt/boinc/account_setiathome.berkeley.edu.xml<br>
-in the key you get from email from the seti at home project. <br>
-Edit line 3, and do not set any blanks before or after the key. <br>
-
-<br>
-<account><br>
-   
-<master_url>http://setiathome.berkeley.edu/</master_url><br>
-   
-<authenticator>$ACCOUNT_KEY</authenticator><br>
-
-    <project_name>SETI at home</project_name><br>
-    <host_venue>home</host_venue><br>
-<project_preferences><br>
-
-</project_preferences><br>
-</account><br>
-<br>
-<br>
-<big><br>
-<big>4. Start client and seti app</big></big><br>
-<br>
-Login as your new user, and start the boinc_client : <br>
-<br>
-seti at windu:/opt/boinc # ./boinc_client<br>
-2005-06-08 08:53:22 [---] Starting BOINC client version 4.32 for
-hppa1.1-hp-hpux11.11<br>
-2005-06-08 08:53:22 [---] Data directory: /opt/boinc<br>
-2005-06-08 08:53:22 [SETI at home] Using your default project prefs<br>
-2005-06-08 08:53:22 [SETI at home] Found app_info.xml; using anonymous
-platform<br>
-2005-06-08 08:53:22 [SETI at home] Host ID not assigned yet<br>
-2005-06-08 08:53:22 [---] No general preferences found - using BOINC
-defaults<br>
-2005-06-08 08:53:22 [---] Running CPU benchmarks<br>
-2005-06-08 08:54:21 [---] Benchmark results:<br>
-2005-06-08 08:54:21 [---]    Number of CPUs: 1<br>
-2005-06-08 08:54:21 [---]    407 double precision MIPS
-(Whetstone) per CPU<br>
-2005-06-08 08:54:21 [---]    823 integer MIPS
-(Dhrystone) per CPU<br>
-2005-06-08 08:54:21 [---] Finished CPU benchmarks<br>
-2005-06-08 08:54:21 [---] Resuming computation and network activity<br>
-2005-06-08 08:54:21 [---] Insufficient work; requesting more<br>
-2005-06-08 08:54:26 [---] Insufficient work; requesting more<br>
-2005-06-08 08:54:26 [SETI at home] Requesting 8640.00 seconds of work<br>
-2005-06-08 08:54:26 [SETI at home] Sending request to scheduler:
-http://setiboinc.ssl.berkeley.edu/sah_cgi/cgi<br>
-2005-06-08 08:54:36 [SETI at home] Scheduler RPC to
-http://setiboinc.ssl.berkeley.edu/sah_cgi/cgi succeeded<br>
-2005-06-08 08:54:36 [SETI at home] General preferences have been updated<br>
-2005-06-08 08:54:36 [---] General prefs: from SETI at home (last modified
-2005-04-29 22:36:58)<br>
-2005-06-08 08:54:36 [---] General prefs: using your defaults<br>
-2005-06-08 08:54:37 [---] May run out of work in 2.00 days; requesting
-more<br>
-2005-06-08 08:54:37 [SETI at home] Requesting 104104.99 seconds of work<br>
-2005-06-08 08:54:37 [SETI at home] Sending request to scheduler:
-http://setiboinc.ssl.berkeley.edu/sah_cgi/cgi<br>
-2005-06-08 08:54:37 [SETI at home] Started download of
-10ja05aa.4505.3922.473568.100<br>
-2005-06-08 08:54:40 [SETI at home] Finished download of
-10ja05aa.4505.3922.473568.10<br>
-2005-06-08 08:54:40 [SETI at home] Throughput 6378 bytes/sec<br>
-2005-06-08 08:54:41 [SETI at home] Resuming computation for result
-10ja05aa.4505.3922.473568.10 using setiathome version 4.07<br>
-
-<br>
-If you get some SIGSEGV from the boinc_client or setiathome app at <br>
-HPUX 11.11(11i V.1), it could be, that you will need some additional
-patches. <br>
-Look at 6.2.<br>
-<br>
-<br>
-<big><big><br>
-5. Installation finished. </big></big><br>
-<br>
-If you have some problems, try a look in the forum of the setiathome
-website (<br>
-setiweb.berkeley.edu) or Paul Bucks excelent documentations
-(www.boinc-doc.net)<br>
-If you have some problems with the hpux binary, feel free, to contact
-me. <br>
-<br>
-
-<br>
-<br>
-<big><big>6. Additional Configurations </big> </big><br>
-<br>
-<big>6.1 Multi processor systems </big><br>
-<br>
-For muli processor systems, you need to setup the preferences on your
-account <br>
-page. If this is not configured, your multi processor system will only
-use one <br>
-cpu.<br>
-<br>
-At the seti homepage (setiweb.berkeley.edu) login with your account.<br>
-Click to "View or edit general preferences". Then to "Edit preferences"<br>
-Add in the section "On multiprocessors, use at most XX processors" the
-number <br>
-of CPUs your system have, and click to "Update preferences".<br>
-
-<br>
-Now, you need to update your client with the new preferences you made
-on the <br>
-website :<br>
-seti at windu:/opt/boinc # ./boinc_client -update_prefs
-http://setiathome.berkeley.edu<br>
-<br>
-You client will download some new work...<br>
-<br>
-<br>
-<big>6.2 Patches + OS Revisions</big><br>
-<br>
-You can dowload this patches and patchbundles at the HP IT Resource
-Centre (<br>
-itrc) at itrc.hp.com. <br>
-The registration at the itrc is for free and don't depends on any
-support<br>
-agreements.<br>
-<br>
-
-<br>
-<big>6.2.1 HPUX 11.0 </big><br>
-<br>
-Minimum Patches : Quality Pack (QPK) September 2003 and General Relase
-Patches<br>
-                 
-November 1999<br>
-
-<br>
-Recommended Patches : Quality Pack (QPK) and HardwareEnablement (HWE)
-patches <br>
-                     
-from June 2004, Required Patches June 2003<br>
-
-<br>
-<br>
-<big>6.2.2 HPUX 11.11 (11i Version 1)</big><br>
-<br>
-Minimum Patches : Gold Pack (GPK) and HardwareEnablement (HWE) patches
-from <br>
-                 
-Dec.2003. Required Patch Bundle June 2003 <br>
-
-<br>
-Recommended Patches : Gold Pack (GPK) and HardwareEnablement (HWE)
-patches from<br>
-                     
-Dec. 2004, and Required Patch Bunlde Dec.2004<br>
-
-<br>
-If you have some problems, that you get a SIGSEGV with the minimum or
-recommened patches,<br>
-please install this additional patches :<br>
-- PHCO_31903 (libc cumulative patch)<br>
-- PHKL_32806 (Cumulative VM patch)<br>
-- PHKL_32647 (Extending Physical I/O Addressing) <br>
-- PHSS_30970 (ld(1) and linker tools cumulative patch) <br>
-- PHKL_32204 (VM core(4) related changes)<br>
-<br>
-<br>
-<big>6.2.3 HPUX 11.23 (11i Version 2 at PARISC)</big><br>
-<br>
-Minimum Patches : Required Patch Bundle September 2004<br>
-<br>
-<big><br>
-6.2.4 HPUX 11.2x (11i Version 1 and Version 2 at Itanium (IA64))</big><br>
-
-<br>
-Minimum Patches : Required Patch Bundle September 2004<br>
-<br>
-<big><br>
-6.2.5 HPUX 10.20 </big><br>
-<br>
-Not tested, but the binaries should run successfull.<br>
-<br>
-<br>
-<big>6.3 Kernel Parameters</big><br>
-<br>
-The binaries will run with the default HPUX Kernel parameters. But if
-you wan't<br>
-to use more than one Application or have some special things running on
-your<br>
-system, you should have a look at your kernelparameters.<br>
-
-<br>
-Changing some kernelparameters will increase the perfomance of the
-whole system.<br>
-Some kernelparameters which should changed to increase performance :<br>
-maxfiles        1024<br>
-maxuprc         256 <br>
-maxdsiz_64bit   0X40000000<br>
-maxfiles        1024<br>
-maxssiz         0X4000000<br>
-maxssiz_64bit   0X4000000<br>
-maxtsiz         0X4000000<br>
-maxtsiz_64bit   0X40000000<br>
-shmmax          0X4000000<br>
-maxusers        128 or higher for
-Servers (256..512). But a good start for a <br>
-
-                   
-workstation) <br>
-
-<br>
-<br>
-<big>6.4 Startup script </big><br>
-<br>
-In /sbin/init.d is a script for start boinc at boot and stop for
-shutdown. <br>
-It's linked to /sbino/rc3.d/S990boinc. <br>
-It will also redirect stdout and stderr from the boinc client, redirect
-the <br>
-output from the boinc script /opt/boinc/boinc.sh to
-/opt/boinc/boinc.log. The <br>
-script will keep on boinc running in a look, and could mail you, if
-boinc was<br>
-terminated abnormaly.<br>
-This script is configurable by /etc/rc.config.d/boinc. For details how
-to <br>
-configure, please look into /etc/rc.config.d/boinc. <br>
-<br>
-<br>
-<br>
-
-<big><big>7. Additional notes</big></big><br>
-<br>
-This quick install guide is available as "readme" in the swpackage, and
-if you <br>
-have installed it under /opt/boinc/doc/install.<br>
-In /opt/boinc/doc there are some further readmes about the boinc client
-and <br>
-seti app.<br>
-<br>
-<br>
-<br>
-<br>
-<small><small><small>V.1.6, 31.7.05, Lars Bausch</small></small></small><br>
-
-</body>
-</html>
diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
index be32ad2..9349d4c 100644
--- a/doc/manpages/Makefile.am
+++ b/doc/manpages/Makefile.am
@@ -1,6 +1,6 @@
 ## -*- mode: makefile; tab-width: 4 -*-
 
-## $Id: Makefile.am 18938 2009-08-28 18:25:26Z davea $
+## $Id$
 
 include $(top_srcdir)/Makefile.incl
 
diff --git a/doc/mgroptionsgeneral.png b/doc/mgroptionsgeneral.png
deleted file mode 100644
index 219cac6..0000000
Binary files a/doc/mgroptionsgeneral.png and /dev/null differ
diff --git a/doc/mgroptionshttp.png b/doc/mgroptionshttp.png
deleted file mode 100644
index bc070e0..0000000
Binary files a/doc/mgroptionshttp.png and /dev/null differ
diff --git a/doc/mgroptionssocks.png b/doc/mgroptionssocks.png
deleted file mode 100644
index 0b0eed6..0000000
Binary files a/doc/mgroptionssocks.png and /dev/null differ
diff --git a/doc/mgrsystrayballoon.png b/doc/mgrsystrayballoon.png
deleted file mode 100644
index 9136399..0000000
Binary files a/doc/mgrsystrayballoon.png and /dev/null differ
diff --git a/doc/myers.txt b/doc/myers.txt
deleted file mode 100644
index f0a4d2b..0000000
--- a/doc/myers.txt
+++ /dev/null
@@ -1,146 +0,0 @@
-I'm working with my student, Kim Lefkowitz, on learning how to write
-BOINC applications.  We've been doing this both by reading the
-examples that come with the distribution and by trying to write our
-own simple programs.  As a result, we've come up with the simplest
-BOINC program, the "Hello, World!" program of BOINC.  It just opens a
-file and writes to it and the file is uploaded to the server.  
-
-We'd like to share this with anybody who might have to go through the
-whole process of learning to write BOINC apps.   And of course learn
-from any suggestions on making it even simpler or the comments clearer.
-
-A copy of the program is attached below (it's short, of course) but
-I've also packed it up with example workunit and result files, a
-Makefile for Unix and a .dsw for Windows.  These are all in the
-hello-boinc tarball at http://noether.vassar.edu/pub/myers/src/
-
-But you don't need the tarball, you can just put the code below in the
-file hello.C in the apps directory, and then edit the Makefile to
-change "1sec" to "hello" everywhere and it will build.
-
-[Suggestion: the 1sec app does not work.  We were initially distracted
-into trying to get it to run until we figured out that it does not use
-the API.  So how about replacing apps/1sec with this?  I see 1sec is
-mainly used for the test suite, so if it is to be kept then maybe move
-it to the test/ directory.]
-
-     -Eric Myers
-
-
-				 -*-*-
-
-/***********************************************************
- *  Hello, BOINC World!
- *  
- * This is the Hello World program for BOINC.  It is the simplest application
- * that one can write which uses the BOINC API and writes some output to a
- * file (called "out").   See the sample workunit and result templates to 
- * see how this file is mapped to a real file and how  it is uploaded.
- *
- * Eric Myers <myers at vassar.edu>  - 16 June 2004 (Unix) and 6 July 2004 (Win)
- * Department of Physics and Astronomy, Vassar College, Poughkeepsie, New York
- * @(#) Version: 3.12
- */
-
-
-//  Stuff we only need on Windows: 
-#ifdef _WIN32
-  #include "boinc_win.h"
-#endif
-
-#include "boinc_api.h"		// 
-#include "filesys.h"		// boinc_fopen(), etc...
-#include "util.h"               // parse_command_line(), boinc_sleep()
-
-
-
-int main(int argc, char **argv) {
-    int rc;
-    char resolved_name[512];
-    FILE* f;
-
-
-    // All BOINC applications must initialize the BOINC interface:
-
-    rc = boinc_init();
-    if (rc){
-      fprintf(stderr, "APP: boinc_init() failed.\n");
-      exit(rc);
-    }
-        
-
-    // input and output files need to be "resolved" from their logical name
-    // for the app to the actual path on the client disk
-
-    rc = boinc_resolve_filename("out", resolved_name, sizeof(resolved_name));
-    if (rc){
-      fprintf(stderr, "APP: cannot resolve output file name.\n");
-      exit(boinc_finish(rc));
-    }
-
-
-    // Then open the file with boinc_fopen() not just fopen()
-
-    f = boinc_fopen(resolved_name, "w");
-        
-
-    // Write some output to the file 
-
-    fprintf(f, "Hello, BOINC World!\n");
-
-
-    // Now run up a little credit..
-
-    { int j, num;
-      fprintf(f, "Stress test begins...\n");
-	  for (j=0;j<123456789;j++){ num=rand(); }
-      fprintf(f, "Stress test ends...\n");
-    }
-
-    fclose(f);
-
-    // All BOINC applications must exit via boinc_finish(rc), not merely exit
-
-    boinc_finish(0);       /* should not return */
-    return 47;
-}
-
-
-
-
-/* Dummy graphics API entry points */
-
-void app_graphics_init() {}
-void app_graphics_resize(int width, int height){}
-void app_graphics_render(int xs, int ys, double time_of_day) {}
-void app_graphics_reread_prefs() {}
-void boinc_app_mouse_move(int x, int y, bool left, bool middle, bool right ){}
-void boinc_app_mouse_button(int x, int y, int which, bool is_down){}
-void boinc_app_key_press(int, int){}
-void boinc_app_key_release(int, int){}
-
-
-
-/* Windows entry point WinMain() */
-
-#ifdef _WIN32 
-
-/*******************************************************
- * Windows:  Unix applications begin with main() while Windows applications
- * begin with WinMain, so this just makes WinMain() process the command line
- * and then invoke main()
- */
-
-int WINAPI WinMain(HINSTANCE hInst, HINSTANCE hPrevInst,
-                   LPSTR Args, int WinMode)
-{
-    LPSTR command_line;
-    char* argv[100];
-    int argc;
-    
-    command_line = GetCommandLine();
-    argc = parse_command_line( command_line, argv );
-    return main(argc, argv);
-}
-
-#endif
diff --git a/doc/pc.jpg b/doc/pc.jpg
deleted file mode 100644
index 2ee3b93..0000000
Binary files a/doc/pc.jpg and /dev/null differ
diff --git a/doc/project.fig b/doc/project.fig
deleted file mode 100644
index b0ed72d..0000000
--- a/doc/project.fig
+++ /dev/null
@@ -1,175 +0,0 @@
-#FIG 3.2
-Landscape
-Center
-Inches
-Letter  
-100.00
-Single
--2
-1200 2
-0 32 #c7b696
-0 33 #effbff
-0 34 #dfcba6
-0 35 #414141
-0 36 #868286
-0 37 #c7c3c7
-0 38 #e7e3e7
-0 39 #8e8e8e
-0 40 #aeaaae
-0 41 #515551
-0 42 #414141
-0 43 #868286
-0 44 #c7c3c7
-0 45 #868286
-0 46 #c7c3c7
-0 47 #e7e3e7
-0 48 #8e8e8e
-0 49 #8e8e8e
-0 50 #414141
-0 51 #868286
-0 52 #c7c3c7
-0 53 #e7e3e7
-0 54 #414141
-0 55 #868286
-0 56 #c7c3c7
-0 57 #e7e3e7
-0 58 #868286
-0 59 #c7c3c7
-0 60 #e7e3e7
-0 61 #c7b696
-0 62 #effbff
-0 63 #dfcba6
-0 64 #c7b696
-0 65 #effbff
-0 66 #dfcba6
-0 67 #aeaaae
-0 68 #515551
-0 69 #8e8e8e
-0 70 #414141
-0 71 #868286
-0 72 #c7c3c7
-0 73 #e7e3e7
-0 74 #414141
-0 75 #868286
-0 76 #c7c3c7
-0 77 #e7e3e7
-0 78 #868286
-0 79 #c7c3c7
-0 80 #e7e3e7
-0 81 #414141
-0 82 #868286
-0 83 #c7c3c7
-0 84 #414141
-0 85 #c7c3c7
-0 86 #e7e3e7
-0 87 #414141
-0 88 #868286
-0 89 #c7c3c7
-0 90 #8e8e8e
-0 91 #414141
-0 92 #868286
-0 93 #c7c3c7
-0 94 #e7e3e7
-0 95 #414141
-0 96 #868286
-0 97 #c7c3c7
-0 98 #e7e3e7
-0 99 #bebebe
-0 100 #515151
-0 101 #000049
-0 102 #797979
-0 103 #303430
-0 104 #414541
-0 105 #414141
-0 106 #868286
-0 107 #c7c3c7
-0 108 #e7e3e7
-6 2100 4050 2775 4800
-2 1 0 1 0 3 50 0 20 0.000 0 0 -1 1 0 2
-	0 0 1.00 60.00 120.00
-	 2400 4575 2400 4050
-4 0 0 50 0 16 14 0.0000 4 120 630 2100 4800 server\001
--6
-6 2100 5250 2625 6075
-2 1 0 1 0 3 50 0 20 0.000 0 0 -1 1 0 2
-	0 0 1.00 60.00 120.00
-	 2400 5550 2400 6075
-4 0 0 50 0 16 14 0.0000 4 165 510 2100 5475 client\001
--6
-6 3225 4050 4650 4725
-2 2 0 1 0 11 50 0 20 0.000 0 0 -1 0 0 5
-	 3225 4050 4650 4050 4650 4725 3225 4725 3225 4050
-4 0 0 50 0 18 14 0.0000 4 210 1155 3375 4350 scheduling\001
-4 0 0 50 0 18 14 0.0000 4 120 660 3600 4575 server\001
--6
-6 6975 3975 8100 4725
-2 2 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 5
-	 6975 3975 8100 3975 8100 4725 6975 4725 6975 3975
-4 0 0 50 0 18 14 0.0000 4 120 780 7125 4575 servers\001
-4 0 0 50 0 18 14 0.0000 4 165 450 7275 4275 data\001
--6
-6 8475 4050 9900 4725
-2 2 0 1 0 11 50 0 20 0.000 0 0 -1 0 0 5
-	 8475 4050 9900 4050 9900 4725 8475 4725 8475 4050
-4 0 0 50 0 18 14 0.0000 4 165 465 9000 4350 Web\001
-4 0 0 50 0 18 14 0.0000 4 165 1020 8700 4575 interfaces\001
--6
-6 5175 2175 6150 3450
-5 1 0 1 -1 -1 0 0 -1 0.000 0 1 0 0 5625.000 2625.000 5175 3225 5625 3375 6075 3225
-1 2 0 1 -1 11 0 0 20 0.000 1 0.0000 5646 2394 450 150 5196 2394 6096 2394
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 5175 2400 5175 3225
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 0 0 2
-	 6075 2475 6075 3225
-4 1 -1 0 0 18 12 0.0000 6 135 600 5625 2850 BOINC\001
-4 1 -1 0 0 18 12 0.0000 6 135 270 5625 3075 DB\001
--6
-2 2 0 1 0 30 50 0 20 0.000 0 0 -1 0 0 5
-	 9825 750 10350 750 10350 1200 9825 1200 9825 750
-2 2 0 1 0 11 50 0 20 0.000 0 0 -1 0 0 5
-	 9825 1350 10350 1350 10350 1800 9825 1800 9825 1350
-2 1 0 1 0 3 50 0 20 0.000 0 0 -1 1 1 2
-	0 0 1.00 60.00 120.00
-	0 0 1.00 60.00 120.00
-	 5550 6675 5550 7200
-2 1 1 1 0 3 50 0 20 4.000 0 0 -1 0 0 2
-	 2700 5025 9600 5025
-2 2 0 1 0 11 50 0 20 0.000 0 0 -1 0 0 5
-	 4214 6300 6975 6300 6975 6675 4214 6675 4214 6300
-2 2 0 1 0 30 50 0 20 0.000 0 0 -1 0 0 5
-	 4214 5550 6975 5550 6975 6300 4214 6300 4214 5550
-2 2 0 1 0 11 50 0 20 0.000 0 0 -1 0 0 5
-	 3600 7200 8850 7200 8850 8100 3600 8100 3600 7200
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 1 0 2
-	0 0 1.00 60.00 120.00
-	 7575 7200 7575 4725
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 1 0 2
-	0 0 1.00 60.00 120.00
-	 9900 6225 9225 4725
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 1 0 2
-	0 0 1.00 60.00 120.00
-	 3900 7200 3900 4725
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 1 0 2
-	0 0 1.00 60.00 120.00
-	 4200 4050 5325 3300
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 1 0 2
-	0 0 1.00 60.00 120.00
-	 8850 4050 6075 3225
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 1 0 2
-	0 0 1.00 60.00 120.00
-	 5625 1650 5625 2250
-2 2 0 1 0 11 50 0 20 0.000 0 0 -1 0 0 5
-	 4350 1200 7650 1200 7650 1650 4350 1650 4350 1200
-2 2 0 1 0 30 50 0 20 0.000 0 0 -1 0 0 5
-	 4350 750 7650 750 7650 1200 4350 1200 4350 750
-2 1 0 1 0 7 50 0 -1 0.000 0 0 -1 1 0 2
-	0 0 1.00 60.00 120.00
-	 6825 1650 7500 4050
-4 0 0 50 0 16 14 0.0000 4 210 2775 10500 1200 project-specific components\001
-4 0 0 50 0 16 14 0.0000 4 210 1920 10500 1800 BOINC components\001
-4 0 0 50 0 18 14 0.0000 4 210 1785 4751 6000 application client\001
-4 0 0 50 0 18 14 0.0000 4 165 990 4981 6600 client API\001
-4 0 0 50 0 18 14 0.0000 4 165 1095 5550 7725 core client\001
-4 0 0 50 0 18 14 0.0000 4 210 1245 9450 6525 participants\001
-4 0 0 50 0 18 14 0.0000 4 210 2355 2325 3675 BOINC server complex\001
-4 0 0 50 0 18 14 0.0000 4 210 1740 2400 900 project back end\001
diff --git a/doc/result.fig b/doc/result.fig
deleted file mode 100644
index f1352d4..0000000
--- a/doc/result.fig
+++ /dev/null
@@ -1,37 +0,0 @@
-#FIG 2.1
-80 2
-6 244 79 534 364
-6 279 149 344 179
-2 2 0 1 -1 0 0 0 0.000 0 0 0
-	 344 179 344 149 279 149 279 179 344 179 9999 9999
-4 0 0 12 0 -1 0 0.00000 4 16 48 289 169 UNSENT
--6
-6 264 234 359 264
-2 2 0 1 -1 0 0 0 0.000 0 0 0
-	 359 264 359 234 264 234 264 264 359 264 9999 9999
-4 0 0 12 0 -1 0 0.00000 4 16 81 274 254 IN_PROGRESS
--6
-6 284 334 334 364
-2 2 0 1 -1 0 0 0 0.000 0 0 0
-	 334 364 334 334 284 334 284 364 334 364 9999 9999
-4 0 0 12 0 -1 0 0.00000 4 16 33 289 354 OVER
--6
-2 1 0 1 -1 0 0 0 0.000 -1 1 0
-	0 0 1.000 4.000 8.000
-	 309 79 309 149 9999 9999
-2 1 0 1 -1 0 0 0 0.000 -1 1 0
-	0 0 1.000 4.000 8.000
-	 309 179 309 234 9999 9999
-2 1 0 1 -1 0 0 0 0.000 -1 1 0
-	0 0 1.000 4.000 8.000
-	 309 264 309 334 9999 9999
-2 1 0 1 -1 0 0 0 0.000 -1 1 0
-	0 0 1.000 4.000 8.000
-	 279 164 244 164 244 349 284 349 9999 9999
-4 0 0 12 0 -1 0 0.00000 4 16 26 324 109 initial
-4 0 0 12 0 -1 0 0.00000 4 16 143 329 309 scheduler gets reply from host
-4 0 0 12 0 -1 0 0.00000 4 16 203 329 328 or now > report_deadline in timeout_check
-4 0 0 12 0 -1 0 0.00000 4 16 124 319 204 scheduler sends this result
--6
-4 0 0 12 0 -1 0 0.00000 4 16 152 84 269 or timeout_check: WU has error
-4 0 0 12 0 -1 0 0.00000 4 16 193 44 249 validate: got canonical result for this WU
diff --git a/doc/server.jpg b/doc/server.jpg
deleted file mode 100644
index 87ae9c2..0000000
Binary files a/doc/server.jpg and /dev/null differ
diff --git a/doc/setiathome.jpg b/doc/setiathome.jpg
deleted file mode 100644
index 75a032b..0000000
Binary files a/doc/setiathome.jpg and /dev/null differ
diff --git a/doc/ssl_client_release_instructions.txt b/doc/ssl_client_release_instructions.txt
deleted file mode 100644
index 0620587..0000000
--- a/doc/ssl_client_release_instructions.txt
+++ /dev/null
@@ -1,182 +0,0 @@
-Generating and releasing core client installers
-
-
-
-<verno> represents the new version number.
-At the time of this update, the latest version was 2.17,
-so the new version number would be 2.18.
-Substitute 2.18 everywhere you see <verno>
-
-Required:
-  Unix/Linux/Mac:
-    These machines should have everything you need by default, but make
-    sure you have the following:
-       gmake
-       gcc 3.3 - especially on the Mac
-       autoconf (v2.54 or greater)
-       screen - this is useful for managing the builds and tests on
-                all *nix platforms
-  Windows:
-    Visual C++ 7.0
-    InstallShield 5.5 Pro
-    InstallShield Package for the Web v2
-
-    boinc\win_build\installer\Media folder
-
-Administrivia:
-    do this on a unix machine:
-    (note: the make in your default path must be gmake
-    IN BOTH YOUR NORMAL SHELL AND SH
-    or else set-version will fail towards the end)
-
-    Check out a new copy of the BOINC source tree
-    Make an entry in checkin_notes w/ platforms, version#
-
-    Set the version number:
-        see clien/win/win_config.h to find last version#
-        (or look on web site)
-
-        % ./set-version <verno>
-        (this revises client/win/win_config.h, makefile.in's)
-        % cvs commit -m 'version <verno>'
-
-    Make a source tarball and zip:
-        % make dist
-            (if you have problems here, such as the make choking on
-            emacs save files, try "make -i dist")
-        % cp boinc-<verno>.tar.gz boinc-<verno>.zip ~davea/boinc/doc/source/
-
-Build
- Windows:
-    NOTE: currently we are distributing the debug version of the core client.
-    This is reflected in:
-        - where you copy dbghelp.dll to
-        - the "File Groups" tab of Installshield (link type)
-
-    Use the HP Kayak windows box (bart) in 329 or the Dell (skinner) in 325.
-
-    set up:
-        check out new source tree
-        copy Media.zip into win_build/installer; unzip
-        make sure "Media" is at top level of installer
-        Right-click on top BOINC folder;
-        CVS/preferences/policy; clear "prune empty folders" checkbox
-        copy "client/win/dbghelp.dll" to "win_build/Build/Debug"
-
-    Open 'BOINC'
-
-    Right click in the folder; select 'cvs update'
-    resolve any M(erge) problems
-
-    Open 'win_build'
-
-    Open 'BOINC.sln'  (or .dsw if VC6.0)
-
-    in the visual c++ menu, pick
-        Build->Clean solution
-        Build->build solution
-          the exe will be in win_build\Build\Debug
-
-    Open 'win_build/installer'
-
-    open 'BOINC.ipr' (installshield project)
-
-    in the installshield menu, pick
-        Build->Media->Build Default Media
-        [bonus: automate this process]
-    exit installshield
-    
-    open 'BOINC.pfw' (package for the web project)
-       build everything, changing only the version numbers
-       [note: there are nine screens to go through. the version
-              numbers are on screen #1 and screen #9. Do not
-              change anything else]
-       [bonus: automate this process]
-
-        The new windows installer (BOINC_<verno>_intelx86_windows.exe)
-        will be left in this folder when you exit Package for the Web
-
-    Do a CVS commit of win_build/installer/BOINC.pfw (to get version#, year)
-        (possibly)
-
-    SFTP to boincadm at koloth:
-
-    copy BOINC_<verno>_intelx86_windows.exe to the projects/AstroPulse_Beta/apps/boinc directory
-
-
- Linux/Solaris:
-    use these hosts:
-       Linux: milhouse
-       solaris2.7: milkyway
-
-    note 1: The solaris 2.7 build should be statically linked, and should support
-            solaris 2.7-2.9
-
-    do a clean check out; compile; copy to koloth:
-        % cd ~
-        % mkdir proj
-        % cd proj
-        % mkdir <platform name>
-        % cd <platform name>
-        % cvs co boinc
-        % cd boinc
-        % ./configure && make
-            (tee to a file if you want to look at logs later)
-        % scp client/boinc_<verno>_<platform>.gz boincadm at koloth:projects/AstroPulse_Beta/apps/boinc/
-
-    [bonus: automate this process]
-
- Mac OS X:
-    use the G3 OS X 10.2 mac in 329 (setisf2):
-
-    note:  The mac os x build is identical to the unix/linux builds, except that
-           the configure step requires the --build argument to set a generic
-           host type (see below). The mac os x client will run on either os x
-           10.2 or 10.3 [10.1 or earlier is not supported])
-
-    do a clean check out; compile; copy to koloth:
-        % cd ~
-        % mkdir proj
-        % cd proj
-        % cvs co boinc
-        % cd boinc
-        % ./configure --build=powerpc-apple-darwin
-        % make
-        % cd client
-        % rename  boinc_<verno>_<plat>.gz to b_<verno>_<plat>.gz
-            (to work around Mac IE 31-char filename bug)
-        % scp b_<verno>_*.gz boincadm at koloth:projects/AstroPulse_Beta/apps/boinc/
-
-    Note1: This same technique applies to building the setiathome application.
-    Note2: The .gz filename is longer than the maximum filename length imposed
-           by some macintosh browsers, such as IE and Safari (this limit was
-           left over from OS 9, and doesn't exist in OS X. Why the OS X browsers
-           continue to enforce it is a mystery). For the next release and going
-           forward, we should change the os x .gz file name to something shorter,
-           such as boinc_<verno>_OSX.gz (but leave the platform name the same
-           as before: powerpc-apple-darwin). This will solve a lot of download
-           problems for mac users.
-
-    [bonus: automate this process]
-
-Test
- Test the installer(s) and start the new version on each test machine:
-   Solaris 2.7 - milkyway
-   Solaris 2.8 - kodos
-   Solaris 2.9 - setisf1
-   Linux - shaggy
-   Mac OS X 10.2 - setisf2
-   Mac OS X 10.3 - seti2
-   WinXP - bart (329) or skinner (325)
-   Win2K - kent (Aaron's desk)
-   Win98 - marge [aka drake] (Matt's desk)
-
-If all is well...
-
-Update the server:
-    ssh boincadm at koloth
-    cd projects/Astropulse_Beta/bin
-    ./update_versions
-    ./stop
-    ./start
-
diff --git a/doc/stripchart.txt b/doc/stripchart.txt
deleted file mode 100644
index 75f5eb9..0000000
--- a/doc/stripchart.txt
+++ /dev/null
@@ -1,333 +0,0 @@
-Stripchart version 2.0
-----------------------
-Author: Matt Lebofsky
-        BOINC/SETI at home - University of California, Berkeley
-        mattl at ssl.berkeley.edu
-        
-Date of recent version: November 4, 2002
-
-Requirements:
-  * a gnuplot with the ability to generate gifs
-  * perl 
-  * apache or other cgi-enabled web browser
-
-Send all thoughts and queries to: mattl at ssl.berkeley.edu
-
-This software is free to edit, distribute and use by anybody, as long as
-I get credit for it in some form or another. Thanks.
-----------------------
-
-Contents:
-
-I. Some questions and answers
-II. So how does it work?
-III. Known bugs, things to do, etc.
-
-----------------------
-I. Some questions and answers
-
-Q: What is stripchart?
-
-A: Well, it's actually two relatively small perl programs:
-
-   1. stripchart
-   
-      stripchart reads in time-based user data and, depending on a flurry of
-      command line options, generates a web-friendly .gif plotting the data.
-      The user can supply the time range, the y axis range, even the color
-      scheme, and more.
-
-   2. stripchart.cgi
-
-      stripchart.cgi is a web-based GUI interface that allows users to easily
-      select multiple data sources and various parameters to plot, allowing
-      fast comparisons without having to deal with a command line interface.
-
-Q: Why do you bother writing this program?
-
-A: Working as a systems administrator (amongst other things) for SETI at home,
-   we kept finding ourselves in dire problem-solving situations, i.e. Why
-   did the database stop working? Why is load on our web server so high? 
-      
-   So we started collecting data in flat files, keeping track of server
-   loads, database checkpoint times, even CPU temperatures. When these files
-   grew too large and unwieldy, I found myself writing (and rewriting) simple
-   scripts to generate plots on this data. Sick of constant revision whenever
-   a new problem arose, I wrote stripchart version 1.0.
-
-   Its usefulness became immediately apparent when I added on stripchart.cgi.
-   I couldn't bear to teach everybody the many command line options to 
-   stripchart, so I wrote this CGI to do all the dirty work. Suddenly we were
-   able to line up several plots, look for causes and effects, or just enjoy
-   watching the counts in our database tables grow to impossibly high numbers.
-
-   The SETI at home network has proven to be a delicate system, and keeping track
-   of all the data server, user, and web statistics has proven to be quite a
-   life saver. So when BOINC came around we felt that any project aiming to
-   embark on a similar project may need this tool. So I rewrote stripchart to
-   be a bit more friendly and general. 
-
-Q: Why don't you make .pngs or .jpgs instead of .gifs? The latest gnuplot
-   doesn't support .gifs.
-
-A: Basically gnuplot support for other graphic file formats isn't as good. For
-   example, you cannot control exact window size, font size, and colors unless
-   you make .gifs. I'm not exactly sure why this is the case, but there you have it.
-   Anywho, you can find older gnuplot distributions out there - you'll need to
-   get the gd libs first, by the way.
-
-----------------------
-II. So how does it work?
-
-You can use stripchart as a stand alone command-line program to produce plots
-whenever you like, but we highly recommend using it in conjunction with the
-stripchart.cgi for ease of use. But here's how to do it both ways.
-
-stripchart (stand alone)
-
-Before anything, look at the section GLOBAL/DEFAULT VARS in the program
-stripchart and see if you need to edit anything (usually pathnames to
-executables and such).
-
-Let's just start with the usage (obtained by typing "stripchart -h"):
-
-stripchart: creates stripchart .gif graphic based on data in flat files
-options:
-  -i: input FILE      - name of input data file (mandatory)
-  -o: output FILE     - name of output .gif file (default: STDOUT)
-  -O: output FILE     - name of output .gif file and dump to STDOUT as well
-  -f: from TIME       - stripchart with data starting at TIME 
-                        (default: 24 hours ago)
-  -t: to TIME         - stripchart with data ending at TIME (default: now)
-  -r: range RANGE     - stripchart data centered around "from" time the size
-                        of RANGE (overrides -t)
-  -l: last LINES      - stripchart last number of LINES in data file
-                        (overrides -f and -t and -r)
-  -T: title TITLE     - title to put on graphic (default: FILE RANGE)
-  -x: column X        - time or "x" column (default: 2)
-  -y: column Y        - value or "y" column (default: 3)
-  -Y: column Y'       - overplot second "y" column (default: none)
-  -b: baseline VALUE  - overplot baseline of arbitrary value VALUE
-  -B: baseline-avg    - overrides -b, it plots baseline of computed average
-  -d: dump low VALUE  - ignore data less than VALUE
-  -D: dump high VALUE - ignore data higher than VALUE
-  -v: verbose         - puts verbose runtime output to STDERR
-  -L: log             - makes y axis log scale
-  -c: colors "COLORS" - set gnuplot colors for graph/axis/fonts/data (default:
-                        "xffffff x000000 xc0c0c0 x00a000 x0000a0 x2020c0"
-                        in order: bground, axis/fonts, grids, pointcolor1,2,3)
-  -C: cgi             - output CGI header to STDOUT if being called as CGI
-  -s: stats           - turn extra plot stats on (current, avg, min, max)
-  -j: julian times    - time columns is in local julian date (legacy stuff)
-
-notes:
-  * TIME either unix date, julian date, or civil date in the form:
-      YYYY:MM:DD:HH:MM (year, month, day, hour, minute)
-    If you enter something with colons, it assumes it is civil date
-    If you have a decimal point, it assumes it is julian date
-    If it is an integer, it assumes it is unix date (epoch seconds)
-    If it is a negative number, it is in decimal days from current time
-      (i.e. -2.5 = two and a half days ago)
-    * All times on command line are assumed to be "local" times
-    * All times in the data file must be in unix date (epoch seconds)
-  * RANGE is given in decimal days (i.e. 1.25 = 1 day, 6 hours)
-  * if LINES == 0, (i.e. -l 0) then the whole data file is read in
-  * columns (given with -x, -y, -Y flags) start at 1
-  * titles given with -T can contain the following key words which will
-    be converted:
-      FILE - basename of input file
-      RANGE - pretty civil date range (in local time zone)
-    the default title is: FILE RANGE
-
-...okay that's a lot to ingest, but it's really simple. Let's take a look at an
-example (you'll find in the samples directory two files get_load and crontab).
-
-You have a machine that you want to monitor it's load. Here's a script that
-will output a single line containing two fields for time and the third with the
-actual data. For example:
-
-2002:11:05:12:51 1036529480 0.25
-
-The first field is time in an arbitrary human readable format
-(year:month:day:hour:minute), the second in epoch seconds (standard
-unix time format - the number of seconds since 00:00 1/1/1970 GMT),
-and the third is the load at this time.
-
-And we'll start collecting data every five minutes on this particular machine
-by add such a line to the crontab:
-
-0,5,10,15,20,25,30,35,40,45,50,55 * * * * /usr/local/stripchart/samples/get_load >> /disks/matt/data/machine_load
-
-So the file "machine_load" will quickly fill with lines such as the above.
-Now you may ask yourself - why two columns representing time in two different
-formats? Well sometime you just want to look at the data file itself, in which
-case the human-readable first column is quite handy to have around, but when
-making linear time plots, having time in epoch seconds is much faster to
-manipulate. So generally, we like to have at least the two time fields first,
-and the actual data in the third column. That's what stripchart expects by
-default.
-
-Note: stripchart will understand time in both epoch seconds and julian date.
-If the second time field is in julian date, you should supply the command line
-flag "-j" to warn stripchart so it knows how to handle it. 
-
-Okay. So you have this data file now. A very common thing to plot would be the
-data over the past 24 hours. Turns out that's the default! If you type on the
-command line:
-
-stripchart -i machine_load -o machine_load.gif
-
-you will quickly get a new file "machine_load.gif" with all the goods.
-
-Note: you always have to supply an input file via -i. If you don't supply
-an output file via "-o" it .gif gets dumped to stdout. If you supply an
-output file via "-O" the output is stored in both the file and to stdout.
-
-Now let's play with the time ranges. You can supply times in a variety of
-formats on the command line:
-
-   "civil date" i.e. 2002:11:05:12:51 (YYYY:MM:DD:hh:mm)
-   "epoch seconds" i.e. 1036529480
-   "julian date" i.e. 2452583.52345
-
-You can supply a date range using the -f and -t flags (from and to):
-
-stripchart -i machine_load -f 2002:11:01:00:00 -t 2002:11:04:00:00
-
-Usually the "to" time is right now, so you can quickly tell stripchart
-to plot starting at some arbitrary time "ago." This is done also via the
-"-f" flag - if it's negative it will assume you mean that many decimal
-days from now as a starting point. So "-f -3.5" will plot from 3 and a
-half days ago until now.
-
-You can also supply a "range" centered around the from time. For example,
-to plot the 24 hours centered around 2002:11:01:13:40:
-
-stripchart -i machine_load -f 2002:11:01:13:40 -r 1
-
-On some rare occasions you might want to plot the last number of lines
-in a file, regardless of what time they were. If you supply the number
-of lines via the "-l" flag, it overrides any time ranges you may have
-supplied.
-
-Moving on to some other useful flags in no particular order:
-
-To change the default title (which is the basename of the file and
-the time range being plotted), you can do so via the "-T" command.
-Make sure to put the title in quotes. Within the title string the
-all-uppercase string "FILE" will be replaced with the file basename,
-and the string "RANGE" will be replaced by the time range. So in
-essence, the default title string is "FILE RANGE".
-
-If you have data files in different formats, you can specify the data
-columns using the "-x" and "-y" flags. By default -x is 2 and -y is 3.
-Sometimes we have datafiles with many columns so we actively have to tell
-stripchart which is the correct data column.
-
-However, you might want to overplot one column on top of another. If your
-data file has a second data column, you can specify what that is via the
--Y flag, and this data will be overplotted onto the data from the first
-data column.
-
-Sometime you want to plot a horizontal rule or a "baseline". You can
-turn this feature on by specifying the value with the "-b" flag. If you
-use the "-B" flag (without any values) it automatically computes the
-average over the time range and plots that as the baseline. Simple!
-
-If you want to excise certain y values, you can do so with the dump
-flags, i.e. "-d" and "-D". In particular, any values lower than the one
-supplied with "-d" will be dumped, and any values higher supplied by
-"-D" will be dumped. 
-
-To log the y axis, use the "-L" flag. Quite straightforward.
-
-A very useful flag is "-s" which outputs a line of stats underneath
-the plot title. It shows the current value, and the minimum, maximum
-and average values during the plot range.
-
-For verbose output to stderr, use the "-v" flag. It may not make much
-sense, but it's useful for debugging.
-
-Using the "-C" flag causes stripchart to spit out the "Content-type"
-lines necessary for incorporating stripchart plots into CGIs. This
-doesn't work so well now, but there it is.
-
-Okay. That's enough about the flags, and hopefully enough to get you
-playing around with stripchart and plotting some stuff. Now onto:
-
-stripchart.cgi
-
-First and foremost, you need to do the following before running the
-CGI version of stripchart:
-
-1. Put stripchart.cgi in a cgi-enabled web-accessible directory
-2. Make a "lib" directory somewhere that the web server can read/write to
-3. Edit stripchart.cgi GLOBAL/DEFAULT VARS to point to proper paths, including
-   the files "querylist" and "datafiles" in the aforementioned "lib" directory.
-4. Edit the "lib/datafiles" file to contain entries for all your data files.
-   You can find an example datafiles in the samples directory. Follow the
-   instructions in the comment lines, adding your entries below the header.
-
-That should be it, I think. Now go to the URL wherever your stripchart.cgi
-is sitting. If all is well..
-
-You will be immediately presented with a web form. Ignore the "select query"
-pulldown menu for now. Underneath that you will see a line:
-
-Number of stripcharts: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 
-
-By default stripchart.cgi presents you with the ability to plot 4 simultaneous
-stripcharts, but you can select any number 1-20 by clicking on those numbers.
-The less plots, the faster a web page gets generated.
-
-For each plot, you get a pull down menu which should contain all the entries
-you already put in "datafiles". Here you are selecting your data source.
-
-Then you can select the time of time range: last x hours, last x days, or
-an arbitrary date range. By default the last x hours radio button is selected -
-to pick another type of time range make sure you select the radio button
-before it. Then enter the range via the pull down menus.
-
-Then you get a simple list of checkbox/input options. You can check to log
-the y axis, baseline the average, baseline an arbitrary value (which you
-enter in the window, enter a y minimum, or enter a maximum. 
-
-When everything is selected, click on the "click here" button to plot.
-Depending on the speed of your machine, you should soon be presented with
-all the plots your desired, and the form underneath the plots which can
-edit to your heart's content. If you want to reset the form values, click
-on the "reset form" link.
-
-Note the "save images in /tmp" checkbox. If that is checked and you plot
-the stripcharts, numbered .gif files will be placed in /tmp on the web
-server machine so you can copy them elsewhere (files will be named:
-stripchart_plot_1.gif, etc.).
-
-On the topmost "click here" button you will note an "enter name to save
-query" balloon. If you enter a name here (any old string) this exact query
-will be saved into the "querylist" file which will then later appear in the
-pulldown menu at the top. That way if you have a favorite set of diagnostic
-plots which you check every morning, you don't have to enter the entire form
-every time.
-
-If you want to delete a query, enter the name in that same field but click
-the "delete" checkbox next to it. Next time you "click here" the query will
-be deleted.
-
-----------------------
-III. Known bugs, things to do, etc.
-
-* stripchart -C flag is kind of pointless and doesn't work in practice.
-* plots on data collected over small time ranges (points every few seconds, for
-  example) hasn't been tested.
-* plots that don't work via stripchart.cgi either show ugly broken image icons
-  or nothing at all - either way it's ungraceful.
-* pulldown menus and various plots sometimes need to be refreshed via a hard
-  refresh (i.e. shift-refresh). 
-* this readme kinda stinks.
-* and many many other issues I'm failing to detail now!
-
-If you have any problems using the product, feel free to e-mail me at:
-
-	mattl at ssl.berkeley.edu
-
diff --git a/doc/stripchart_data.php b/doc/stripchart_data.php
deleted file mode 100644
index 711b0d3..0000000
--- a/doc/stripchart_data.php
+++ /dev/null
@@ -1,18 +0,0 @@
-<?php
-require_once("docutil.php");
-page_head("Stripchart data");
-echo "
-
-<ul>
-<li> CPU load
-<li> number of users
-<li> number of results
-<li> number of results sent
-<li> number of results returned
-<li> disk usage
-<li> connections/second
-<li> network bandwidth
-</ul>
-";
-page_tail();
-?>
diff --git a/doc/taufer.txt b/doc/taufer.txt
deleted file mode 100644
index 63438e9..0000000
--- a/doc/taufer.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-To start, unzip the file. You will find:
-
-app/sfe1    # containing the simple (silly) FORTRAN example sfi1
-       # cboincfinish.cpp, cboincinit.cpp and
-       # cboincresolvefilename.cpp are the wrappers
-       # sfe1.f90 and strlng.f90 are part of the example code. sfe1 call the
-       # wrappers listed above
-include       # containing *.h and the new file C_boinc.h
-lib           # containing the final BOINC libraries CBOINC.lib and
-              # CBOINC_D.lib (debug version)
-src           # containing the original BOINC source needed and C_boinc.cpp
-              # (my C API)
-win_BOINC/CBOINC/CBOINC.dsw   # project workspace with library source
-                              # and example source (START FROM HERE!!!)
-testSFE1      # test directory for testing the example (nothing important!)
-
-To compile, I used VS 6 and Intel Visual Fortran 7.1.
diff --git a/doc/ui.txt b/doc/ui.txt
deleted file mode 100644
index 3c154f3..0000000
--- a/doc/ui.txt
+++ /dev/null
@@ -1,316 +0,0 @@
-User setup experience
----------------------
-
-This document describes the user experience in
-the new BOINC setup procedure
-(i.e., setting up BOINC for the first time on a computer,
-or attaching to a project from a running client).
-
-The design has the following advantages
-relative to the old setup procedure:
-
-1) Simplicity.
-The user interaction is simpler in all cases.
-The user doesn't have to
-deal with the authenticator in the average case,
-there's no reliance on email,
-and no need to pre-create an account on a web site.
-
-2) Resolution of common problems up front.
-In particular, is a host uses a proxy,
-the setup process figures this out and
-tells the user what to do,
-rather than erroring out and requiring the
-user to figure out what's going on.
-
-This document does NOT describe the implementation.
-(that's in ui_impl.txt).
-I've used function notation here only because there is some overlap
-between the various cases.
-
-
-A) Project-specific installer case
---------------------------------
-
-- Get installer for project (PROJ_URL)
-	either by downloading from site or on project-specific CD-ROM
-
-- Run installer
-
-- Manager starts up, opens window
-
-- If there is not already an account for PROJ_URL
-	call attach_to_project(PROJECT_URL, false)
-
---------------------
-
-B) Generic installer case
-
-1) user gets generic installer from boinc.berkeley.edu
-	or on CD-ROM
-
-2) run installer
-
-3) manager starts up, opens window
-
-4) if there are no accounts
-	call get_url_and_attach()
-
-----------------------
-
-C) "Attach to new project" case
-
-1) call get_url_and_attach()
-
-=======================================================
-
-function get_url_and_attach()
-
-1) Dialog:
-
-Enter the URL of a BOINC-based project: _____________ (text field)
-
-For more information, and to see a list
-of some BOINC-based projects, go to
-http://boinc.berkeley.edu [link]
-
-OK [button]
-Cancel [button]
-
-2) if OK:
-call attach_to_project(PROJ_URL, true)
-
--------------------------
-
-function attach_to_project(PROJ_URL, bool user_supplied_url)
-
-1) Dialog ("query_key"):
-
-	Attaching to PROJ_URL.
-	Do you already have an account key for PROJ_URL?
-    (example:  0123abc...)
-
-	No - create new account key [button]
-	Yes [button]  paste account key here: ______________________ [text field]
-				  How to find an existing account key [button]
-    Cancel
-
-Dialog (how to find an existing account key):
-
-	Each account on PROJ_URL has an "account key".
-	An account key is a string of 32 random characters.  For example:
-		xxxx
-	There are two ways to find an account key:
-	1) On the computer where you created the account,
-		- run the BOINC Manager,
-		- select this project in the Projects tab,
-		- click on the Account Key button.
-	2) If you entered an email address for the account,
-		the account key was sent to you in an email message
-		(you can request another email by going
-        here [link to PROJ_URL/get_passwd.php]
-
-	Copying an account key by hand is prone to errors.
-	We recommend that you transfer the account key in a file or email message
-	to the computer where it is needed,
-	and then copy and paste it into the BOINC Manager.
-
-	Close [button] (closes dialog, returns to query_key)
-
-If answer to 1) is "no":
-
-OPTIONAL: dialog
-    "We will now create a new account for you.
-    This account will not inherit the credit from any
-    previous account you may have created.
-    If you're not sure if you already have an account,
-    click here for instructions on how to get its account key:
-    Instructions [button]
-
-    Otherwise click OK to continue.
-    OK [button]
-
-
-2) BOINC client tries to communicates with project, create account
-
-3) if succeed in creating account
-Dialog ("welcome"):
-
-	Welcome to PROJ_NAME
-	Your web browser should now show a
-	form for entering your name and email.
-	If you don't see this form, check your browser settings,
-	visit PROJ_URL [link] and click on My Account.
-
-	Close [button]
-
-Web page (foo.edu/welcome.php?auth=xxxxx)
-
-	Welcome to PROJ_NAME.
-
-	Your new account has a name and optional email address.
-	You can changes these if you like:
-	Name: xxx (the user's account name on host)
-	(this will be shown on our web site)
-	Email address:
-	(this will not be displayed or distributed)
-	OK to send periodic email newsletters [checkbox]
-	Update [button]
-
-	Foo at home will use processing time and disk space on your computer,
-	and will periodically make Internet connections.
-	You can control a number of 'settings' that limit these activities.
-	The default settings are OK for most people.
-	To view or modify your settings, click here [link]
-
-	You can also keep track of your computers and work totals,
-	find answers to common problems,
-	exchange messages with other users,
-	and create a "profile" of yourself
-	(including a picture, if you like)
-	that other participants can see.
-	To access these features,
-	go to the Foo at home home page [link]
-
-
-	Notes:
-		- update button goes to a "account info updated" page
-		- if email address already exists, show
-			"An account with that email address already exists.
-
-
-
-(User is done)
-
-
-4) if project replies with an error message:
-
-Dialog ("project_unavailable"):
-
-	PROJ_NAME is temporarily unavailable.
-	Please check PROJ_URL [link] for information.
-	To try again later, select the "Projects" tab,
-	and click on "Attach to new project".
-
-	OK [button]
-
-Go to Projects tab.
-user is done.
-
-5) If no connection failure or no reply
-	retry = network_failure()
-	if (retry) go to 2
-
-
-If answer to 4) is "yes":
-
-10) if account key is syntactically invalid
-
-Dialog ("invalid_key"):
-
-	The account key xxx is invalid.
-	Account keys are 32 characters, each of which is a-f or 0-9.
-	Please reenter the key.
-
-	OK [button]
-
-11) If project is up, and account key is verified
-
-Dialog ("valid_key"):
-	Account key is valid.
-	This computer is now participating in Foo at home.
-
-	OK [button]
-
-User is done.
-
-12) If project is up, and account key is not verified
-Dialog ("unrecognized_key"):
-	xxx is not the key of any existing account on Foo at home.
-	Account keys from other BOINC projects will not work on Foo at home.
-	Please check your account key.
-
-	OK [button]
-
-Go to 4
-
-13) if project replies with an error message:
-
-Dialog ("project_unavailable"):
-
-	Foo at home is temporarily unavailable.
-	Please check http://foo.edu [link] for information.
-	To try again later, select the "Projects" tab,
-	and click on "Attach to new project".
-
-	OK [button]
-
-Go to Projects tab.
-user is done.
-
-14) else (if no reply): call network_failure(user_supplied_url)
-
-----------------
-
-function network_failure(bool user_supplied_url):
-
-(called when an operation to a project failed to connect
-or got no reply.
-Returns true if we should retry the operation.)
-
-Dialog ("unable_to_contact"):
-
-	BOINC is unable to contact PROJ_URL
-	Possible reasons are:
-
-	1) You may need to tell BOINC your proxy settings.
-	We are opening a web page with instructions for how to do this.
-
-	Change proxy settings now [button]
-
-	2) You may be running network security software that is
-	blocking BOINC's network access.
-	Unblock BOINC and click Retry.
-
-	3) There may be a network problem
-	or the PROJ_URL servers may be down.
-	(In either case your web browser will show
-	an error for the proxy instruction page).
-	To try again later, select the "Projects" tab,
-	and click on "Attach to new project".
-
-if User_supplied_url is true, add
-
-	3) You may have entered the project URL incorrectly.
-
-	Retry [button]
-	Cancel [button]
-
-If chose "change proxy settings"
-	put up Options dialog
-
-If chose Retry
-	return true
-
-If chose Cancel
-	return false
-
-Web page (PROJ_URL/proxy_problems.php)
-
-	Some computers access the Internet via "proxies".
-	In this case BOINC must be told the names and types
-	of these proxies in order to work correctly.
-
-	Since you are able to see this page,
-	your web browser already has the right proxy settings.
-	You can find these settings as follows:
-	Mozilla/FireFox:
-		Select "Preferences" in the Edit menu.
-		Then select Advanced/Proxies
-	Internet Explorer:
-		Select "Internet Options" in the Tools menu.
-		Select the "Connections" tab.
-		Click "LAN Settings".
-
-	You can change BOINC's proxy setting by selecting
-	the Options item in the Tools menu.
diff --git a/doc/ui_impl.txt b/doc/ui_impl.txt
deleted file mode 100644
index 7bfff35..0000000
--- a/doc/ui_impl.txt
+++ /dev/null
@@ -1,158 +0,0 @@
-Implementation notes
-
-------------------------------------------
-project-specific installers
-
-These produce a file "start_project.xml" containing the URL
-(and possibly the name) of the starting project in the BOINC directory.
-This file tells the BOINC manager to attach to this project.
-
-The file could be produced either of two ways:
-
-1) The file is part of the install bundle.
-This would require projects to edit the installers
-released by BOINC, using ORCA or whatever tools are needed
-
-2) The project URL is encoded in the installer filename,
-and the installer runs a script that finds this name
-and creates the file.
-(Not sure how easy this is to do)
-
-------------------------------------------
-Database
-
-Allow nulls in the email_addr table.
-Make it non-unique.
-
-------------------------------------------
-Web interfaces
-
-- "get account key" page can now return
-	multiple accounts with same email address
-	(show creation time, credit in email message)
-- can possibly provide interface for merging accounts
-	(but this is tricky and can wait)
-
-welcome.php?auth=xxx
-	shows welcome page (see doc)
-	and returns cookie with account key
-
-create_account.php
-in:
-	name
-out:
-	status
-	account key
-
-verify_account.php
-in:
-	acct key
-out:
-	yes/no
-	if yes:
-		name
-
-------------------------------------------
-Scheduler
-------------------------------------------
-GUI RPCs
-
-create_account();
-	in: URL
-	Implementation:
-		fetches URL/create_account.php
-poll_create_account();
-	returns status:
-		in_progress,
-		success,
-			returns account key in this case
-		project_down,
-		no_reply
-
-verify_account()
-	in: URL, key
-
-poll_verify_account()
-	returns status:
-		in_progress,
-		success,
-			returns yes/no, name in this case
-		project_down,
-		no_reply
-------------------------------------------
-Manager
-
-On startup:
-If start_project.xml exists
-	attach_to_project(url, false)
-
-attach_to_project(url/name, user_supplied_url) {
-restart:
-	switch(show_dialog(query_key)) {
-	yes:
-		if (invalid_key) {
-			show_dialog(invalid_key)
-			goto restart
-		}
-		verify_account(URL, key)
-		while (1)
-			ret = poll_verify_account()
-			if (!in_progress) break
-			sleep(1);
-		}
-		switch(ret) {
-		success/yes:
-			show_dialog(valid_key);
-			return;
-		success/no:
-			show_dialog(unrecognized_key);
-			goto restart;
-		error:
-			show_dialog(project_unavailable)
-		no_reply:
-			retry = network_failure()
-			if (retry) goto restart;
-		}
-	no:
-		name = get local account name on host
-retry:
-		gui_rpc.create_account()
-		while (1)
-			ret = poll_create_account()
-			if !in_progress break;
-			sleep(1);
-		}
-		switch(ret) {
-		success:
-			show_web_page(welcome.php?auth=acct_key)
-			show_dialog(welcome)
-			set tab to projects
-		project_down:
-			show_dialog(project_unavailable")
-			set tab to projects
-		no_reply:
-			retry = network_failure();
-			if (goto retry)
-			set tab to projects
-		}
-	cancel:
-	}
-}
-
-bool network_failure(bool user_supplied_url) {
-	show_web_page(url/proxy_problems.php)
-	ret = show_dialog(unable_to_contact)	
-	switch (ret) {
-	change:
-		show_dialog(proxy_settings)
-	retry:
-		return true;
-	cancel:
-		return false;
-	}
-}
-
-Miscellaneous:
-- Add a "account key" button in the Projects tab.
-	When clicked, it shows the account key
-	in a way that can be cut/pasted.
diff --git a/doc/validate_logic.txt b/doc/validate_logic.txt
deleted file mode 100644
index f5a7175..0000000
--- a/doc/validate_logic.txt
+++ /dev/null
@@ -1,135 +0,0 @@
-int check_set(
-  vector<RESULT> results,
-  DB_WORKUNIT&   wu,
-  int&           canonicalid,
-  double&        credit,
-  bool&          retry
-);
-
-Define N := length of result vector, and let M := N.
-
-check_set() will ALWAYS be called with N>=wu.min_quorum.
-
-check_set() will ALWAYS be called with ALL results satisfying
-    result.outcome == RESULT_OUTCOME_SUCCESS
-    result.validate_state == VALIDATE_STATE_INIT
-
-check_set() should NEVER modify wu [although it is not declared
-    const]
-
-[1] Syntax pass (optional)
-
- for (all N results) {
-
-   if (one or more of the result's output files can be read
-       and one or more of those files contains erroneous or
-       invalid or incorrect output, i.e. bad file syntax)
-   {
-     set result.outcome=RESULT_OUTCOME_VALIDATE_ERROR; 
-     set result.validate_state=VALIDATE_STATE_INVALID;
-     decrement counter: M = M-1;
-   } // erroneous or incorrect or invalid output files
-
-   else if (result has a potentially recoverable error,
-	    i.e. NFS directory not mounted, server
-	    is unreachable, upload server unreachable)
-   {
-     dont not modify result.validate_state;
-     dont not modify result.outcome;
-     decrement counter M = M-1;
-     set retry=true;
-   } // recoverable error
-   
-   else if (every output file of the result is unreadable or
-	    fails to exist)
-   {
-     set result.outcome=RESULT_OUTCOME_VALIDATE_ERROR;
-     set result.validate_state=VALIDATE_STATE_INIT;
-     decrement counter: M = M-1;
-   } // all result output files unreadable or nonexistent
-   
- } // end of syntax pass loop over all N results
-
- Define REMAINING RESULTS to be those that do NOT fall into one of
- the three categories above. There are M of these. If the syntax pass
- has been skipped, then M == N.
-
- if (M < wu.min_quorum)
- {
-   don't modify canonicalid;
-   don't modify credit;
-   leave retry as set above;
-   leave result.outcome unchanged for M remaining results;
-   leave result.validate_state unchanged for M remaining results;
-   return 0;
- } // fewer than min_quorum results remain
-
- At any point in this process, if a major error occurs, check_set()
- should return nonzero.  This will cause the validator to exit.  If
- this happens, it does not matter how you have set or modified
- result.outcome, result.validate_state, retry, credit, or canonicalid.
-
-// END OF OPTIONAL SYNTAX PASS
-
-
-[2] Comparison pass (required).  We have
-    M>=wu.min_quorum REMAINING RESULTS results with
-      result.outcome == RESULT_OUTCOME_SUCCESS
-      result.validate_state == VALIDATE_STATE_INIT
-
-   All the output files of all of these results are
-   readable.  All of the output files for a given result
-   are, when taken "in isolation" apparently valid.  [If
-   these conditions are not met then you must do the
-   "syntax pass" above.]
-
-   if (one of these results is determined to be THE correct
-       [canonical] result)
-   {
-
-     for (correct result) {
-       set result.validate_state=VALIDATE_STATE_VALID;
-       set canonicalid=result.id;
-     } // canonical result
-
-     for (the REMAINING M - 1 results)
-     {
-       // NOTE: what is below can be done by calling
-       // check_pair(result, canonical_result)
-       if (result is correct, matches canonical)
-       {
-	 result.validate_state=VALIDATE_STATE_VALID;
-       }
-       else
-       {
-         result.validate_state=VALIDATE_STATE_INVALID;
-       }
-     } // loop over remaining M-1 results
-
-     set credit;
-
-     leave retry as set from the syntax pass above;
-
-     return 0;
-   } // found canonical result
-   else
-   {
-     // You are UNABLE to determine if one of the M REMAINING RESULTS
-     // is correct, so:
-    
-     do not modify result.outcome for ANY of M remaining results;
-     do not modify result.validate_state for ANY of M remaining results;
-     do not set credit;
-     do not set canonicalid;
-     leave retry as set from the syntax pass;
-     return 0;
-    
-   } // did not find canonical result
-    
- At any point in this process, if a major error occurs, check_set()
- should return nonzero.  This will cause the validator to exit.  If
- this happens, it does not matter how you have set result.outcome,
- result.validate_state, retry, credit, or canonicalid for ANY of the
- results.
-    
-// end of Comparison pass
diff --git a/find-working-cvs b/find-working-cvs
deleted file mode 100755
index 26255d6..0000000
--- a/find-working-cvs
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/usr/bin/env python
-
-# $Id: find-working-cvs 2677 2003-11-25 01:49:39Z quarl $
-
-# Brute-force find at what point in time the automated tests stopped working.
-# You better be using ccache!
-
-# TODO: do a binary search instead of linear search.
-
-range = ['2003-10-01', '2003-11-10']
-
-import os, time
-
-def ptime(t):
-    return time.mktime(time.strptime(t, '%Y-%m-%d'))
-
-def doit(d):
-    print 'trying', d
-    dir = '/tmp/t.' + d
-    os.system('cvs co -D %s -d %s boinc' % (d,dir))
-    os.chdir(dir)
-    if 0 == os.system('./configure && make && cd test && ./test_uc.py'):
-        raise SystemExit('Woohoo! %s' %d)
-
-range = map(ptime, range)
-
-t = range[1]
-tmin = range[0]
-
-while t > tmin:
-    d = time.strftime('%Y-%m-%d', time.localtime(t))
-    doit(d)
-    t -= 86400
diff --git a/html/bt/inc/bdictionary.php b/html/bt/inc/bdictionary.php
index 2dc6df3..9c8b8b0 100644
--- a/html/bt/inc/bdictionary.php
+++ b/html/bt/inc/bdictionary.php
@@ -9,7 +9,7 @@
  * d3:cow3:moo4:spam4:eggse represents the dictionary { "cow" => "moo", "spam" => "eggs" } 
  */
 
-$cvs_version_tracker[]="\$Id: bdictionary.php 12886 2007-06-11 18:28:57Z jbk $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 
 class BDictionary {
     private function __construct(){
diff --git a/html/bt/inc/binteger.php b/html/bt/inc/binteger.php
index d6b737a..e939701 100755
--- a/html/bt/inc/binteger.php
+++ b/html/bt/inc/binteger.php
@@ -5,7 +5,7 @@
  * An integer starts with "i", has the value and then ends with "e".
  */
  
-$cvs_version_tracker[]="\$Id: binteger.php 12887 2007-06-11 18:29:23Z jbk $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
  
 class BInteger {
     private function __construct(){
diff --git a/html/bt/inc/blist.php b/html/bt/inc/blist.php
index eba51ed..86f45b3 100755
--- a/html/bt/inc/blist.php
+++ b/html/bt/inc/blist.php
@@ -5,7 +5,7 @@
  * In PHP lists are simply non-keyed (ie. standard keyed) arrays.
  */
  
-$cvs_version_tracker[]="\$Id: blist.php 12888 2007-06-11 18:29:40Z jbk $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
  
 class BList {
     private function __construct(){
diff --git a/html/bt/inc/bstring.php b/html/bt/inc/bstring.php
index 3298e01..3109ef4 100755
--- a/html/bt/inc/bstring.php
+++ b/html/bt/inc/bstring.php
@@ -5,7 +5,7 @@
  * Strings are native in PHP.
  */
 
-$cvs_version_tracker[]="\$Id: bstring.php 12889 2007-06-11 18:29:57Z jbk $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
  
 class BString {
     private function __construct(){
diff --git a/html/bt/inc/checks.php b/html/bt/inc/checks.php
index aad8560..9db9c94 100644
--- a/html/bt/inc/checks.php
+++ b/html/bt/inc/checks.php
@@ -3,7 +3,7 @@
  * Checks common to both the tracker and the scraping mechanism.
  */
 
-$cvs_version_tracker[]="\$Id: checks.php 13824 2007-10-10 21:04:20Z jbk $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 
 
 function isIPBanned($ip){
diff --git a/html/bt/inc/illegalargumentexception.php b/html/bt/inc/illegalargumentexception.php
index daa9d90..995f309 100755
--- a/html/bt/inc/illegalargumentexception.php
+++ b/html/bt/inc/illegalargumentexception.php
@@ -1,6 +1,6 @@
 <?php
 
-$cvs_version_tracker[]="\$Id: illegalargumentexception.php 12890 2007-06-11 18:30:19Z jbk $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 
 
 class IllegalArgumentException extends Exception {
diff --git a/html/bt/inc/torrent.php b/html/bt/inc/torrent.php
index fca43c6..8e058a7 100755
--- a/html/bt/inc/torrent.php
+++ b/html/bt/inc/torrent.php
@@ -8,7 +8,7 @@
  * simply download a .torrent for each file they want to fetch.
  */ 
 
-$cvs_version_tracker[]="\$Id: torrent.php 12884 2007-06-11 18:24:12Z jbk $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
  
 class Torrent {
     private $trackerURL; // String
diff --git a/html/inc/countries.inc b/html/inc/countries.inc
index 57ff050..1879199 100644
--- a/html/inc/countries.inc
+++ b/html/inc/countries.inc
@@ -1,5 +1,5 @@
 <?php
-// $Id: countries.inc 18397 2009-06-12 16:35:08Z boincadm $
+// $Id$
 // list of countries taken from http://www.cia.gov
 
 $countries = array(
diff --git a/html/inc/db_ops.inc b/html/inc/db_ops.inc
index 653f728..3589f76 100644
--- a/html/inc/db_ops.inc
+++ b/html/inc/db_ops.inc
@@ -1267,5 +1267,5 @@ function host_name_by_id($hostid) {
     }
 }
 
-$cvs_version_tracker[]="\$Id: db_ops.inc 25260 2012-02-14 21:12:57Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/inc/host.inc b/html/inc/host.inc
index 52e6b37..210cb24 100644
--- a/html/inc/host.inc
+++ b/html/inc/host.inc
@@ -722,6 +722,6 @@ function anonymize_hosts($user) {
     }
 }
 
-$cvs_version_tracker[]="\$Id: host.inc 24882 2011-12-24 02:01:54Z romw $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 
 ?>
diff --git a/html/inc/news.inc b/html/inc/news.inc
index c28baa9..881d256 100644
--- a/html/inc/news.inc
+++ b/html/inc/news.inc
@@ -114,5 +114,5 @@ function show_news($start, $count) {
     );
 }
 
-$cvs_version_tracker[]="\$Id: news.inc 23119 2011-02-28 19:02:59Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/inc/profile.inc b/html/inc/profile.inc
index b5b6775..c675689 100644
--- a/html/inc/profile.inc
+++ b/html/inc/profile.inc
@@ -270,6 +270,6 @@ function show_profile($user, $logged_in_user, $screen_mode = false) {
     }
 }
 
-$cvs_version_tracker[]="\$Id: profile.inc 24050 2011-08-26 18:30:13Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 
 ?>
diff --git a/html/inc/result.inc b/html/inc/result.inc
index 517fbe2..30cae97 100644
--- a/html/inc/result.inc
+++ b/html/inc/result.inc
@@ -711,6 +711,6 @@ function result_navigation($info, $where_clause) {
 	return $x;
 }
 
-$cvs_version_tracker[]="\$Id: result.inc 24964 2012-01-01 23:54:58Z romw $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 
 ?>
diff --git a/html/inc/stats_sites.inc b/html/inc/stats_sites.inc
index 3c803d1..29bb986 100644
--- a/html/inc/stats_sites.inc
+++ b/html/inc/stats_sites.inc
@@ -200,5 +200,5 @@ function site_list($sites) {
 $GLOBALS['cpid_stats_sites'] = $cpid_stats_sites;
 $GLOBALS['host_sites'] = $host_sites;
 
-$cvs_version_tracker[]="\$Id: stats_sites.inc 22859 2011-01-02 03:07:14Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/inc/team.inc b/html/inc/team.inc
index cda64bd..96c580b 100644
--- a/html/inc/team.inc
+++ b/html/inc/team.inc
@@ -571,6 +571,6 @@ function make_team(
     }
 }
 
-$cvs_version_tracker[]="\$Id: team.inc 24050 2011-08-26 18:30:13Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 
 ?>
diff --git a/html/inc/text_transform.inc b/html/inc/text_transform.inc
index bafb2f4..b370056 100644
--- a/html/inc/text_transform.inc
+++ b/html/inc/text_transform.inc
@@ -268,5 +268,5 @@ function highlight_terms($text, $terms) {
     }
 }
 
-$cvs_version_tracker[]="\$Id: text_transform.inc 24622 2011-11-20 17:26:32Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/inc/translation.inc b/html/inc/translation.inc
index 0b1ee39..6a74cbb 100644
--- a/html/inc/translation.inc
+++ b/html/inc/translation.inc
@@ -296,5 +296,5 @@ for ($i=0; $i<sizeof($client_languages); $i++) {
 
 $GLOBALS['languages_in_use'] = $languages_in_use;   // for Drupal
 
-$cvs_version_tracker[]="\$Id: translation.inc 21878 2010-07-06 23:31:26Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/inc/user.inc b/html/inc/user.inc
index 1231544..426689a 100644
--- a/html/inc/user.inc
+++ b/html/inc/user.inc
@@ -485,6 +485,6 @@ function make_user(
     }
 }
 
-$cvs_version_tracker[]="\$Id: user.inc 25504 2012-03-28 18:53:30Z romw $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 
 ?>
diff --git a/html/inc/util.inc b/html/inc/util.inc
index e98a04c..e2276b8 100644
--- a/html/inc/util.inc
+++ b/html/inc/util.inc
@@ -861,6 +861,6 @@ function credit_to_gflop_hours($c) {
     return $c/(200/24);
 }
 
-$cvs_version_tracker[]="\$Id: util.inc 25398 2012-03-09 21:40:57Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 
 ?>
diff --git a/html/inc/util_ops.inc b/html/inc/util_ops.inc
index 38e2bdd..17bbaf5 100644
--- a/html/inc/util_ops.inc
+++ b/html/inc/util_ops.inc
@@ -242,5 +242,5 @@ if (!isset($skip_auth_ops) && array_key_exists("SERVER_PORT", $_SERVER)) {
     auth_ops();
 }
 
-$cvs_version_tracker[]="\$Id: util_ops.inc 24969 2012-01-02 07:33:08Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/languages/translations/ca.po b/html/languages/translations/ca.po
index 4a065f7..383dd5b 100644
--- a/html/languages/translations/ca.po
+++ b/html/languages/translations/ca.po
@@ -1,7 +1,7 @@
 # BOINC web translation
 # Copyright (C) 2008 University of California
 # This file is distributed under the same license as BOINC.
-# FileID  : $Id: ca.po 25435 2012-03-16 17:23:55Z romw $
+# FileID  : $Id$
 msgid ""
 msgstr ""
 "Project-Id-Version: \n"
diff --git a/html/languages/translations/cs.po b/html/languages/translations/cs.po
index eef230d..904b1de 100644
--- a/html/languages/translations/cs.po
+++ b/html/languages/translations/cs.po
@@ -1,7 +1,7 @@
 # BOINC web translation
 # Copyright (C) 2008 University of California
 # This file is distributed under the same license as BOINC.
-# FileID  : $Id: cs.po 25435 2012-03-16 17:23:55Z romw $
+# FileID  : $Id$
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
diff --git a/html/languages/translations/da.po b/html/languages/translations/da.po
index 753be29..ac45bb4 100644
--- a/html/languages/translations/da.po
+++ b/html/languages/translations/da.po
@@ -1,7 +1,7 @@
 # BOINC web translation
 # Copyright (C) 2008 University of California
 # This file is distributed under the same license as BOINC.
-# FileID  : $Id: da.po 25406 2012-03-12 22:50:41Z davea $
+# FileID  : $Id$
 msgid ""
 msgstr ""
 "Project-Id-Version: BOINC Project (Generic) 6.x\n"
diff --git a/html/languages/translations/de.po b/html/languages/translations/de.po
index f09fb67..accd4e1 100644
--- a/html/languages/translations/de.po
+++ b/html/languages/translations/de.po
@@ -1,7 +1,7 @@
 # BOINC web translation
 # Copyright (C) 2008 University of California
 # This file is distributed under the same license as BOINC.
-# FileID  : $Id: de.po 25406 2012-03-12 22:50:41Z davea $
+# FileID  : $Id$
 msgid ""
 msgstr ""
 "Project-Id-Version: BOINC Project (Generic) 6.x\n"
diff --git a/html/languages/translations/es.po b/html/languages/translations/es.po
index 0831f05..854ae33 100644
--- a/html/languages/translations/es.po
+++ b/html/languages/translations/es.po
@@ -1,7 +1,7 @@
 # BOINC web translation
 # Copyright (C) 2008 University of California
 # This file is distributed under the same license as BOINC.
-# FileID  : $Id: es.po 25406 2012-03-12 22:50:41Z davea $
+# FileID  : $Id$
 msgid ""
 msgstr ""
 "Project-Id-Version: \n"
@@ -7007,7 +7007,7 @@ msgstr "(todas las aplicaciones)"
 
 # #########################################
 # Language: Spanish (Spain)
-# FileID  : $Id: es.po 25406 2012-03-12 22:50:41Z davea $
+# FileID  : $Id$
 # Author  : Janus Kristensen (Translator: Alejandro Martín Covarrubias)
 # Email   : jbk at visualgroup.dk (alex.covarrubias at gmail.com)
 # For more information please see:
@@ -7059,7 +7059,7 @@ msgstr "(todas las aplicaciones)"
 # "Your account" page (home.php)
 # #########################################
 # Language: Spanish (Spain)
-# FileID  : $Id: es.po 25406 2012-03-12 22:50:41Z davea $
+# FileID  : $Id$
 # Author  : Janus Kristensen (Translator: Alejandro Martín Covarrubias)
 # Email   : jbk at visualgroup.dk (alex.covarrubias at gmail.com)
 # For more information please see:
diff --git a/html/languages/translations/it.po b/html/languages/translations/it.po
index d975191..0786493 100644
--- a/html/languages/translations/it.po
+++ b/html/languages/translations/it.po
@@ -1,7 +1,7 @@
 # BOINC web translation
 # Copyright (C) 2008 University of California
 # This file is distributed under the same license as BOINC.
-# FileID  : $Id: it.po 25435 2012-03-16 17:23:55Z romw $
+# FileID  : $Id$
 msgid ""
 msgstr ""
 "Project-Id-Version: \n"
diff --git a/html/languages/translations/ja.po b/html/languages/translations/ja.po
index 3fba6a3..f10b7d7 100644
--- a/html/languages/translations/ja.po
+++ b/html/languages/translations/ja.po
@@ -1,7 +1,7 @@
 # BOINC web translation
 # Copyright (C) 2008 University of California
 # This file is distributed under the same license as BOINC.
-# FileID  : $Id: ja.po 25406 2012-03-12 22:50:41Z davea $
+# FileID  : $Id$
 msgid ""
 msgstr ""
 "Project-Id-Version: \n"
diff --git a/html/languages/translations/ko.po b/html/languages/translations/ko.po
index 6b2361e..35bb99f 100644
--- a/html/languages/translations/ko.po
+++ b/html/languages/translations/ko.po
@@ -3,7 +3,7 @@
 #
 # This file is distributed under the same license as BOINC.
 #
-# FileID  : $Id: ko.po 25406 2012-03-12 22:50:41Z davea $
+# FileID  : $Id$
 #
 msgid ""
 msgstr ""
diff --git a/html/languages/translations/lt.po b/html/languages/translations/lt.po
index 753a45e..7e81497 100644
--- a/html/languages/translations/lt.po
+++ b/html/languages/translations/lt.po
@@ -1,7 +1,7 @@
 # BOINC web translation
 # Copyright (C) 2008 University of California
 # This file is distributed under the same license as BOINC.
-# FileID  : $Id: lt.po 25435 2012-03-16 17:23:55Z romw $
+# FileID  : $Id$
 msgid ""
 msgstr ""
 "Project-Id-Version: \n"
@@ -6747,7 +6747,7 @@ msgstr ""
 
 # #########################################
 # Language: Lithuanian
-# FileID  : $Id: lt.po 25435 2012-03-16 17:23:55Z romw $
+# FileID  : $Id$
 # Author  : Rytis Slatkevičius
 # Email   : rytis.s at gmail.com
 # For more information please see:
diff --git a/html/languages/translations/pl.po b/html/languages/translations/pl.po
index 7baf7f0..00ef852 100644
--- a/html/languages/translations/pl.po
+++ b/html/languages/translations/pl.po
@@ -1,7 +1,7 @@
 # BOINC web translation
 # Copyright (C) 2008 University of California
 # This file is distributed under the same license as BOINC.
-# FileID  : $Id: pl.po 25406 2012-03-12 22:50:41Z davea $
+# FileID  : $Id$
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
@@ -6795,7 +6795,7 @@ msgstr ""
 
 # ###################################
 # Language: Polish [rev. 1.40 (12.09.2007/18:15)]
-# FileID  : $Id: pl.po 25406 2012-03-12 22:50:41Z davea $
+# FileID  : $Id$
 # Author  : Bartosz Kaszubowski
 # Email   : gosimek at gmail.com
 # #########################################
diff --git a/html/languages/translations/ru.po b/html/languages/translations/ru.po
index 01a85f6..1573af5 100644
--- a/html/languages/translations/ru.po
+++ b/html/languages/translations/ru.po
@@ -1,7 +1,7 @@
 # BOINC web translation
 # Copyright (C) 2008 University of California
 # This file is distributed under the same license as BOINC.
-# FileID  : $Id: ru.po 25435 2012-03-16 17:23:55Z romw $
+# FileID  : $Id$
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
diff --git a/html/languages/translations/zh_CN.po b/html/languages/translations/zh_CN.po
index 19f41b1..dbcc695 100644
--- a/html/languages/translations/zh_CN.po
+++ b/html/languages/translations/zh_CN.po
@@ -1,7 +1,7 @@
 # BOINC web translation
 # Copyright (C) 2008 University of California
 # This file is distributed under the same license as BOINC.
-# FileID  : $Id: zh_CN.po 25406 2012-03-12 22:50:41Z davea $
+# FileID  : $Id$
 msgid ""
 msgstr ""
 "Project-Id-Version: \n"
diff --git a/html/ops/cancel_wu_action.php b/html/ops/cancel_wu_action.php
index f331e59..c17c1cc 100644
--- a/html/ops/cancel_wu_action.php
+++ b/html/ops/cancel_wu_action.php
@@ -81,5 +81,5 @@ if (cancel_wu($wuid1, $wuid2)) {
 echo " cancelling workunits $wuid1 <= WUID <= $wuid2</h2>";
 
 admin_page_tail();
-$cvs_version_tracker[]="\$Id: cancel_wu_action.php 20594 2010-02-16 18:38:39Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/ops/cancel_wu_form.php b/html/ops/cancel_wu_form.php
index 6e8615d..cb8e20f 100644
--- a/html/ops/cancel_wu_form.php
+++ b/html/ops/cancel_wu_form.php
@@ -50,5 +50,5 @@ echo "
     </form>
 ";
 admin_page_tail();
-$cvs_version_tracker[]="\$Id: cancel_wu_form.php 19053 2009-09-15 18:14:37Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/ops/clear_host.php b/html/ops/clear_host.php
index 21efd2c..b1b852e 100644
--- a/html/ops/clear_host.php
+++ b/html/ops/clear_host.php
@@ -29,5 +29,5 @@ mysql_query("update host set rpc_time=0 where id='$hostid'");
 echo "Host RPC time cleared for host ID: $hostid\n";
 
 admin_page_tail();
-$cvs_version_tracker[]="\$Id: clear_host.php 20745 2010-02-26 21:34:20Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/ops/create_forums.php b/html/ops/create_forums.php
index 4b7cd7a..967bfeb 100644
--- a/html/ops/create_forums.php
+++ b/html/ops/create_forums.php
@@ -67,5 +67,5 @@ create_forum($catid, 4, "Preferences", "Using preferences");
 create_forum($catid, 5, "Wish list", "What new features would you like to see?");
 create_forum($catid, 6, "Web site", "Issues involving this web site");
 
-$cvs_version_tracker[]="\$Id: create_forums.php 19949 2009-12-16 22:35:08Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/ops/db_action.php b/html/ops/db_action.php
index 8b98fc8..7291902 100644
--- a/html/ops/db_action.php
+++ b/html/ops/db_action.php
@@ -228,5 +228,5 @@ if ($result) {
 }
 
 admin_page_tail();
-$cvs_version_tracker[]="\$Id: db_action.php 24857 2011-12-21 18:29:11Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/ops/db_form.php b/html/ops/db_form.php
index e9d324c..41b6f34 100644
--- a/html/ops/db_form.php
+++ b/html/ops/db_form.php
@@ -102,5 +102,5 @@ echo "</form>\n";
 print_describe_table($table, 4);
 
 admin_page_tail();
-$cvs_version_tracker[]="\$Id: db_form.php 15975 2008-09-07 07:40:56Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/ops/errorwus.php b/html/ops/errorwus.php
index 59c7f23..ddd1488 100644
--- a/html/ops/errorwus.php
+++ b/html/ops/errorwus.php
@@ -111,5 +111,5 @@ echo " entries\n";
 admin_page_tail();
 
 end_cache($cache_sec);
-$cvs_version_tracker[]="\$Id: errorwus.php 15758 2008-08-05 22:43:14Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/ops/failure_result_summary_by_host.php b/html/ops/failure_result_summary_by_host.php
index 68e279c..33f5a94 100644
--- a/html/ops/failure_result_summary_by_host.php
+++ b/html/ops/failure_result_summary_by_host.php
@@ -85,5 +85,5 @@ end_table();
 
 admin_page_tail();
 
-$cvs_version_tracker[]="\$Id: failure_result_summary_by_host.php 25171 2012-01-31 07:21:42Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/ops/failure_result_summary_by_platform.php b/html/ops/failure_result_summary_by_platform.php
index a964a23..ff502f6 100644
--- a/html/ops/failure_result_summary_by_platform.php
+++ b/html/ops/failure_result_summary_by_platform.php
@@ -82,5 +82,5 @@ end_table();
 
 admin_page_tail();
 
-$cvs_version_tracker[]="\$Id: failure_result_summary_by_platform.php 25171 2012-01-31 07:21:42Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/ops/index.php b/html/ops/index.php
index 2bf96f7..5925074 100644
--- a/html/ops/index.php
+++ b/html/ops/index.php
@@ -232,5 +232,5 @@ echo "<h3>Periodic or special tasks</h3>
 
 admin_page_tail();
 
-$cvs_version_tracker[]="\$Id: index.php 25171 2012-01-31 07:21:42Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/ops/list_new_users.php b/html/ops/list_new_users.php
index 978a7b7..c00a168 100644
--- a/html/ops/list_new_users.php
+++ b/html/ops/list_new_users.php
@@ -117,5 +117,5 @@ end_table();
 
 admin_page_tail();
 
-$cvs_version_tracker[]="\$Id: list_new_users.php 15758 2008-08-05 22:43:14Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/ops/make_emails_lowercase.php b/html/ops/make_emails_lowercase.php
index d3b7990..5eb5528 100644
--- a/html/ops/make_emails_lowercase.php
+++ b/html/ops/make_emails_lowercase.php
@@ -109,5 +109,5 @@ if ($confirm != "yes" && $update_needed) {
 mysql_free_result($result);
 
 admin_page_tail();
-$cvs_version_tracker[]="\$Id: make_emails_lowercase.php 19230 2009-10-02 18:32:40Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/ops/manage_app_versions.php b/html/ops/manage_app_versions.php
index ebbb2ff..bac7094 100644
--- a/html/ops/manage_app_versions.php
+++ b/html/ops/manage_app_versions.php
@@ -25,7 +25,7 @@
  * Some of the fields can be changed.
  *
  * Eric Myers <myers at spy-hill.net>  - 4 June 2006
- * @(#) $Id: manage_app_versions.php 25115 2012-01-21 00:04:54Z davea $
+ * @(#) $Id$
 \***********************************************************************/
 
 // TODO: rewrite this using the new DB interface
@@ -199,5 +199,5 @@ echo "</form><P>\n";
 admin_page_tail();
 
 //Generated automatically - do not edit
-$cvs_version_tracker[]="\$Id: manage_app_versions.php 25115 2012-01-21 00:04:54Z davea $"; 
+$cvs_version_tracker[]="\$Id$"; 
 ?>
diff --git a/html/ops/manage_apps.php b/html/ops/manage_apps.php
index 3cb8faf..955e5cd 100644
--- a/html/ops/manage_apps.php
+++ b/html/ops/manage_apps.php
@@ -25,7 +25,7 @@
  * Some of the fields can be changed.
  *
  * Eric Myers <myers at spy-hill.net>  - 4 June 2006
- * @(#) $Id: manage_apps.php 25115 2012-01-21 00:04:54Z davea $
+ * @(#) $Id$
 \***********************************************************************/
 
 // TODO - code cleanup and use new DB interface
@@ -249,5 +249,5 @@ echo "</form><p>\n";
 admin_page_tail();
 
 //Generated automatically - do not edit
-$cvs_version_tracker[]="\$Id: manage_apps.php 25115 2012-01-21 00:04:54Z davea $";
+$cvs_version_tracker[]="\$Id$";
 ?>
diff --git a/html/ops/manage_special_users.php b/html/ops/manage_special_users.php
index 9c6d1ab..cb12448 100644
--- a/html/ops/manage_special_users.php
+++ b/html/ops/manage_special_users.php
@@ -69,5 +69,5 @@ end_table();
 
 admin_page_tail();
 
-$cvs_version_tracker[]="\$Id: manage_special_users.php 21143 2010-04-07 22:21:44Z boincadm $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/ops/manage_special_users_action.php b/html/ops/manage_special_users_action.php
index e23e719..82d1f8b 100644
--- a/html/ops/manage_special_users_action.php
+++ b/html/ops/manage_special_users_action.php
@@ -50,5 +50,5 @@ echo "Query was: $query</center>";
 
 admin_page_tail();
 
-$cvs_version_tracker[]="\$Id: manage_special_users_action.php 16132 2008-10-05 12:45:33Z jbk $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/ops/manage_user.php b/html/ops/manage_user.php
index 95a33d3..2ff10ff 100644
--- a/html/ops/manage_user.php
+++ b/html/ops/manage_user.php
@@ -395,5 +395,5 @@ if ($q) {
 admin_page_tail();
 
 $cvs_version_tracker[]=        //Generated automatically - do not edit
-    "\$Id: manage_user.php 24050 2011-08-26 18:30:13Z davea $"; 
+    "\$Id$"; 
 ?>
diff --git a/html/ops/pass_percentage_by_platform.php b/html/ops/pass_percentage_by_platform.php
index 1c771e5..e15f81d 100644
--- a/html/ops/pass_percentage_by_platform.php
+++ b/html/ops/pass_percentage_by_platform.php
@@ -180,5 +180,5 @@ echo "</form>\n";
 
 admin_page_tail();
 
-$cvs_version_tracker[]="\$Id: pass_percentage_by_platform.php 25175 2012-01-31 20:25:26Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/ops/problem_host.php b/html/ops/problem_host.php
index ee5ec16..d54bd85 100644
--- a/html/ops/problem_host.php
+++ b/html/ops/problem_host.php
@@ -137,5 +137,5 @@ if (!$hostid) {
 }
 
 admin_page_tail();
-$cvs_version_tracker[]="\$Id: problem_host.php 15758 2008-08-05 22:43:14Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/ops/profile_screen_action.php b/html/ops/profile_screen_action.php
index ca0be26..225f6fc 100644
--- a/html/ops/profile_screen_action.php
+++ b/html/ops/profile_screen_action.php
@@ -51,5 +51,5 @@ echo "
 
 admin_page_tail();
 
-$cvs_version_tracker[]="\$Id: profile_screen_action.php 16243 2008-10-21 18:55:17Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/ops/profile_screen_form.php b/html/ops/profile_screen_form.php
index 17c8762..b91d1f9 100644
--- a/html/ops/profile_screen_form.php
+++ b/html/ops/profile_screen_form.php
@@ -93,5 +93,5 @@ echo "
 ";
 
 admin_page_tail();
-$cvs_version_tracker[]="\$Id: profile_screen_form.php 22197 2010-08-11 18:52:11Z boincadm $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/ops/result_summary.php b/html/ops/result_summary.php
index 36b9a90..ceb783a 100644
--- a/html/ops/result_summary.php
+++ b/html/ops/result_summary.php
@@ -26,5 +26,5 @@ admin_page_head("Result summary");
 show_result_summary();
 
 admin_page_tail();
-$cvs_version_tracker[]="\$Id: result_summary.php 19053 2009-09-15 18:14:37Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/ops/white.css b/html/ops/white.css
deleted file mode 100644
index 7da7715..0000000
--- a/html/ops/white.css
+++ /dev/null
@@ -1,108 +0,0 @@
-a:link {
-	color: blue;
-}
-
-a:visited {
-	color: blue;
-}
-
-a:active {
-	color: blue;
-}
-
-body , table , input , select {
-	font-family: Verdana, Arial, Sans Serif;
-	font-size: small;
-}
-
-body {
-	background-color: white;
-    color: black;
-}
-
-table {
-    border: 0px;
-}
-
-table.bordered {
-      border: 1px solid black;
-}
-
-th {
-	background-color: #ffffcc;
-	font-weight: bold;
-}
-
-td {
-    border: 1px solid white;
-}
-
-td.bordered {
-        border: 1px solid grey;
-}
-
-td.indent {
-         border-left: 4px solid white;
-}
-
-td.heading {
-        background-color: rgb(217,217,217);
-	    font-weight: bold;
-}
-
-td.fieldname {
-        background-color: rgb(237,237,237);
-}
-
-td.category {
-        border: 1px solid black;
-}
-
-tr.row0 {
-        background-color: rgb(217,217,217);
-}
-
-tr.row1 {
-        background-color: rgb(237,237,237);
-}
-
-tr.subtitle {
-	background-color: white;
-	color: black;
-	font-weight: bold;
-}
-
-tr.message {
-    background-color:#E0E0EF;
-}
-
-input , select {
-	vertical-align: middle;
-}
-
-h1 , h2 {
-	color: black;
-	font-size: x-large;
-	font-weight: normal;
-	margin-top: 10px;
-}
-
-h3 , h4 {
-	color: black;
-	font-size: small;
-	font-weight: bold;
-}
-
-img {
-    border: 0px;
-}
-
-.title {
-	font-size: small;
-	font-weight: bold;
-}
-
-.description {
-	font-size: 80%;
-	font-weight: normal;
-}
diff --git a/html/project.sample/project_specific_prefs.inc b/html/project.sample/project_specific_prefs.inc
index 6e61789..1f4b491 100644
--- a/html/project.sample/project_specific_prefs.inc
+++ b/html/project.sample/project_specific_prefs.inc
@@ -219,6 +219,6 @@ function project_specific_prefs_parse($prefs_xml) {
     return $prefs;
 }
 
-$cvs_version_tracker[]="\$Id: project_specific_prefs.inc 24555 2011-11-09 07:41:49Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 
 ?>
diff --git a/html/user/add_venue.php b/html/user/add_venue.php
index fc26ae0..9a9bdcd 100644
--- a/html/user/add_venue.php
+++ b/html/user/add_venue.php
@@ -93,5 +93,5 @@ if ($action) {
     print_prefs_form("add", $subset, $venue, $user, $prefs, $columns);
 }
 page_tail();
-$cvs_version_tracker[]="\$Id: add_venue.php 24124 2011-09-02 21:45:13Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/boinc_logo_trans.gif b/html/user/boinc_logo_trans.gif
deleted file mode 100644
index de7b471..0000000
Binary files a/html/user/boinc_logo_trans.gif and /dev/null differ
diff --git a/html/user/create_account_form.php b/html/user/create_account_form.php
index 3bd7135..e184624 100644
--- a/html/user/create_account_form.php
+++ b/html/user/create_account_form.php
@@ -131,6 +131,6 @@ echo "
     </form>
 ";
 
-$cvs_version_tracker[]="\$Id: create_account_form.php 25335 2012-02-24 16:42:38Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 page_tail();
 ?>
diff --git a/html/user/edit_forum_preferences_form.php b/html/user/edit_forum_preferences_form.php
index 1813b23..ce833e7 100644
--- a/html/user/edit_forum_preferences_form.php
+++ b/html/user/edit_forum_preferences_form.php
@@ -180,5 +180,5 @@ row2(tra("Or click here to reset preferences to the defaults"),
 end_table();
 page_tail();
 
-$cvs_version_tracker[]="\$Id: edit_forum_preferences_form.php 24048 2011-08-25 22:12:48Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/forum_edit.php b/html/user/forum_edit.php
index bea7484..debd611 100644
--- a/html/user/forum_edit.php
+++ b/html/user/forum_edit.php
@@ -151,5 +151,5 @@ echo "</form>";
 
 page_tail();
 
-$cvs_version_tracker[]="\$Id: forum_edit.php 24048 2011-08-25 22:12:48Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/forum_help_desk.php b/html/user/forum_help_desk.php
index 6633bf2..5264065 100644
--- a/html/user/forum_help_desk.php
+++ b/html/user/forum_help_desk.php
@@ -79,5 +79,5 @@ echo "
 
 page_tail();
 
-$cvs_version_tracker[]="\$Id: forum_help_desk.php 24048 2011-08-25 22:12:48Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/forum_index.php b/html/user/forum_index.php
index 5f210d2..b139270 100644
--- a/html/user/forum_index.php
+++ b/html/user/forum_index.php
@@ -140,5 +140,5 @@ page_tail();
 flush();
 BoincForumLogging::cleanup();
 
-$cvs_version_tracker[]="\$Id: forum_index.php 24048 2011-08-25 22:12:48Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/forum_moderate_post_action.php b/html/user/forum_moderate_post_action.php
index 3ec32f8..807cce0 100644
--- a/html/user/forum_moderate_post_action.php
+++ b/html/user/forum_moderate_post_action.php
@@ -144,5 +144,5 @@ send_moderation_email($forum, $post, $thread, $explanation, $action_name);
 
 header('Location: forum_thread.php?id='.$thread->id);
 
-$cvs_version_tracker[]="\$Id: forum_moderate_post_action.php 24048 2011-08-25 22:12:48Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/forum_post.php b/html/user/forum_post.php
index 857b81a..9988482 100644
--- a/html/user/forum_post.php
+++ b/html/user/forum_post.php
@@ -136,5 +136,5 @@ echo "</form>\n";
 
 page_tail();
 
-$cvs_version_tracker[]="\$Id: forum_post.php 24048 2011-08-25 22:12:48Z davea $";
+$cvs_version_tracker[]="\$Id$";
 ?>
diff --git a/html/user/forum_rate.php b/html/user/forum_rate.php
index 92c84ba..fd6e551 100644
--- a/html/user/forum_rate.php
+++ b/html/user/forum_rate.php
@@ -89,5 +89,5 @@ function show_result_page($success, $post, $thread, $choice) {
     exit;
 }
 
-$cvs_version_tracker[]="\$Id: forum_rate.php 24048 2011-08-25 22:12:48Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/forum_reply.php b/html/user/forum_reply.php
index 2959f44..6a38cf7 100644
--- a/html/user/forum_reply.php
+++ b/html/user/forum_reply.php
@@ -166,5 +166,5 @@ function quote_text($text) {
     return $text;
 }
 
-$cvs_version_tracker[]="\$Id: forum_reply.php 24048 2011-08-25 22:12:48Z davea $";
+$cvs_version_tracker[]="\$Id$";
 ?>
diff --git a/html/user/forum_search.php b/html/user/forum_search.php
index 06c8ed4..8d3405f 100644
--- a/html/user/forum_search.php
+++ b/html/user/forum_search.php
@@ -91,5 +91,5 @@ end_table();
 
 page_tail();
 
-$cvs_version_tracker[]="\$Id: forum_search.php 24129 2011-09-06 04:34:29Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/forum_search_action.php b/html/user/forum_search_action.php
index bed806c..7e722ac 100644
--- a/html/user/forum_search_action.php
+++ b/html/user/forum_search_action.php
@@ -224,5 +224,5 @@ if (!count($thread) && !count($posts)){
 echo "<p><a href=\"forum_search.php\">".tra("Perform another search")."</a></p>";
 page_tail();
 
-$cvs_version_tracker[]="\$Id: forum_search_action.php 24129 2011-09-06 04:34:29Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/forum_thread.php b/html/user/forum_thread.php
index a041f3d..9893ef7 100644
--- a/html/user/forum_thread.php
+++ b/html/user/forum_thread.php
@@ -289,5 +289,5 @@ case 1:
 $thread->update("views=views+1");
 
 page_tail();
-$cvs_version_tracker[]="\$Id: forum_thread.php 25006 2012-01-06 22:22:02Z davea $";
+$cvs_version_tracker[]="\$Id$";
 ?>
diff --git a/html/user/head.jpg b/html/user/head.jpg
deleted file mode 100644
index 3450f5f..0000000
Binary files a/html/user/head.jpg and /dev/null differ
diff --git a/html/user/head.png b/html/user/head.png
deleted file mode 100644
index 2b34648..0000000
Binary files a/html/user/head.png and /dev/null differ
diff --git a/html/user/img/emphasized_post.png b/html/user/img/emphasized_post.png
deleted file mode 100644
index 876493e..0000000
Binary files a/html/user/img/emphasized_post.png and /dev/null differ
diff --git a/html/user/img/filtered_post.png b/html/user/img/filtered_post.png
deleted file mode 100644
index cc44577..0000000
Binary files a/html/user/img/filtered_post.png and /dev/null differ
diff --git a/html/user/img/flags/da.png b/html/user/img/flags/da.png
deleted file mode 100644
index 045552f..0000000
Binary files a/html/user/img/flags/da.png and /dev/null differ
diff --git a/html/user/img/rate_negative.png b/html/user/img/rate_negative.png
deleted file mode 100644
index 5ae3414..0000000
Binary files a/html/user/img/rate_negative.png and /dev/null differ
diff --git a/html/user/img/rate_positive.png b/html/user/img/rate_positive.png
deleted file mode 100644
index b261639..0000000
Binary files a/html/user/img/rate_positive.png and /dev/null differ
diff --git a/html/user/img/report_post.png b/html/user/img/report_post.png
deleted file mode 100644
index aff8baf..0000000
Binary files a/html/user/img/report_post.png and /dev/null differ
diff --git a/html/user/img/sticky_post.png b/html/user/img/sticky_post.png
deleted file mode 100644
index e5b5bb4..0000000
Binary files a/html/user/img/sticky_post.png and /dev/null differ
diff --git a/html/user/img/unread_post.png b/html/user/img/unread_post.png
deleted file mode 100644
index 103ef00..0000000
Binary files a/html/user/img/unread_post.png and /dev/null differ
diff --git a/html/user/img/unread_sticky.png b/html/user/img/unread_sticky.png
deleted file mode 100644
index 9629bf0..0000000
Binary files a/html/user/img/unread_sticky.png and /dev/null differ
diff --git a/html/user/info.php b/html/user/info.php
index b6814ee..c0cc330 100644
--- a/html/user/info.php
+++ b/html/user/info.php
@@ -58,5 +58,5 @@ echo "
     <p>".tra("These other projects are not associated with %1, and we cannot vouch for their security practices or the nature of their research. Join them at your own risk.", PROJECT);
 }
 page_tail();
-$cvs_version_tracker[]="\$Id: info.php 23010 2011-02-09 22:11:34Z davea $";
+$cvs_version_tracker[]="\$Id$";
 ?>
diff --git a/html/user/languages.txt b/html/user/languages.txt
deleted file mode 100644
index 75a4750..0000000
--- a/html/user/languages.txt
+++ /dev/null
@@ -1,188 +0,0 @@
-Abkhazian
-Afar
-Afrikaans
-Albanian
-Amharic
-Arabic
-Armenian
-Assamese
-Aymara
-Azebaijani
-Bahasa Indonesia
-Bangla
-Bashkir
-Basque
-Bengali
-Bhutanese
-Bhutani
-Bihari
-Bislama
-Breton
-Bulgarian
-Burmese
-Byelorussian
-Cambodian
-Catalan
-Chinese
-chiShona
-Choson-o
-Corsican
-Croat
-Croatian
-Czech
-Danish
-Dutch
-English
-Esperanto
-Estonian
-Faeroese
-Faroese
-Fiji
-Fijian
-Finnish
-French
-Frisian
-Scots
-Gaelic
-Galician
-Galla
-Georgian
-German
-Greek
-Greenlandic
-Guaraní
-Gujarati
-Gujerati
-Hausa
-Hebrew
-Hindi
-Hungarian
-Icelandic
-Indonesian
-Interlingua
-Interlingue
-Inupiak
-Inuktitut
-Irish
-isiXhosa
-isiZulu
-Italian
-Japanese
-Javanese
-Kannada
-Kashmiri
-Kazakh
-kinyaRuanda
-Kinyarwanda
-Kirghiz
-Kirundi
-kiRundi
-kiSwahili
-Korean
-Kurdish
-Lao
-Laothian
-Latin
-Latvian
-Lettish
-Lingala
-liNgala
-Lithuanian
-Macedonian
-Malagasy 
-Malay
-Malayalam
-Magyar
-Mahrati
-Maltese
-Maori
-Marathi
-Moldavian
-Mongolian
-Nauru
-Nepalese
-Nepali
-Nihongo
-Norwegian
-Occitan
-Oriya
-(Afan)Oromo
-Pashto
-Persian
-Pha Xa Lao
-Polish
-Portuguese
-Punjabi
-Pushto
-Pushtu
-Quechua
-Rhaeto-Romance
-Rhaeto-Romanic
-Romanian
-Romansch
-Rumanian
-Russian
-Samoan
-Sangho
-Sango-Ngbandi
-Sanskrit
-Scots Gaelic
-Serbian
-Serbo-Croatian
-Sesotho
-Setswana
-Shona
-Sindhi inghalese
-Sinhalese
-siSuthu
-Siswati
-siSwati
-Slovak
-Slovene
-Slovenian
-Somali
-Spanish
-Sundanese
-Suomi
-Swahili
-Swedish
-Tagalog
-Tajik
-Tajiki
-Tamil
-Tartar
-Tatar
-Telegu
-Telugu
-Thai
-Tibetan
-Tigrinya
-Tonga
-Tshi
-Tsonga
-Turcoman
-Turkish
-Turkmen
-Turkoman
-Twi
-Uigur
-Uighur
-Ukrainian
-Urdu
-Usbeg
-Usbek
-Uyghur
-Uzbeg
-Uzbek
-Vietnamese
-Volapük
-Welsh
-Wolof
-Xhosa
-Xosa
-Yiddish
-Yoruba
-Zhuang
-Zimany Kurdy
-Zulu
-Other
diff --git a/html/user/pending.php b/html/user/pending.php
index 3037057..d3ceb36 100644
--- a/html/user/pending.php
+++ b/html/user/pending.php
@@ -80,5 +80,5 @@ if ($format == "xml") {
     page_tail();
 }
 
-$cvs_version_tracker[]="\$Id: pending.php 24885 2011-12-24 05:19:21Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/prefs.php b/html/user/prefs.php
index a2f42b9..bd055e6 100644
--- a/html/user/prefs.php
+++ b/html/user/prefs.php
@@ -47,5 +47,5 @@ if ($subset == "global") {
 }
 page_tail();
 
-$cvs_version_tracker[]="\$Id: prefs.php 23010 2011-02-09 22:11:34Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/prefs_edit.php b/html/user/prefs_edit.php
index 1239ef6..6f24707 100644
--- a/html/user/prefs_edit.php
+++ b/html/user/prefs_edit.php
@@ -110,5 +110,5 @@ if ($action) {
 echo "<a href=prefs.php?subset=$subset$c>".tra("Back to preferences")."</a>\n";
 page_tail();
 
-$cvs_version_tracker[]="\$Id: prefs_edit.php 24109 2011-09-01 20:54:49Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/prefs_remove.php b/html/user/prefs_remove.php
index 5bf3f9e..27a2728 100644
--- a/html/user/prefs_remove.php
+++ b/html/user/prefs_remove.php
@@ -58,5 +58,5 @@ if ($confirmed) {
     page_tail();
 }
 
-$cvs_version_tracker[]="\$Id: prefs_remove.php 23030 2011-02-14 19:49:30Z boincadm $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/profile_alpha.html b/html/user/profile_alpha.html
deleted file mode 100644
index c128507..0000000
--- a/html/user/profile_alpha.html
+++ /dev/null
@@ -1 +0,0 @@
-<a href=user_profile/profile_A_1.html>A</a> <a href=user_profile/profile_B_1.html>B</a> C D <a href=user_profile/profile_E_1.html>E</a> <a href=user_profile/profile_F_1.html>F</a> G <a href=user_profile/profile_H_1.html>H</a> I <a href=user_profile/profile_J_1.html>J</a> K L M N O <a href=user_profile/profile_P_1.html>P</a> Q R <a href=user_profile/profile_S_1.html>S</a> <a href=user_profile/profile_T_1.html>T</a> U V <a href=user_profile/profile_W_1.html>W</a> X Y Z 0 1 2 3 4 5 6 7 8 9 
\ No newline at end of file
diff --git a/html/user/profile_menu.php b/html/user/profile_menu.php
index 62cd049..144c37f 100644
--- a/html/user/profile_menu.php
+++ b/html/user/profile_menu.php
@@ -108,5 +108,5 @@ function select_profile($cmd) {
     }
 }
 
-$cvs_version_tracker[]="\$Id: profile_menu.php 24324 2011-10-03 17:11:45Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/project_specific_prefs.inc.sample b/html/user/project_specific_prefs.inc.sample
index 278f144..94adb8a 100644
--- a/html/user/project_specific_prefs.inc.sample
+++ b/html/user/project_specific_prefs.inc.sample
@@ -1,5 +1,5 @@
 <?php
-$cvs_version_tracker[]="\$Id: project_specific_prefs.inc.sample 11356 2006-10-25 21:15:08Z boincadm $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 // Place your version in project_specific/project_specific_prefs.inc
 
 // Functions to display and edit project-specific prefs go here
diff --git a/html/user/sample_robots.txt b/html/user/sample_robots.txt
deleted file mode 100644
index 56e044d..0000000
--- a/html/user/sample_robots.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-User-agent: *
-Disallow: /account
-Disallow: /add_venue
-Disallow: /am_
-Disallow: /bug_report
-Disallow: /edit_
-Disallow: /host_
-Disallow: /prefs_
-Disallow: /result
-Disallow: /team
-Disallow: /workunit
diff --git a/html/user/show_user.php b/html/user/show_user.php
index cb9ac20..4d3e937 100644
--- a/html/user/show_user.php
+++ b/html/user/show_user.php
@@ -23,7 +23,7 @@
 // Object-caching and full-file caching is used to speed up queries
 // for data from this page.
 
-$cvs_version_tracker[]="\$Id: show_user.php 24708 2011-12-01 18:44:19Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 
 require_once("../inc/cache.inc");
 require_once("../inc/util.inc");
diff --git a/html/user/team_change_founder_form.php b/html/user/team_change_founder_form.php
index 9dab8ab..3a0c64d 100644
--- a/html/user/team_change_founder_form.php
+++ b/html/user/team_change_founder_form.php
@@ -113,5 +113,5 @@ if ($navailable_users > 0) {
 echo "</form>";
 page_tail();
 
-$cvs_version_tracker[]="\$Id: team_change_founder_form.php 23010 2011-02-09 22:11:34Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/team_email_list.php b/html/user/team_email_list.php
index eb92197..33145a5 100644
--- a/html/user/team_email_list.php
+++ b/html/user/team_email_list.php
@@ -79,5 +79,5 @@ if (!$plain) {
     page_tail();
 }
 
-$cvs_version_tracker[]="\$Id: team_email_list.php 23010 2011-02-09 22:11:34Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/team_founder_transfer_action.php b/html/user/team_founder_transfer_action.php
index e7ec1e0..4feb56c 100644
--- a/html/user/team_founder_transfer_action.php
+++ b/html/user/team_founder_transfer_action.php
@@ -138,6 +138,6 @@ echo "<a href='team_display.php?teamid=$team->id'>".tra("Return to team page")."
 
 page_tail();
 
-$cvs_version_tracker[]="\$Id: team_founder_transfer_action.php 23941 2011-08-06 07:11:17Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 
 ?>
diff --git a/html/user/team_founder_transfer_form.php b/html/user/team_founder_transfer_form.php
index 609fc4d..8d874ff 100644
--- a/html/user/team_founder_transfer_form.php
+++ b/html/user/team_founder_transfer_form.php
@@ -84,5 +84,5 @@ echo "<p><a href=\"team_display.php?teamid=".$team->id."\">".tra("Return to team
 
 page_tail();
 
-$cvs_version_tracker[]="\$Id: team_founder_transfer_form.php 23010 2011-02-09 22:11:34Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/team_join_action.php b/html/user/team_join_action.php
index 28a529d..040f508 100644
--- a/html/user/team_join_action.php
+++ b/html/user/team_join_action.php
@@ -46,5 +46,5 @@ if ($user->teamid == $team->id) {
 
 page_tail();
 
-$cvs_version_tracker[]="\$Id: team_join_action.php 23010 2011-02-09 22:11:34Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/team_join_form.php b/html/user/team_join_form.php
index 3b45cc0..766d9f9 100644
--- a/html/user/team_join_form.php
+++ b/html/user/team_join_form.php
@@ -47,5 +47,5 @@ echo "
 ";
 page_tail();
 
-$cvs_version_tracker[]="\$Id: team_join_form.php 23010 2011-02-09 22:11:34Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/team_quit_action.php b/html/user/team_quit_action.php
index a86c391..985a1cc 100644
--- a/html/user/team_quit_action.php
+++ b/html/user/team_quit_action.php
@@ -37,5 +37,5 @@ if ($user->teamid == $team->id) {
 
 page_tail();
 
-$cvs_version_tracker[]="\$Id: team_quit_action.php 23023 2011-02-11 18:32:47Z boincadm $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/html/user/team_quit_form.php b/html/user/team_quit_form.php
index da01a2a..de2f6ad 100644
--- a/html/user/team_quit_form.php
+++ b/html/user/team_quit_form.php
@@ -44,5 +44,5 @@ echo "<input type=\"hidden\" name=\"id\" value=\"$team->id\">
 ";
 page_tail();
 
-$cvs_version_tracker[]="\$Id: team_quit_form.php 23010 2011-02-09 22:11:34Z davea $";  //Generated automatically - do not edit
+$cvs_version_tracker[]="\$Id$";  //Generated automatically - do not edit
 ?>
diff --git a/lib/Makefile.am b/lib/Makefile.am
index fa12ffb..afe2537 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -1,5 +1,5 @@
 ## -*- mode: makefile; tab-width: 4 -*-
-## $Id: Makefile.am 25269 2012-02-16 00:08:40Z davea $
+## $Id$
 
 include $(top_srcdir)/Makefile.incl
 
diff --git a/lib/app_ipc.cpp b/lib/app_ipc.cpp
index d32908c..a6520c3 100644
--- a/lib/app_ipc.cpp
+++ b/lib/app_ipc.cpp
@@ -100,6 +100,7 @@ void APP_INIT_DATA::copy(const APP_INIT_DATA& a) {
     teamid                        = a.teamid;
     hostid                        = a.hostid;
     slot                          = a.slot;
+    client_pid                    = a.client_pid;
     user_total_credit             = a.user_total_credit;
     user_expavg_credit            = a.user_expavg_credit;
     host_total_credit             = a.host_total_credit;
@@ -192,6 +193,7 @@ int write_init_data_file(FILE* f, APP_INIT_DATA& ai) {
 #endif
     fprintf(f,
         "<slot>%d</slot>\n"
+        "<client_pid>%d</client_pid>\n"
         "<wu_cpu_time>%f</wu_cpu_time>\n"
         "<starting_elapsed_time>%f</starting_elapsed_time>\n"
         "<using_sandbox>%d</using_sandbox>\n"
@@ -213,6 +215,7 @@ int write_init_data_file(FILE* f, APP_INIT_DATA& ai) {
         "<rsc_disk_bound>%f</rsc_disk_bound>\n"
         "<computation_deadline>%f</computation_deadline>\n",
         ai.slot,
+        ai.client_pid,
         ai.wu_cpu_time,
         ai.starting_elapsed_time,
         ai.using_sandbox?1:0,
@@ -263,6 +266,7 @@ void APP_INIT_DATA::clear() {
     strcpy(result_name, "");
     strcpy(authenticator, "");
     slot = 0;
+    client_pid = 0;
     user_total_credit = 0;
     user_expavg_credit = 0;
     host_total_credit = 0;
@@ -367,6 +371,7 @@ int parse_init_data_file(FILE* f, APP_INIT_DATA& ai) {
         if (xp.parse_int("shm_key", ai.shmem_seg_name)) continue;
 #endif
         if (xp.parse_int("slot", ai.slot)) continue;
+        if (xp.parse_int("client_pid", ai.client_pid)) continue;
         if (xp.parse_double("user_total_credit", ai.user_total_credit)) continue;
         if (xp.parse_double("user_expavg_credit", ai.user_expavg_credit)) continue;
         if (xp.parse_double("host_total_credit", ai.host_total_credit)) continue;
diff --git a/lib/app_ipc.h b/lib/app_ipc.h
index 911d601..241b4d9 100644
--- a/lib/app_ipc.h
+++ b/lib/app_ipc.h
@@ -167,6 +167,7 @@ struct APP_INIT_DATA {
     char result_name[256];
     char authenticator[256];
     int slot;
+    int client_pid;
     double user_total_credit;
     double user_expavg_credit;
     double host_total_credit;
diff --git a/lib/boinc_win.h b/lib/boinc_win.h
index 99a20c1..f51ff3d 100644
--- a/lib/boinc_win.h
+++ b/lib/boinc_win.h
@@ -22,10 +22,6 @@
 #ifndef _BOINC_WIN_
 #define _BOINC_WIN_
 
-#ifndef MAXPATHLEN
-#define MAXPATHLEN 4096
-#endif
-
 #ifndef __CYGWIN32__
 
 // Windows C Runtime Library
@@ -96,6 +92,7 @@
 #include <shlobj.h>
 #include <userenv.h>
 #include <aclapi.h>
+#include <psapi.h>
 #include <iphlpapi.h>
 
 #if !defined(__CYGWIN32__) || defined(USE_WINSOCK)
diff --git a/lib/cert_sig.cpp b/lib/cert_sig.cpp
index cfbe202..41ddf6d 100644
--- a/lib/cert_sig.cpp
+++ b/lib/cert_sig.cpp
@@ -149,6 +149,7 @@ int CERT_SIGS::parse_file(const char* filename) {
     mf.init_file(f);
     XML_PARSER xp(&mf);
     if (!xp.parse_start("signatures")) {
+        fclose(f);
         return ERR_XML_PARSE;
     }
     retval = this->parse(xp);
diff --git a/lib/common_defs.h b/lib/common_defs.h
index da1bbc2..78f8c02 100644
--- a/lib/common_defs.h
+++ b/lib/common_defs.h
@@ -19,6 +19,7 @@
 #define _COMMON_DEFS_
 
 #include "miofile.h"
+#include "parse.h"
 
 // #defines or enums that are shared by more than one BOINC component
 // (e.g. client, server, Manager, etc.)
@@ -168,6 +169,36 @@ enum SUSPEND_REASON {
 #define RPC_REASON_INIT             6
 #define RPC_REASON_PROJECT_REQ      7
 
+struct TIME_STATS {
+// we maintain an exponentially weighted average of these quantities:
+    double now;
+        // the client's time of day
+    double on_frac;
+        // the fraction of total time this host runs the client
+    double connected_frac;
+        // of the time this host runs the client,
+        // the fraction it is connected to the Internet,
+        // or -1 if not known
+    double cpu_and_network_available_frac;
+        // of the time this host runs the client,
+        // the fraction it is connected to the Internet
+        // AND network usage is allowed (by prefs and user toggle)
+        // AND CPU usage is allowed
+    double active_frac;
+        // of the time this host runs the client,
+        // the fraction it is enabled to use CPU
+        // (as determined by preferences, manual suspend/resume, etc.)
+    double gpu_active_frac;
+        // same, GPU
+    double client_start_time;
+    double previous_uptime;
+        // duration of previous session
+
+    void write(MIOFILE&);
+    int parse(XML_PARSER&);
+    void print();
+};
+
 struct VERSION_INFO {
     int major;
     int minor;
@@ -191,5 +222,4 @@ struct VERSION_INFO {
 #define DEFAULT_SS_EXECUTABLE       "boincscr"
 #endif
 
-
 #endif
diff --git a/lib/coproc.h b/lib/coproc.h
index 5f011c7..2eb84b3 100644
--- a/lib/coproc.h
+++ b/lib/coproc.h
@@ -260,11 +260,11 @@ struct COPROC {
     COPROC() {
         clear();
     }
-    bool device_num_exists(int n) {
+    int device_num_index(int n) {
         for (int i=0; i<count; i++) {
-            if (device_nums[i] == n) return true;
+            if (device_nums[i] == n) return i;
         }
-        return false;
+        return -1;
     }
     void merge_opencl(
         std::vector<OPENCL_DEVICE_PROP> &opencls, 
diff --git a/lib/crypt.cpp b/lib/crypt.cpp
index 348efba..621a54e 100644
--- a/lib/crypt.cpp
+++ b/lib/crypt.cpp
@@ -345,7 +345,9 @@ int check_file_signature(
     clear_signature.len = MD5_LEN;
     retval = decrypt_public(key, signature, clear_signature);
     if (retval) {
-        fprintf(stderr, "check_file_signature: decrypt_public error %d\n", retval);
+        fprintf(stderr,
+            "check_file_signature: decrypt_public error %d\n", retval
+        );
         return retval;
     }
     answer = !strncmp(md5_buf, clear_buf, n);
diff --git a/lib/crypt_prog.cpp b/lib/crypt_prog.cpp
index d017411..3d45361 100644
--- a/lib/crypt_prog.cpp
+++ b/lib/crypt_prog.cpp
@@ -400,4 +400,4 @@ int main(int argc, char** argv) {
     return 0;
 }
 
-const char *BOINC_RCSID_6633b596b9 = "$Id: crypt_prog.cpp 25244 2012-02-13 08:41:48Z davea $";
+const char *BOINC_RCSID_6633b596b9 = "$Id$";
diff --git a/lib/diagnostics_win.cpp b/lib/diagnostics_win.cpp
index da571f5..edb47c8 100644
--- a/lib/diagnostics_win.cpp
+++ b/lib/diagnostics_win.cpp
@@ -330,7 +330,7 @@ int diagnostics_get_process_information(PVOID* ppBuffer, PULONG pcbBuffer) {
     do {
         *ppBuffer = HeapAlloc(hHeap, HEAP_ZERO_MEMORY, *pcbBuffer);
         if (*ppBuffer == NULL) {
-            retval = ERROR_NOT_ENOUGH_MEMORY;
+            return ERROR_NOT_ENOUGH_MEMORY;
         }
 
         Status = pNTQSI(
@@ -1630,17 +1630,27 @@ int diagnostics_dump_exception_record(PEXCEPTION_POINTERS pExPtrs) {
             break;
         case EXCEPTION_ACCESS_VIOLATION:
             strcpy(status, "Access Violation");
+            strcpy(substatus, "");
             if (pExPtrs->ExceptionRecord->NumberParameters == 2) {
                 switch(pExPtrs->ExceptionRecord->ExceptionInformation[0]) {
                 case 0: // read attempt
-                    sprintf(substatus, "read attempt to address 0x%8.8X", pExPtrs->ExceptionRecord->ExceptionInformation[1]);
+                    sprintf(substatus,
+                        "read attempt to address 0x%8.8X",
+                        pExPtrs->ExceptionRecord->ExceptionInformation[1]
+                    );
                     break;
                 case 1: // write attempt
-                    sprintf(substatus, "write attempt to address 0x%8.8X", pExPtrs->ExceptionRecord->ExceptionInformation[1]);
+                    sprintf(substatus,
+                        "write attempt to address 0x%8.8X",
+                        pExPtrs->ExceptionRecord->ExceptionInformation[1]
+                    );
                     break;
                 }
             }
-            fprintf(stderr, "Reason: %s (0x%x) at address 0x%p %s\n\n", status, exception_code, exception_address, substatus);
+            fprintf(stderr,
+                "Reason: %s (0x%x) at address 0x%p %s\n\n",
+                status, exception_code, exception_address, substatus
+            );
             break;
         case EXCEPTION_DATATYPE_MISALIGNMENT:
             diagnostics_dump_generic_exception("Data Type Misalignment", exception_code, exception_address);
diff --git a/lib/filesys.cpp b/lib/filesys.cpp
index a9c84d2..9020300 100644
--- a/lib/filesys.cpp
+++ b/lib/filesys.cpp
@@ -412,7 +412,7 @@ int dir_size(const char* dirpath, double& size, bool recurse) {
     } while (FindNextFileA(hFind, &findData));
 	::FindClose(hFind);
 #else
-    char filename[1024], subdir[1024];
+    char filename[MAXPATHLEN], subdir[MAXPATHLEN];
     int retval=0;
     DIRREF dirp;
     double x;
@@ -541,7 +541,7 @@ int boinc_copy(const char* orig, const char* newf) {
     }
     return 0;
 #elif defined(__EMX__)
-    char cmd[1024];
+    char cmd[2*MAXPATHLEN];
     sprintf(cmd, "copy \"%s\" \"%s\"", orig, newf);
     return system(cmd);
 #else
@@ -652,11 +652,11 @@ int boinc_chown(const char* path, gid_t gid) {
 // create directories dirpath/a, dirpath/a/b etc.
 //
 int boinc_make_dirs(const char* dirpath, const char* filepath) {
-    char buf[1024], oldpath[1024], newpath[1024];
+    char buf[MAXPATHLEN], oldpath[MAXPATHLEN], newpath[MAXPATHLEN];
     int retval;
     char *p, *q;
 
-    if (strlen(filepath) + strlen(dirpath) > 1023) return ERR_BUFFER_OVERFLOW;
+    if (strlen(filepath) + strlen(dirpath) > MAXPATHLEN-1) return ERR_BUFFER_OVERFLOW;
     strcpy(buf, filepath);
     strcpy(oldpath, dirpath);
 
@@ -804,31 +804,3 @@ int get_filesystem_info(double &total_space, double &free_space, char* path) {
 #endif
     return 0;
 }
-
-#ifndef _WIN32
-
-int get_file_dir(char* filename, char* dir) {
-    char buf[8192], *p, path[MAXPATHLEN];
-    struct stat sbuf;
-    int retval;
-
-    p = getenv("PATH");
-    if (!p) return ERR_NOT_FOUND;
-    strcpy(buf, p);
-
-    p = strtok(buf, ":");
-    while (p) {
-        sprintf(path, "%s/%s", p, filename);
-        retval = stat(path, &sbuf);
-        if (!retval && (sbuf.st_mode & 0111)) {
-            strcpy(dir, p);
-            return 0;
-        }
-        p = strtok(0, ":");
-    }
-    return ERR_NOT_FOUND;
-}
-
-
-#endif
-
diff --git a/lib/filesys.h b/lib/filesys.h
index 25a7555..9c7fa4e 100644
--- a/lib/filesys.h
+++ b/lib/filesys.h
@@ -18,12 +18,8 @@
 #ifndef _FILESYS_
 #define _FILESYS_
 
-#define FILE_RETRY_INTERVAL 5
-    // On Windows, retry for this period of time, since some other program
-    // (virus scan, defrag, index) may have the file open.
-
-
 #if defined(_WIN32) && !defined(__CYGWIN32__)
+#include "boinc_win.h"
 #else
 #include <dirent.h>
 #include <grp.h>
@@ -33,12 +29,15 @@
 #ifdef __cplusplus
 #include <string>
 #endif
+#endif /* !WIN32 */
 
 #ifndef MAXPATHLEN
-#define MAXPATHLEN 1024
+#define MAXPATHLEN 4096
 #endif
 
-#endif /* !WIN32 */
+#define FILE_RETRY_INTERVAL 5
+    // On Windows, retry for this period of time, since some other program
+    // (virus scan, defrag, index) may have the file open.
 
 #ifdef __cplusplus
 extern "C" {
@@ -126,15 +125,6 @@ struct FILE_LOCK {
     int unlock(const char* filename);
 };
 
-#ifndef _WIN32
-
-// search PATH, find the directory that a program is in, if any
-//
-extern int get_file_dir(char* filename, char* dir);
-
-#endif
-
-
 #endif /* c++ */
 
 #endif /* double-inclusion protection */
diff --git a/lib/gui_rpc_client.h b/lib/gui_rpc_client.h
index 4900429..f3b2e7f 100644
--- a/lib/gui_rpc_client.h
+++ b/lib/gui_rpc_client.h
@@ -33,13 +33,14 @@
 #include <locale.h>
 #endif
 
-#include "miofile.h"
-#include "prefs.h"
-#include "hostinfo.h"
+#include "cc_config.h"
 #include "common_defs.h"
-#include "notice.h"
+#include "filesys.h"
+#include "hostinfo.h"
+#include "miofile.h"
 #include "network.h"
-#include "cc_config.h"
+#include "notice.h"
+#include "prefs.h"
 
 struct GUI_URL {
     std::string name;
@@ -199,7 +200,9 @@ struct APP_VERSION {
     char platform[64];
     char plan_class[64];
     double avg_ncpus;
-    double ncudas;
+    int gpu_type;
+        // PROC_TYPE_xx
+    double gpu_usage;
     double natis;
     double gpu_ram;
     double flops;
@@ -367,6 +370,9 @@ struct GR_PROXY_INFO {
     void clear();
 };
 
+// Represents the entire client state.
+// Call get_state() infrequently.
+//
 struct CC_STATE {
     std::vector<PROJECT*> projects;
     std::vector<APP*> apps;
@@ -376,11 +382,12 @@ struct CC_STATE {
     std::vector<std::string> platforms;
         // platforms supported by client
     GLOBAL_PREFS global_prefs;  // working prefs, i.e. network + override
-    VERSION_INFO version_info;  // populated only if talking to pre-5.6 CC
+    VERSION_INFO version_info;  // populated only if talking to pre-5.6 client
     bool executing_as_daemon;   // true if client is running as a service / daemon
     HOST_INFO host_info;
-    bool have_nvidia;           // redundant; include for compat (set by <have_cuda/>)
-    bool have_ati;              // redundant; include for compat
+    TIME_STATS time_stats;
+    bool have_nvidia;           // deprecated; include for compat (set by <have_cuda/>)
+    bool have_ati;              // deprecated; include for compat
 
     CC_STATE();
     ~CC_STATE();
diff --git a/lib/gui_rpc_client_ops.cpp b/lib/gui_rpc_client_ops.cpp
index 38892ad..86474ca 100644
--- a/lib/gui_rpc_client_ops.cpp
+++ b/lib/gui_rpc_client_ops.cpp
@@ -76,6 +76,22 @@ using std::string;
 using std::vector;
 using std::sort;
 
+int TIME_STATS::parse(XML_PARSER& xp) {
+    memset(this, 0, sizeof(TIME_STATS));
+    while (!xp.get_tag()) {
+        if (xp.match_tag("/time_stats")) return 0;
+        if (xp.parse_double("now", now)) continue;
+        if (xp.parse_double("on_frac", on_frac)) continue;
+        if (xp.parse_double("connected_frac", connected_frac)) continue;
+        if (xp.parse_double("cpu_and_network_available_frac", cpu_and_network_available_frac)) continue;
+        if (xp.parse_double("active_frac", active_frac)) continue;
+        if (xp.parse_double("gpu_active_frac", gpu_active_frac)) continue;
+        if (xp.parse_double("client_start_time", client_start_time)) continue;
+        if (xp.parse_double("previous_uptime", previous_uptime)) continue;
+    }
+    return ERR_XML_PARSE;
+}
+
 int DAILY_XFER::parse(XML_PARSER& xp) {
     while (!xp.get_tag()) {
         if (xp.match_tag("/dx")) return 0;
@@ -477,20 +493,12 @@ APP_VERSION::~APP_VERSION() {
 }
 
 int APP_VERSION::parse_coproc(XML_PARSER& xp) {
-    char type_buf[256];
-    double count = 0;
-
     while (!xp.get_tag()) {
         if (xp.match_tag("/coproc")) {
-            if (!strcmp(type_buf, "CUDA")) {
-                ncudas = count;
-            } else if (!strcmp(type_buf, GPU_TYPE_ATI)) {
-                natis = count;
-            }
             return 0;
         }
-        if (xp.parse_str("type", type_buf, sizeof(type_buf))) continue;
-        if (xp.parse_double("count", count)) continue;
+        if (xp.parse_int("gpu_type", gpu_type)) continue;
+        if (xp.parse_double("gpu_usage", gpu_usage)) continue;
     }
     return ERR_XML_PARSE;
 }
@@ -948,6 +956,10 @@ int CC_STATE::parse(XML_PARSER& xp) {
             host_info.parse(xp);
             continue;
         }
+        if (xp.match_tag("time_stats")) {
+            time_stats.parse(xp);
+            continue;
+        }
         if (xp.parse_bool("have_cuda", have_nvidia)) continue;
         if (xp.parse_bool("have_ati", have_ati)) continue;
     }
@@ -1048,7 +1060,7 @@ RESULT* CC_STATE::lookup_result(PROJECT* project, const char* name) {
 RESULT* CC_STATE::lookup_result(const char* url, const char* name) {
     unsigned int i;
     for (i=0; i<results.size(); i++) {
-        if (strcmp(results[i]->project->master_url, url)) continue;
+        if (strcmp(results[i]->project_url, url)) continue;
         if (!strcmp(results[i]->name, name)) return results[i];
     }
     return 0;
diff --git a/lib/gui_rpc_client_print.cpp b/lib/gui_rpc_client_print.cpp
index 2d0d4c6..a9e7fd5 100644
--- a/lib/gui_rpc_client_print.cpp
+++ b/lib/gui_rpc_client_print.cpp
@@ -210,6 +210,17 @@ void SIMPLE_GUI_INFO::print() {
     }
 }
 
+void TIME_STATS::print() {
+    printf("  now: %f\n", now);
+    printf("  on_frac: %f\n", on_frac);
+    printf("  connected_frac: %f\n", connected_frac);
+    printf("  cpu_and_network_available_frac: %f\n", cpu_and_network_available_frac);
+    printf("  active_frac: %f\n", active_frac);
+    printf("  gpu_active_frac: %f\n", gpu_active_frac);
+    printf("  client_start_time: %f\n", client_start_time);
+    printf("  previous_uptime: %f\n", previous_uptime);
+}
+
 void CC_STATE::print() {
     unsigned int i;
     printf("======== Projects ========\n");
@@ -237,6 +248,8 @@ void CC_STATE::print() {
         printf("%d) -----------\n", i+1);
         results[i]->print();
     }
+    printf("\n======== Time stats ========\n");
+    time_stats.print();
 }
 
 void print_status(
diff --git a/lib/mac/QBacktrace.c b/lib/mac/QBacktrace.c
new file mode 100644
index 0000000..af09f66
--- /dev/null
+++ b/lib/mac/QBacktrace.c
@@ -0,0 +1,2531 @@
+// This file is part of BOINC.
+// http://boinc.berkeley.edu
+// Copyright (C) 2008 University of California
+//
+// BOINC is free software; you can redistribute it and/or modify it
+// under the terms of the GNU Lesser General Public License
+// as published by the Free Software Foundation,
+// either version 3 of the License, or (at your option) any later version.
+//
+// BOINC is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+// See the GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with BOINC.  If not, see <http://www.gnu.org/licenses/>.
+
+/*
+ *  QBacktrace.c
+ *
+ */
+ 
+/* This is part of a backtrace generator for boinc project applications.  
+*
+* Adapted from Apple Developer Technical Support Sample Code QCrashReport
+*
+* This code handles Mac OS X 10.3.x through 10.4.9.  It may require some 
+* adjustment for future OS versions; see the discussion of _sigtramp and 
+* PowerPC Signal Stack Frames below.
+*
+*  For useful tips on using backtrace information, see Apple Tech Note 2123:
+*  http://developer.apple.com/technotes/tn2004/tn2123.html#SECNOSYMBOLS
+*
+*  To convert addresses to correct symbols, use the atos command-line tool:
+*  atos -o path/to/executable/with/symbols address
+*  Note: if address 1a23 is hex, use 0x1a23.  
+*
+*  To demangle mangled C++ symbols, use the c++filt command-line tool. 
+*  You may need to prefix C++ symbols with an additonal underscore before 
+*  passing them to c++filt (so they begin with two underscore characters).
+*
+* A very useful shell script to add symbols to a crash dump can be found at:
+*  http://developer.apple.com/tools/xcode/symbolizingcrashdumps.html
+* Pipe the output of the shell script through c++filt to demangle C++ symbols.
+*/
+
+/*
+    File:       QBacktrace.c
+
+    Contains:   Code for generating backtraces.
+
+    Written by: DTS
+
+    Copyright:  Copyright (c) 2007 Apple Inc. All Rights Reserved.
+
+    Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple Inc.
+                ("Apple") in consideration of your agreement to the following
+                terms, and your use, installation, modification or
+                redistribution of this Apple software constitutes acceptance of
+                these terms.  If you do not agree with these terms, please do
+                not use, install, modify or redistribute this Apple software.
+
+                In consideration of your agreement to abide by the following
+                terms, and subject to these terms, Apple grants you a personal,
+                non-exclusive license, under Apple's copyrights in this
+                original Apple software (the "Apple Software"), to use,
+                reproduce, modify and redistribute the Apple Software, with or
+                without modifications, in source and/or binary forms; provided
+                that if you redistribute the Apple Software in its entirety and
+                without modifications, you must retain this notice and the
+                following text and disclaimers in all such redistributions of
+                the Apple Software. Neither the name, trademarks, service marks
+                or logos of Apple Inc. may be used to endorse or promote
+                products derived from the Apple Software without specific prior
+                written permission from Apple.  Except as expressly stated in
+                this notice, no other rights or licenses, express or implied,
+                are granted by Apple herein, including but not limited to any
+                patent rights that may be infringed by your derivative works or
+                by other works in which the Apple Software may be incorporated.
+
+                The Apple Software is provided by Apple on an "AS IS" basis. 
+                APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+                WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
+                MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, REGARDING
+                THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE OR IN
+                COMBINATION WITH YOUR PRODUCTS.
+
+                IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT,
+                INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+                TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+                DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ARISING IN ANY WAY
+                OUT OF THE USE, REPRODUCTION, MODIFICATION AND/OR DISTRIBUTION
+                OF THE APPLE SOFTWARE, HOWEVER CAUSED AND WHETHER UNDER THEORY
+                OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR
+                OTHERWISE, EVEN IF APPLE HAS BEEN ADVISED OF THE POSSIBILITY OF
+                SUCH DAMAGE.
+
+    Change History (most recent first):
+
+$Log: QBacktrace.c,v $
+Revision 1.2  2007/03/02 13:00:08         
+Quieten some warnings.
+
+Revision 1.1  2007/03/02 12:19:49         
+First checked in.
+
+
+*/
+
+/////////////////////////////////////////////////////////////////
+
+// Compatibility with OS 10.5 SDK and later
+#ifdef __DARWIN_UNIX03
+#undef __DARWIN_UNIX03
+#endif
+#define _NONSTD_SOURCE 1
+#define __DARWIN_UNIX03 0
+
+// Our Prototypes
+
+#include "QBacktrace.h"
+
+// Mac OS Interfaces
+
+#include <TargetConditionals.h>
+#include <AvailabilityMacros.h>
+
+#include <assert.h>
+#include <errno.h>
+#include <pthread.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <mach-o/arch.h>
+
+#if defined(__cplusplus)
+	extern "C" {
+#endif
+
+// Some extra Mach interfaces that we don't need in the public header.
+// Again, we need C++ guards.
+
+// We want both PowerPC and Intel thread state information.
+// By default, the system only gives us the one that's appropriate 
+// for our machine.  So we include both here.
+
+
+#if TARGET_CPU_PPC
+#include <mach/ppc/thread_status.h>
+#endif
+#include <mach/i386/thread_status.h>
+
+#if defined(__cplusplus)
+	}
+#endif
+
+#include "QSymbols.h"
+
+/////////////////////////////////////////////////////////////////
+
+// A new architecture will require substantial changes to this file.
+
+#if ! (TARGET_CPU_PPC || TARGET_CPU_PPC64 || TARGET_CPU_X86 || TARGET_CPU_X86_64)
+	#error QBacktrace: What architecture?
+#endif
+
+/////////////////////////////////////////////////////////////////
+#pragma mark ***** Architecture Specification
+
+// This is an extra flag for the flags field of the QBTFrame structure.
+// It is true if the symbol field of that structure was allocated by 
+// QBacktrace and should be disposed by QBacktraceDisposeSymbols.
+
+enum {
+    kQBTFrameSymbolNeedsDisposeMask = 0x0100
+};
+
+typedef struct QBTContext QBTContext;
+	// forward declaration
+
+// Architecture Callbacks -- Called by the core to do architecture-specific tasks.
+
+typedef int  (*QBTHandleLeafProc)(QBTContext *context, QTMAddr *pcPtr, QTMAddr *fpPtr);
+	// This callback is called by the core to start a backtrace. 
+	// It should extract the first PC and frame from the thread state 
+	// in the context and return them to the core.  Also, if the 
+	// routine detects a frameless leaf routine, it should add a 
+	// dummy frame for that routine (by calling AddFrame).
+	//
+	// On entry, context will be a valid context (as determined by QBTContextIsValid).
+	// On entry, pcPtr will not be NULL.
+	// On entry, fpPtr will not be NULL.
+	// Returns an errno-style error code.
+	// On success, *pcPtr must be the PC of the first non-leaf frame.
+	// On success, *fpPtr must be the frame pointer of the first non-leaf frame.
+
+typedef bool (*QBTValidPCProc)(QBTContext *context, QTMAddr pc);
+	// This callback is called by the core to check whether a PC address 
+	// is valid.  This is architecture-specific; for example, on PowerPC a 
+	// PC value must be a multiple of 4, whereas an Intel an instruction 
+	// can start at any address.
+	//
+	// At a minimum, an implementation is expected to check the PC's alignment 
+	// and read the instruction at the PC.
+	//
+	// IMPORTANT:
+	// The core code assumes that (QTMAddr) -1 is never a valid PC. 
+	// If that isn't true for your architecture, you'll need to eliminate 
+	// that assumption from the core.
+	// 
+	// On entry, context will be a valid context (as determined by QBTContextIsValid).
+	// On entry, pc can be any value.
+	// Returns true if the PC looks reasonably valid, false otherwise.
+
+typedef int  (*QBTGetFrameNextPCProc)(QBTContext *context, QTMAddr thisFrame, QTMAddr nextFrame, QTMAddr *nextPCPtr);
+	// This callback is called by the core to get the PC associated with 
+	// the next frame.  This is necessary because different architectures 
+	// store the PC in different places.  Specifically, PowerPC stores 
+	// the PC of a frame in that frame, whereas Intel stores the PC of 
+	// a frame in the previous frame (that is, the PC value in the frame 
+	// is actually a return address).
+	//
+	// On entry, context will be a valid context (as determined by QBTContextIsValid).
+	// On entry, thisFrame will be a valid frame.
+	// On entry, nextFrame will be the valid frame following thisFrame.
+	// On entry, nextPCPtr will not be NULL.
+	// Returns an errno-style error code.
+	// On success, *nextPCPtr must be the PC associated with nextFrame.
+
+typedef int  (*QBTCrossSignalFrameProc)(QBTContext *context, QTMAddr thisFrame, QTMAddr *nextPCPtr, QTMAddr *nextFramePtr);
+	// This callback is called by the core when it detects a cross signal 
+	// frame and wants to cross that frame in an architecture-specific 
+	// manner.  The code gets a pointer to the cross-signal handler frame 
+	// and is expected to return the PC and frame pointer of the first 
+	// non-leaf frame on the other side.  Furthermore, it must detect if 
+	// the first frame on the other side is a leaf frame and add a 
+	// dummy frame for that routine (by calling AddFrame) before returning.
+	//
+	// An implementation does not have to check the validity of the 
+	// returned PC and frame.  The core will do that for you.
+	// 
+	// On entry, context will be a valid context (as determined by QBTContextIsValid).
+	// On entry, thisFrame will be a valid cross-signal handler frame.
+	// On entry, nextPCPtr will not be NULL.
+	// On entry, nextFramePtr will not be NULL.
+	// Returns an errno-style error code.
+	// On success, *nextPCPtr must be the PC of the next non-leaf frame.
+	// On success, *nextFramePtr must be the PC of the next non-leaf frame.
+
+// Architecture Specification Structure -- Aggregates all of the information 
+// associated with a particular architecture.
+
+struct QBTArchInfo {
+    const char *                name;                       // just for debugging
+
+	// Information to identify the architecture
+	
+    cpu_type_t					cputype;					// per NXGetLocalArchInfo in <mach-o/arch.h>
+    cpu_subtype_t				cpusubtype;					// per NXGetLocalArchInfo in <mach-o/arch.h>, 0 for wildcard
+	bool						is64Bit;
+
+	// Misc information about the architecture
+	
+	QTMAddr                     frameAlignMask;				// mask to detect frame misalignment
+															// FP & frameAlignMask must be 0 for a valid frame
+	// Architecture-specific backtrace callbacks
+	
+	QBTHandleLeafProc           handleLeaf;					// described in detail above
+	QBTValidPCProc              validPC;					// described in detail above
+	QBTGetFrameNextPCProc       getFrameNextPC;				// described in detail above
+	QBTCrossSignalFrameProc     crossSignalFrame;			// described in detail above
+	
+	// Specification of how to call thread_get_state
+	
+	thread_state_flavor_t		stateFlavor;
+	mach_msg_type_number_t		stateCount;
+};
+typedef struct QBTArchInfo QBTArchInfo;
+
+static const QBTArchInfo kArchitectures[];
+	// forward declaration
+
+static const QBTArchInfo * GetTaskArch(QMOImageRef qmoImage)
+	// Returns a pointer to the architecture associated with the specific 
+	// task, or NULL if it's an architecture we don't know about. 
+{
+	const QBTArchInfo *     result;
+    const QBTArchInfo *     thisArch;
+    bool                    is64Bit;
+    cpu_type_t              cputype;
+    cpu_subtype_t           cpusubtype;
+	
+    assert(qmoImage != NULL);
+    
+	result = NULL;
+
+    // Get the architecture characteristics from the image.
+    
+    is64Bit    = QMOImageIs64Bit(qmoImage);
+    cputype    = QMOImageGetCPUType(qmoImage);
+    cpusubtype = QMOImageGetCPUSubType(qmoImage);
+
+    // Look through the architecture array for an architecture that matches the 
+    // target architecture.  Also, we prefer architectures with an exact CPU 
+    // subtype match, but we'll accept those with a 0 CPU subtype.
+    
+    thisArch = &kArchitectures[0];
+    while ( (thisArch->cputype != 0) && (result == NULL) ) {
+        if (   (thisArch->cputype == cputype)
+            && ((thisArch->cpusubtype == 0) || (thisArch->cpusubtype == cpusubtype))
+            && (thisArch->is64Bit == is64Bit) 
+           ) {
+            result = thisArch;
+        } else {
+            thisArch += 1;
+        }
+    }
+
+	return result;
+}
+
+/////////////////////////////////////////////////////////////////
+#pragma mark ***** Backtrace Core
+
+// Memory Read Callback
+
+typedef int (*QBTReadBytesProc)(QBTContext *context, QTMAddr src, void *dst, size_t size);
+	// This function pointer is called by the core backtrace code 
+	// when it needs to read memory.  The callback should do a safe 
+	// read of size bytes from src into the buffer specified by 
+	// dst.  By "safe" we mean that the routine should return an error 
+	// if the read can't be done (typically because src is a pointer to 
+	// unmapped memory).  It does not need to do any word size adjustment 
+    // or byte swapping.
+	//
+	// On entry, context will be a valid context (as determined by QBTContextIsValid).
+	// On entry, src can be any value.
+	// On entry, dst will not be NULL.
+	// On entry, size will be greater than 0.
+	// Returns an errno-style error code.
+	// On success, the routine has copied size bytes of data from the address src 
+	// in the remote task to the address dst in the local task.
+	// On error, the value at dst is unspecified.
+	//
+	// Note:
+	// In previous versions of QBacktrace, I supported alternative ways to 
+	// read bytes from the target.  For example, I could use the Carbon 
+	// exception handler mechanism <CoreServices/MachineExceptions.h> to read 
+	// data from the current task in a safe fashion.  This was useful because 
+	// it would work on both Mac OS X and traditional Mac OS.  Now that I 
+	// require Mac OS X and Mach-O, I can just use the Mach routines to do 
+	// my reading.  However, I've left the abstraction layer in place, 
+	// Just In Case (tm).
+
+struct QBTContext {
+
+	// Internal parameters that are set up by the caller 
+	// of the core backtrace code.
+	
+	const QBTArchInfo *		arch;                   // architecture specific info
+	task_t					task;                   // target task
+    QSymbolsRef             symRef;                 // symbols object for target task
+    bool                    createdSymRef;          // true if we created the symbols object
+	thread_state_flavor_t	threadStateFlavor;		// flavor of thread state
+	const void *            threadState;			// architecture-specific current thread state
+														// for example, on Intel this is x86_thread_state32_t
+	size_t					threadStateSize;		// size of threadState
+	QBTReadBytesProc		readBytes;				// described in detail above
+
+	// Stuff worked out internally by MachInitContextFromTask.
+	
+	bool					swapBytes;				// true if target and current task have different byte orders
+	QTMAddr					sigTrampLowerBound;		// bounds of _sigtramp in target task
+	QTMAddr					sigTrampUpperBound;
+	
+	// Parameters from client.
+	
+	QTMAddr                 stackBottom;            // bounds of stack in target task
+	QTMAddr                 stackTop;
+	QBTFrame *              frameArray;				// array contents filled out by core
+	size_t			        frameArrayCount;        // size of frameArray
+	size_t			        frameCountOut;			// returned by core
+};
+
+#if ! defined(NDEBUG)
+
+    // Because QBTContextIsValid is only referenced by assert macros, and these 
+    // are disabled by NDEBUG, we have to conditionalise this code based on 
+    // NDEBUG lest we get a "defined but not used" warning.
+
+    static bool QBTContextIsValid(const QBTContext *context)
+    {
+        return (context != NULL)
+            && (context->arch != NULL)
+            && (context->task != MACH_PORT_NULL)
+            && (context->symRef != NULL)
+            && ( (context->threadState == NULL) == (context->threadStateSize == 0) )
+            && (context->readBytes != NULL)
+            && (context->sigTrampLowerBound != 0)
+            && (context->sigTrampLowerBound < context->sigTrampUpperBound)
+            && (context->stackBottom <= context->stackTop)
+            && ((context->frameArrayCount == 0) || (context->frameArray != NULL));
+    }
+
+#endif
+
+static int BacktraceAdorn(QBTContext *context)
+    // Add symbols to all of the backtrace frames referenced by the context. 
+    // Uses the 'bulk' symbols-to-address routine, in the hope that this will 
+    // be faster one day.  Also uses the kQBTFrameSymbolNeedsDisposeMask flag 
+    // to tag each frame to indicate whether the client needs to dispose it.
+    //
+    // Note that failing to find symbol information for a particular address 
+    // will not cause this routine to fail.  Rather, the only causes of failure 
+    // are really bad things, like running out of memory.
+{
+    int                 err;
+    size_t              frameCount;
+    size_t              frameIndex;
+    QTMAddr *           addrs;
+    QSymSymbolInfo *    infos;
+    
+    assert(context != NULL);
+    assert(context->symRef != NULL);
+    assert(context->frameArray != NULL);
+    assert(context->frameArrayCount != 0);
+    assert(context->frameCountOut != 0);
+
+    // Only do the frames that actually exist.
+    
+    frameCount = context->frameCountOut;
+    if (frameCount > context->frameArrayCount) {
+        frameCount = context->frameArrayCount;
+    }
+    assert(frameCount > 0);         // because of our pre-conditions
+    
+    // Allocate arrays for call QSymGetSymbolsForAddresses.
+    
+    addrs = (QTMAddr *)        calloc(frameCount, sizeof(*addrs));
+    infos = (QSymSymbolInfo *) calloc(frameCount, sizeof(*infos));
+    err = 0;
+    if ((addrs == NULL) || (infos == NULL)) {
+        err = ENOMEM;
+    }
+
+    // Set up the addrs array and call QSymGetSymbolsForAddresses.
+    
+    if (err == 0) {
+        for (frameIndex = 0; frameIndex < frameCount; frameIndex++) {
+            addrs[frameIndex] = context->frameArray[frameIndex].pc;
+        }
+        
+        err = QSymGetSymbolsForAddresses(
+            context->symRef,
+            frameCount,
+            addrs,
+            infos
+        );
+    }
+    
+    // Place the symbol information into the output frames.
+    //
+    // For error handling to work, you must not error past this point.  Otherwise 
+    // we break the post-condition that the user doesn't need to do anything on 
+    // error.
+    
+    if (err == 0) {
+        for (frameIndex = 0; frameIndex < frameCount; frameIndex++) {
+            if (infos[frameIndex].symbolType != kQSymNoSymbol) {
+                if (context->createdSymRef) {
+                    const char *    libName;
+                    
+                    // Within this block, we ignore any failures; they just leave 
+                    // the relevant string NULL, which the dispose routine can 
+                    // handle.
+                    
+                    context->frameArray[frameIndex].symbol  = strdup(infos[frameIndex].symbolName);
+                    
+                    libName = QMOImageGetFilePath(infos[frameIndex].symbolImage);
+                    if (libName != NULL) {
+                        context->frameArray[frameIndex].library = strdup(libName);
+                    }
+
+                    // Tell the dispose routine that we need to look at this frame.
+                    
+                    context->frameArray[frameIndex].flags |= kQBTFrameSymbolNeedsDisposeMask;
+                } else {
+                    assert(infos[frameIndex].symbolImage != NULL);
+                    context->frameArray[frameIndex].symbol  = infos[frameIndex].symbolName;
+                    context->frameArray[frameIndex].library = QMOImageGetFilePath(infos[frameIndex].symbolImage);
+                }
+                context->frameArray[frameIndex].offset = infos[frameIndex].symbolOffset;
+            }
+        }
+    }
+    
+    // Clean up.
+    
+    free(addrs);
+    free(infos);
+    
+    return err;
+}
+
+static int ReadAddr(QBTContext *context, QTMAddr addr, QTMAddr *valuePtr)
+	// Reads an address (that is, a pointer) from the target task, 
+	// returning an error if the memory is unmapped.
+	//
+	// On entry, context will be a valid context (as determined by QBTContextIsValid).
+	// On entry, addr can be any value.
+	// On entry, valuePtr must not be NULL.
+	// Returns an errno-style error code.
+	// On success, *valuePtr will be the value of the pointer stored at addr in 
+	// the target task.
+{
+	int			err;
+	QTMAddr     value;
+	
+	assert(QBTContextIsValid(context));
+	assert(valuePtr != NULL);
+	
+	if (context->arch->is64Bit) {
+
+		// Read directly into value, and then swap all 8 bytes.
+		
+		err = context->readBytes(context, addr, &value, sizeof(value));
+		if (err == 0) {
+			if (context->swapBytes) {
+				value = OSSwapInt64(value);
+			}
+		}
+	} else {
+		uint32_t	tmpAddr;
+		
+		// Read into a temporary address, swap 4 bytes, then copy that 
+		// into value.  tmpAddr is unsigned, so we zero fill the top 
+		// 32 bits.
+		
+		err = context->readBytes(context, addr, &tmpAddr, sizeof(tmpAddr));
+		if (err == 0) {
+			if (context->swapBytes) {
+				tmpAddr = OSSwapInt32(tmpAddr);
+			}
+			value = tmpAddr;
+		}
+	}
+	if (err == 0) {
+		*valuePtr = value;
+	}
+	
+	return err;
+}
+
+static void AddFrame(QBTContext *context, QTMAddr pc, QTMAddr fp, QBTFlags flags)
+	// Adds a frame to the end of the output array with the 
+	// value specified by pc, fp, and flags.
+	//
+	// On entry, context will be a valid context (as determined by QBTContextIsValid).
+{
+	// Only actually output the frame if the client supplied an array 
+	// and we we haven't filled it up yet.
+	
+	assert(QBTContextIsValid(context));
+	
+	if ( (context->frameArray != NULL) && (context->frameCountOut < context->frameArrayCount) ) {
+		QBTFrame *	frameOutPtr;
+
+		frameOutPtr = &context->frameArray[context->frameCountOut];
+		frameOutPtr->pc    = pc;
+		frameOutPtr->fp    = fp;
+		frameOutPtr->flags = flags;
+	}
+	
+	// Always increment the frame count.
+	
+	context->frameCountOut += 1;	
+}
+
+static int BacktraceCore(QBTContext *context, size_t *frameCountPtr)
+	// The core backtrace code.  This routine is called by all of the various 
+	// exported routines.  It implements the core backtrace functionality. 
+	// All of the parameters to this routine are contained within 
+	// the context.  This routine traces back through the stack (using the 
+	// readBytes callback in the context to actually read memory) creating 
+	// a backtrace.
+{
+	int			err;
+	QTMAddr		thisPC;
+	QTMAddr		thisFrame;
+	QTMAddr		lowerBound;
+	QTMAddr		upperBound;
+	bool		stopNow;
+	
+	assert(QBTContextIsValid(context));
+
+    // Check that the contents of the frame array, if any, are all zero.
+    // MachInitContextFromTask did this for us.  We need this to be done 
+    // to maintain our post-condition, and it would be wasteful to do it twice.
+    
+    #if ! defined(NDEBUG)
+        if (context->frameArray != NULL) {
+            size_t          byteCount;
+            size_t          byteIndex;
+            const char *    byteBase;
+            
+            byteCount = context->frameArrayCount * sizeof(*context->frameArray);
+            byteBase  = (const char *) context->frameArray;
+            for (byteIndex = 0; byteIndex < byteCount; byteIndex++) {
+                assert(byteBase[byteIndex] == 0);
+            }
+        }
+    #endif
+	
+	lowerBound = context->stackBottom;
+	upperBound = context->stackTop;
+	if (upperBound == 0) {
+		if (context->arch->is64Bit) {
+			// This actually generates a theoretical off-by-one error (a fp of 
+			// 0xFFFFFFFF FFFFFFFF is falsely considered invalid), but that's 
+			// not a problem in practice.
+			upperBound = (QTMAddr)0xFFFFFFFFFFFFFFFFLL;
+		} else {
+			upperBound = (QTMAddr)0x0000000100000000LL;
+		}
+	}
+	
+	// If you supply bounds, they must make sense.
+	
+	assert(upperBound >= lowerBound);
+
+	// Handle any leaf frames, and also return to us the initial 
+	// PC and FP.  A failure here is worthy of being reported as a total 
+    // failure of the routine, so we allow err to propagate.
+
+	assert(context->frameCountOut == 0);			// set up by memset in MachInitContextFromTask
+	err = context->arch->handleLeaf(context, &thisPC, &thisFrame);
+	
+	// Handle the normal frames.
+	
+	if (err == 0) {
+		stopNow = false;
+		do {
+			QBTFrame *  frameOutPtr;
+			QBTFrame	tmpFrameOut;
+			QTMAddr 	nextFrame;
+			QTMAddr 	nextPC;
+			
+			// Output to a tmpFrameOut unless the client has supplied 
+			// a buffer and there's sufficient space left in it.
+			//
+			// IMPORTANT:
+			// You can't just add the frame information (possibly by calling 
+			// AddFrame) at the end of this loop, because the crossSignalFrame 
+			// callback may add its own frame, and we have to make sure that 
+			// this frame is allocated before that one.
+			
+			if ( (context->frameArray != NULL) && (context->frameCountOut < context->frameArrayCount) ) {
+				frameOutPtr = &context->frameArray[context->frameCountOut];
+			} else {
+				frameOutPtr = &tmpFrameOut;
+			}
+
+			// Record this entry.
+			
+			frameOutPtr->pc    = thisPC;
+			frameOutPtr->fp    = thisFrame;
+			frameOutPtr->flags = 0;
+			
+			// Now set the flags to indicate the validity of specific information. 
+			
+			// Check the validity of the PC.  Don't set the err here; a bad PC value 
+			// does not cause us to quit the backtrace.
+			
+			if ( ! context->arch->validPC(context, thisPC) ) {
+				frameOutPtr->flags |= kQBTPCBadMask;
+			} else {
+				// On PowerPC I used to report the address of the call, 
+				// rather than the return address.  That was easy: I just 
+				// decremented the returned PC by 4.  However, this is 
+				// much harder on Intel, where instructions are of variable 
+				// length.  So, I decided to do what Apple's tools do, 
+				// and just report the return address.
+			}
+			
+			// Check the validity of the frame pointer.  A bad frame pointer *does* 
+			// cause us to stop tracing.
+			
+			if (	(thisFrame == 0) 
+				 || (thisFrame & context->arch->frameAlignMask) 
+				 || (thisFrame < lowerBound) 
+				 || (thisFrame >= upperBound) 
+			   ) {
+				frameOutPtr->flags |= kQBTFrameBadMask;
+				stopNow = true;
+			}
+
+			if ( ! stopNow ) {
+
+				// Move to the next frame, either by crossing a signal handler frame 
+				// or by the usual mechanism.
+				
+				if (	!(frameOutPtr->flags & kQBTPCBadMask) 
+					  && ( thisPC >= context->sigTrampLowerBound ) 
+					  && ( thisPC <  context->sigTrampUpperBound ) 
+				   ) {
+
+					// If this frame is running in _sigtramp, get nextPC and nextFrame 
+					// by delving into the signal handler stack block.
+                    
+                    // While developing the various per-architecture cross signal 
+                    // frame handlers, there are many cases where I want to look at 
+                    // the stack in detail.  In these circumstances, running under 
+                    // the debugger can be difficult because, for signals like 
+                    // SIGSEGV, GDB will catch the signal and not let you continue 
+                    // into the handler.  So I typically stop in the signal handler 
+                    // and then attach with GDB.  This code let's me do it without 
+                    // have to recompile.
+
+#if 0       // Added for BOINC
+                    #if !defined(NDEBUG)
+                        {
+                            static bool     sInited;
+                            static bool     sStop;
+                            const char *    envVar;
+                            
+                            if ( ! sInited ) {
+                                envVar = getenv("QBACKTRACE_STOP_FOR_SIGNALS");
+                                sStop = ( (envVar != NULL) && (atoi(envVar) != 0) );
+                                sInited = true;
+                            }
+                            if (sStop) {
+                                fprintf(stderr, "BacktraceCore: Waiting for debugger, pid = %ld\n", (long) getpid());
+                                pause();
+                            }
+                        }
+                    #endif
+#endif
+					frameOutPtr->flags |= kQBTSignalHandlerMask;
+					err = context->arch->crossSignalFrame(context, thisFrame, &nextPC, &nextFrame);
+                    
+                    // If we get an error crossing the signal frame, we just stop. 
+                    // The trace up to this point is probably OK.
+                    
+                    if (err != 0) {
+                        stopNow = true;
+                        err = 0;
+                    }
+				} else {
+				
+					// Read the next frame pointer.  A failure here causes us to quit 
+					// backtracing.  Note that we set kQBTFrameBadMask in frameOutPtr 
+					// because, if we can't read the contents of the frame pointer, the 
+					// frame pointer itself must be bad.
+					
+					err = ReadAddr(context, thisFrame, &nextFrame);
+					if (err != 0) {
+						frameOutPtr->flags |= kQBTFrameBadMask;
+						nextFrame = (QTMAddr) -1;
+                        
+                        stopNow = true;
+                        err = 0;
+					}
+					
+					// Also get the PC of the next frame, or set it to dummy value if 
+					// there is no next frame or we can't get the PC from that frame.
+
+					if (	(frameOutPtr->flags & kQBTFrameBadMask) 
+						 || (context->arch->getFrameNextPC(context, thisFrame, nextFrame, &nextPC) != 0) 
+					   ) {
+						nextPC = (QTMAddr) -1;		// an odd value, to trigger above check on next iteration
+					}
+				}
+
+				// Set up for the next iteration.
+				
+				if ( (err == 0) && ! stopNow ) {
+                                        context->frameCountOut += 1;
+                                        
+					lowerBound = thisFrame;
+					thisPC     = nextPC;
+					thisFrame  = nextFrame;
+				}
+			}
+		} while ( (err == 0) && ! stopNow );
+	}
+
+    // Adorn the backtrace with symbol information.
+    
+    if ( (err == 0) && (context->frameArray != NULL) && (context->frameArrayCount != 0) && (context->frameCountOut != 0) ) {
+        err = BacktraceAdorn(context);
+    }
+
+    // Clean up.
+    
+    if (err != 0) {
+        QBacktraceDisposeSymbols(context->frameArray, context->frameArrayCount);
+        if (context->frameArray != NULL) {
+            memset(context->frameArray, 0, context->frameArrayCount * sizeof(*context->frameArray));
+        }
+        context->frameCountOut = 0;
+    }
+    *frameCountPtr = context->frameCountOut;
+
+	assert(QBTContextIsValid(context));
+	
+	return err;
+}
+
+#pragma mark ***** Mach Infrastructure
+
+static int MachReadBytes(QBTContext *context, QTMAddr src, void *dst, size_t size)
+	// A memory read callback for Mach.  This simply calls through to our 
+    // QTaskMemory abstraction layer, which in turns calls mach_vm_read_overwrite.
+	//
+	// See the description of QBTReadBytesProc for information about 
+	// the parameters.
+{
+	assert(QBTContextIsValid(context));
+	assert(dst != NULL);
+	assert(size > 0);
+
+	return QTMRead(context->task, src, size, dst);
+}
+
+static void MachTermContext(QBTContext *context)
+    // Clean up after a MachInitContext.  It's safe to call this even 
+    // if MachInitContext fails.
+{
+    assert(context != NULL);
+    
+    if (context->createdSymRef) {
+        QSymDestroy(context->symRef);
+    }
+}
+
+static int MachInitContextFromTask(
+	QBTContext *			context,
+	task_t					task,
+    cpu_type_t              cputype,
+	QTMAddr                 stackBottom, 
+	QTMAddr                 stackTop,
+    QSymbolsRef             symRef,
+	QBTFrame *              frameArray, 
+	size_t					frameArrayCount
+)
+    // Initialise the backtrace context from numerous parameters, mostly supplied 
+    // by the client.  Even if this fails, it's safe to call MachTermContext.
+{
+    int             err;
+    QMOImageRef     qmoImage = 0;
+    
+    assert(context != NULL);
+    assert(task != MACH_PORT_NULL);
+	assert( ((stackBottom == 0) && (stackBottom == stackTop)) || (stackBottom < stackTop) );
+	assert( (frameArrayCount == 0) || (frameArray != NULL) );
+    
+    // Clear the context first, to make it safe to call MachTermContext.
+    
+	memset(context, 0, sizeof(*context));
+
+    // Stuff that can't fail
+    
+    // Zap the input array; the BacktraceCore requires this to make error 
+    // handling easier.
+    
+    if (frameArray != NULL) {
+        memset(frameArray, 0, frameArrayCount * sizeof(*frameArray));
+    }
+    
+    // General stuff
+    
+	context->stackBottom     = stackBottom;
+	context->stackTop        = stackTop;
+	context->frameArray      = frameArray;
+	context->frameArrayCount = frameArrayCount;
+
+    // Platform specific stuff
+    
+	context->readBytes       = MachReadBytes;
+	context->task            = task;
+
+    // Stuff that might fail.
+    
+    // Create a symbols object for the task, if necessary, and use that to get 
+    // some basic information about it.
+    
+    err = 0;
+    if (symRef == NULL) {
+        context->createdSymRef = true;
+        err = QSymCreateFromTask(context->task, (context->task != mach_task_self()), cputype, &context->symRef);
+    } else {
+        context->symRef = symRef;
+    }
+    if (err == 0) {
+        qmoImage = QSymGetExecutableImage(context->symRef);
+        if (qmoImage == NULL) {
+            err = EINVAL;
+        }
+    }
+    if (err == 0) {
+        context->swapBytes = QMOImageIsByteSwapped(qmoImage);
+
+        context->arch = GetTaskArch(qmoImage);
+        if (context->arch == NULL) {
+            err = EINVAL;
+        }
+    }
+    
+    // Determine the address of _sigtramp.
+    
+    if (err == 0) {
+        QSymSymbolInfo symInfo;
+        QSymSymbolInfo nextSymInfo;
+        
+        err = QSymGetAddressForSymbol(context->symRef, "/usr/lib/libSystem.B.dylib", "__sigtramp", &symInfo);
+        if (err == 0) {
+            context->sigTrampLowerBound = symInfo.symbolValue;
+        }
+        if (err == 0) {
+            err = QSymGetNextSymbol(context->symRef, &symInfo, &nextSymInfo);
+            if (err == 0) {
+                context->sigTrampUpperBound = nextSymInfo.symbolValue;
+            } else {
+                // If QSymGetNextSymbol fails, just take a guess.
+                
+                context->sigTrampUpperBound = context->sigTrampLowerBound + 256;
+                err = 0;
+            }
+        }
+    }
+
+	assert( (err != 0) || QBTContextIsValid(context) );
+
+    return err;
+}
+
+#pragma mark ***** CPU Specific
+
+#if TARGET_CPU_PPC
+
+#pragma mark - PowerPC
+
+/*	PowerPC Stack Frame Basics
+	--------------------------
+	
+	
+						Offset	Size	Purpose
+						------	----	-------
+	low memory
+	fp == sp == r1 ->	0		X		pointer to next frame
+						X		X		place to save CR
+						2X		X		place to save LR
+						3X		2X		reserved
+						5X		X		place to save TOC (CFM only)
+	high memory
+	
+						where X is the address size (4 bytes for 32-bits, 
+						8 bytes for 64-bits)
+					
+	To get from one frame to the next, you have to indirect an offset 
+	of 0.  To extract the PC from a frame (which, notably, is the 
+	address of the code running in that frame, not a return address), you 
+	have to indirect an offset of 2X bytes (8 or 16).
+	
+	There's enough commonality between 32- and 64-bit PowerPC architectures 
+	that it's easy to handle them both with the same code.
+*/
+
+static bool PowerPCIsSystemCall(QBTContext *context, QTMAddr pc)
+	// Using the PC from the thread state, walk back through 
+	// the code stream for 3 instructions looking for a "sc" instruction. 
+	// If we find one, it's almost certain that we're in a system call 
+	// frameless leaf routine.
+{
+	int			err;
+	bool		isSystemCall;
+	int			count;
+	uint8_t		inst[4];
+	
+	isSystemCall = false;
+	count = 0;
+	do {
+		err = context->readBytes(context, pc, &inst, sizeof(inst));
+		if (err == 0) {
+			isSystemCall = (inst[0] == 0x44)		// PPC "sc" instruction
+			            && (inst[1] == 0x00)		// PPC instructions are always big 
+						&& (inst[2] == 0x00)		// endian, so we compare it byte at 
+						&& (inst[3] == 0x02);		// time for endian neutrality
+						
+		}
+		if ( (err == 0) && ! isSystemCall ) {
+			count += 1;
+			pc -= sizeof(inst);
+		}
+	} while ( (err == 0) && ! isSystemCall && (count < 3) );
+	err = 0;
+	
+	return isSystemCall;
+}
+
+static int PowerPCHandleLeaf(QBTContext *context, QTMAddr *pcPtr, QTMAddr *framePtr)
+	// This is the handleLeaf routine for the PowerPC 
+	// architecture.  See the description of QBTHandleLeafProc 
+	// for a detailed discussion of its parameters.
+	//
+	// The top most frame may be in a weird state because of the 
+	// possible variations in the routine prologue.  There are a 
+	// variety of combinations, such as:
+	//
+	// 1. a normal routine, with its return address stored in 
+	//    its caller's stack frame
+	//
+	// 2. a system call routine, which is a leaf routine with 
+	//    no frame and the return address is in LR
+	//
+	// 3. a leaf routine with no frame, where the return address 
+	//    is in LR
+	//
+	// 4. a leaf routine with no frame that accesses a global, where 
+	//    the return address is in r0
+	//
+	// 5. a normal routine that was stopped midway through 
+	//    constructing its prolog, where the return address is 
+	//    typically in r0
+	//
+	// Of these, 1 and 2 are most common, and they're the cases I 
+	// handle.  General support for all of the cases requires the 
+	// ability to accurately determine the start of the routine 
+	// which is not something that I can do with my current 
+	// infrastructure.
+	//
+	// Note that don't handle any cases where the return address is 
+	// in r0, although r0 is available as part of the threadState 
+	// if I need it in the future.
+{
+#ifdef __LP64__
+    return EINVAL;
+#else
+	int		err;
+	QTMAddr	pc;
+	QTMAddr	lr;
+    QTMAddr r1;
+	
+	// Get the pc and lr from the thread state.
+	
+    err = 0;
+    switch (context->threadStateFlavor) {
+        case PPC_THREAD_STATE:
+            pc = ((const ppc_thread_state_t *) context->threadState)->srr0;
+            lr = ((const ppc_thread_state_t *) context->threadState)->lr;
+            r1 = ((const ppc_thread_state_t *) context->threadState)->r1;
+            break;
+        case PPC_THREAD_STATE64:
+            pc = ((const ppc_thread_state64_t *) context->threadState)->srr0;
+            lr = ((const ppc_thread_state64_t *) context->threadState)->lr;
+            r1 = ((const ppc_thread_state64_t *) context->threadState)->r1;
+            break;
+
+        default:
+            err = EINVAL;
+            break;
+    }
+
+	// If we find that we're in a system call frameless leaf routine, 
+	// add a dummy stack frame (with no frame, because the frame actually 
+	// belows to frameArray[1]).
+
+    if (err == 0) {
+        if ( PowerPCIsSystemCall(context, pc) ) {
+
+            AddFrame(context, pc, 0, kQBTFrameBadMask);
+
+            pc = lr;
+        }
+
+        // Pass the initial pc and frame back to the caller.
+        
+        *pcPtr    = pc;
+        *framePtr = r1;
+    }
+
+	return err;
+#endif
+}
+
+static bool  PowerPCValidPC(QBTContext *context, QTMAddr pc)
+	// This is the validPC routine for the PowerPC 
+	// architecture.  See the description of 
+	// QBTValidPCProc for a detailed discussion 
+	// of its parameters.
+	//
+	// PowerPC instructions must be word aligned.  Also, I check that 
+	// it's possible to read the instruction.  I don't do anything 
+	// clever like check that the resulting value is a valid instruction.
+{
+	uint32_t	junkInst;
+	
+	return ((pc & 0x03) == 0) && (context->readBytes(context, pc, &junkInst, sizeof(junkInst)) == 0);
+}
+
+static int PowerPCGetFrameNextPC(QBTContext *context, QTMAddr thisFrame, QTMAddr nextFrame, QTMAddr *nextPCPtr)
+	// This is the getFrameNextPC routine for the PowerPC 
+	// architecture.  See the description of 
+	// QBTGetFrameNextPCProc for a detailed discussion 
+	// of its parameters.
+{
+    #pragma unused(thisFrame)
+    #pragma unused(nextFrame)
+	QTMAddr	offset;
+	
+	if ( context->arch->is64Bit ) {
+		offset = 16;
+	} else {
+		offset = 8;
+	}
+	
+	return ReadAddr(context, nextFrame + offset, nextPCPtr);
+}
+
+/*	PowerPC Signal Stack Frames
+	---------------------------
+	In the current Mac OS X architecture, there is no guaranteed reliable 
+	way to backtrace a PowerPC signal stack frame.  The problem is that the 
+	kernel pushes a variable amount of data on to the stack when it invokes the 
+	user space signal trampoline (_sigtramp), and the only handle to the 
+	information about how much data was pushed is passed in a register 
+	parameter to _sigtramp.  _sigtramp stashes that value away in a 
+	non-volatile register.  So, when _sigtramp calls the user-supplied 
+	signal handler, there's no way to work out where that register 
+	ends up being saved.
+	
+	Thus, we devolve into guesswork.  It turns out that the offset from 
+	the stack of the kernel data to the information we need (the place 
+	where the interrupted thread's registers were stored) is a (relatively) 
+	constant for any given system release.  So, we can just simply add the 
+	appropriate offset to the frame pointer and grab the data we need.
+	
+	On recent systems (10.3 and later) this fails if the signal handle 
+	requests 'dual contexts', that is, it requests both 32- and 64-bit 
+	PowerPC registers.  In that case, the size of the pushed data changes, 
+	and that affects the relative alignment of the data and the stack 
+	pointer, and things break.  I don't know of any way to work around 
+	this <rdar://problem/4411774>.
+	
+	Finally, these constant vary from release to release. 
+	This code handles the significant cases that I know about (Mac OS X 10.1.x 
+	and earlier, Mac OS X 10.2, and Mac OS 10.3 and later), but there's no 
+	guarantee that this offset won't change again in the future.
+
+	When the kernel invokes the user space signal trampoline, it pushes 
+	the following items on to the stack.
+	
+	Mac OS X 10.1.x
+	---------------
+					Size	Purpose
+					----	-------
+	low memory
+					0x030   bytes for C linkage
+					0x040 	bytes for saving PowerPC parameters
+					0x0c0	ppc_saved_state
+					0x110	ppc_float_state
+					0x018	struct sigcontext
+					0x0e0	red zone
+	high memory
+					The previous frame's SP is at offset 0x00C within 
+					ppc_saved_state, which makes it equal to 
+					0x030 + 0x040 + 0x00C, or 0x07C.  The offset to 
+					the previous PC (0x84) follows from that.
+				                   			 
+	Mac OS X 10.2.x
+	---------------
+					Size	Purpose
+					----	-------
+	low memory
+					0x030   bytes for C linkage
+					0x040 	bytes for saving PowerPC parameters
+					0x008	alignment padding
+					0x408   struct mcontext, comprised of:
+								 0x020 ppc_exception_state_t
+								 0x0A0 ppc_thread_state_t
+								 0x108 ppc_float_state_t
+								 0x240 ppc_vector_state_t
+					0x040	siginfo_t
+					0x020	ucontext
+					0x0e0	red zone
+	high memory	
+					The previous frame's SP is at offset 0x00C within 
+					ppc_thread_state_t, which it equal to 
+					0x030 + 0x040 + 0x008 + 0x020 + 0x00C, or 0x0A4. 
+					The offsets to the previous PC and LR (0x98 and 0x128) 
+					follow from that.
+
+	Mac OS X 10.3.x and 10.4.x
+	--------------------------
+                    
+                    Size (process/hardware/requested)               Purpose
+                    ---------------------------------               -------
+					32/32/x     32/64/32    32/64/64    64/64/x
+					------- 	--------	--------    -----
+	low memory
+					align16     align16     align16     align32		alignment
+					0x030       0x030       0x030       0x030		bytes for C linkage
+					0x040       0x040       0x040       0x040		bytes for saving PowerPC parameters
+					0x008       0x000       0x008       0x018       pad
+					0x040       0x040       0x040       0x068		[user_]siginfo_t
+					0x020       0x020       0x020       0x038		ucontext64
+					0x408       0x408       -           -           mcontext
+				    -           0x498       0x498       0x498		mcontext64
+				    align16     align16     align16     align32		alignment
+                    ?           ?           ?           ?           pad
+					0x0e0       0x0e0       0x0e0       0x140		red zone
+	high memory	
+					Some things to note about the above diagram:
+                    
+                    o The number and type of mcontexts depends on:
+                      - whether the process is 32- or 64-bit
+                      - whether the process is running on 32- or 64-bit hardware
+                      - whether the process requests 64-bit registers when it 
+                        installs its signal handler (the SA_64REGSET flag)
+                    
+                    o This, in turns, affects the amount of pad inserted to 
+                      get the proper alignment.
+
+					o For a 64-bit process, the kernel aligns the stack to a 
+					  32 byte boundary, even though the runtime architecture 
+					  only requires a 16 byte boundary.
+					  
+					o The final alignment is done last, but the pad that it 
+					  creates is effectively created between the parameter save 
+					  area and the [user_]siginfo_t because the C linkage area 
+					  and param save areas are both defined to be a fixed offset 
+					  from the frame pointer.
+					
+                    o This means that we have to use some heuristics to find the 
+                      amount of pad.  These heuristics generally involve looking 
+                      into the mcontext[64] to see if the registers in there 
+                      match the registers in the [user_]siginfo_t.  However, 
+                      this is further complicated by the fact that the mcontext 
+                      might be an mcontext64, even on a 32-bit process.
+                      
+                    o The pad size is highly constrained.  This is because the 
+                      kernel aligns the frame as part of setting up the red 
+                      zone and again to set up the linkage.  Thus, the only cause 
+                      of misalignment is the amount of data between the two alignments 
+                      operations.  For a 64-bit process, there's no variation, 
+                      so the pad size is always 0x018.  For a 32-bit system, 
+                      there's also no variability; the pad size is always 0x008.  
+                      The issues arise for 32-bit code on a 64-bit system, 
+                      where the pad size can be either 0x000 or 0x000.
+*/
+
+static bool PPCCheckFrameStyle(
+    QBTContext *context, 
+    QTMAddr     nextFrame, 
+    QTMAddr     sigInfoFPOffset,
+    QTMAddr     sigInfoSize,
+    QTMAddr     ucontextSize,
+    QTMAddr     padSize,
+    QTMAddr     mcontextFPOffset
+)
+    // Returns true if it seems that we're looking at the frame in the right way.  
+    // That is, for the signal crossing frame at nextFrame, return true if it 
+    // can be interpreted correctly the specified padSize and mcontextFPOffset.
+    //
+    // To check whether we're interpreting the frame correctly, we check that:
+    //
+    // 1. the uc_mcontext64 field of the ucontext points to the mcontext[64]
+    // 2. the FP we get from the mcontext[64] matches the FP we get from the 
+    //    sigInfo (stored in the pad[0] field at sigInfoFPOffset)
+{
+    int         err;
+    bool        result;
+    QTMAddr     sigInfo;
+    QTMAddr     ucontext;
+    QTMAddr     mcontext;
+    QTMAddr     mcontextFromUContext;
+    QTMAddr     preSignalFP;
+    QTMAddr     preSignalFPFromMContext;
+
+    assert(context != NULL);
+    assert( ! context->arch->is64Bit);
+    
+    result = false;
+    
+    // Get the sigInfo, ucontext and mcontext addresses.  This is, of course, 
+    // all provisional, based on the padSize.
+    
+    sigInfo  = nextFrame + 0x030 + 0x040 + padSize;
+    ucontext = sigInfo + sigInfoSize;
+    mcontext = ucontext + ucontextSize;
+
+    // Read the uc_mcontext64 field from the ucontext.
+    
+    err = ReadAddr(context, ucontext + 0x01c, &mcontextFromUContext);
+    
+    // Read the FP from the pad[0] of the siginfo_t.
+    
+    if (err == 0) {
+        err = ReadAddr(context, sigInfo + sigInfoFPOffset, &preSignalFP);
+    }
+    
+    // Read the FP from the mcontext[64].
+    
+    if (err == 0) {
+		err = ReadAddr(context, mcontext + mcontextFPOffset, &preSignalFPFromMContext);
+    }
+    
+    // Return true if the mcontext is where we expected and the FPs match.
+    
+    if (err == 0) {
+        result = (mcontext == mcontextFromUContext)
+              && (preSignalFP == preSignalFPFromMContext);
+    }
+    
+    return result;
+}
+
+static int PowerPCCrossSignalFrame(QBTContext *context, QTMAddr thisFrame, QTMAddr *nextPCPtr, QTMAddr *nextFramePtr)
+	// This is the crossSignalFrame routine for the PowerPC 
+	// architecture.  See the description of QBTCrossSignalFrameProc 
+	// for a detailed discussion of its parameters.
+{
+	int         err;
+    int         major;
+	QTMAddr     nextFrame;
+    QTMAddr     padSize = 0;
+    QTMAddr     sigInfoSize = 0;
+    QTMAddr     sigInfoFPOffset = 0;
+    QTMAddr     ucontextSize = 0;
+    QTMAddr     mcontextPCOffset = 0;
+    QTMAddr     mcontextFPOffset = 0;
+    QTMAddr     mcontextLROffset = 0;
+    QTMAddr     sigInfo;
+    QTMAddr     ucontext;
+    QTMAddr     mcontext;
+    QTMAddr     preSignalFP;
+    QTMAddr     preSignalFPFromMContext;
+    QTMAddr     preSignalPCFromMContext;
+    QTMAddr     preSignalLRFromMContext;
+
+    // The code depends on the version of the OS.  *sigh*
+    
+    err = QTMGetDarwinOSRelease(&major, NULL, NULL);
+
+    // Read the address of the frame below the _sigtramp frame, because 
+    // that where all the action is.
+
+    if (err == 0) {
+        err = ReadAddr(context, thisFrame, &nextFrame);
+    }
+	
+    // Sniff the frame to see which type it is:
+    
+    if (err == 0) {
+        if (context->arch->is64Bit) {
+            // For 64-bit processes, everything is easy.
+            
+            padSize          = 0x018;
+            sigInfoSize      = 0x068;
+            sigInfoFPOffset  = 0x030;
+            ucontextSize     = 0x038;
+            mcontextPCOffset = 0x020 + 0x000;
+            mcontextFPOffset = 0x020 + 0x018;
+            mcontextLROffset = 0x020 + 0x11c;
+        } else if (major < kQTMDarwinOSMajorForMacOSX103) {
+            #if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_3
+                #warning QBacktrace has not been tested properly on pre-10.3 systems.
+            #endif
+            /*
+                I used to have code (that was a lot more naive) that supported 
+                pre-10.3 systems.  I've abandoned these systems for my new code.
+                However, I've left the following information around in case I 
+                ever contemplate resurrecting the support for older systems.
+                
+                Some random numbers from the old pre-10.3 code:
+                
+                o 10.0 through 10.1.x
+                    offsetToPC = 0x84;
+                    offsetToFP = 0x7c;
+                    offsetToLR = 0;            
+                o 10.2.x
+                    offsetToPC = 0x98;
+                    offsetToFP = 0xa4;
+                    offsetToLR = 0x128;
+                  but G5-based 10.2.x systems are more like 10.3 (probably).
+            */
+            assert(false);
+            err = ENOTSUP;
+        } else {
+            // For 32-bit processes on 10.3 and later, things are much trickier.
+            
+            // padSize needs to be worked out
+            sigInfoSize      = 0x040;
+            sigInfoFPOffset  = 0x024;
+            ucontextSize     = 0x020;
+            // mcontextPCOffset needs to be worked out
+            // mcontextFPOffset needs to be worked out
+            // mcontextLROffset needs to be worked out
+            
+            // Try all three frame style...
+            
+            // 1. Start with the 32/64/64 case.
+            
+            padSize = 8;
+            // mcontext64 offsets
+            mcontextPCOffset = 0x020 + 0x004;
+            mcontextFPOffset = 0x020 + 0x01c;
+            mcontextLROffset = 0x020 + 0x120;
+            
+            // IMPORTANT:
+            // The above offsets are 4 larger than the equivalent offsets for a 
+            // 64-bit process.  That's because we'll read them using ReadAddr, 
+            // and ReadAddr will only read a 32-bits word on a 32-bit process.
+            // Thus, we have to make sure it reads the bottom 32-bits of the 
+            // mcontext64 field, which means we add 4 to the offset.
+            
+            if ( ! PPCCheckFrameStyle(context, nextFrame, sigInfoFPOffset, sigInfoSize, ucontextSize, padSize, mcontextFPOffset) ) {
+                // 2. OK, it's not that, let's try 32/32/x.
+                
+                // mcontext offsets
+                mcontextPCOffset = 0x020 + 0x000;
+                mcontextFPOffset = 0x020 + 0x00c;
+                mcontextLROffset = 0x020 + 0x090;
+
+                if ( ! PPCCheckFrameStyle(context, nextFrame, sigInfoFPOffset, sigInfoSize, ucontextSize, padSize, mcontextFPOffset) ) {
+                    // 3. OK, third time is a charm.  Let's try 32/64/32.
+
+                    padSize = 0;
+                    
+                    if ( ! PPCCheckFrameStyle(context, nextFrame, sigInfoFPOffset, sigInfoSize, ucontextSize, padSize, mcontextFPOffset) ) {
+                        err = EINVAL;
+                    }
+                }
+            }
+        }
+    }
+    
+    // Grab the pre-signal FP from the siginfo_t and the pre-signal FP, PC and LR 
+    // from the mcontext and use them to set up the results for the client.
+
+	mcontext = 0;		// quieten a warning
+    if (err == 0) {
+        sigInfo  = nextFrame + 0x030 + 0x040 + padSize;
+        ucontext = sigInfo + sigInfoSize;
+        mcontext = ucontext + ucontextSize;
+
+		err = ReadAddr(context, sigInfo + sigInfoFPOffset, &preSignalFP);
+    }
+    if (err == 0) {
+		err = ReadAddr(context, mcontext + mcontextFPOffset, &preSignalFPFromMContext);
+    }
+    if (err == 0) {
+		err = ReadAddr(context, mcontext + mcontextPCOffset, &preSignalPCFromMContext);
+    }
+    if (err == 0) {
+		err = ReadAddr(context, mcontext + mcontextLROffset, &preSignalLRFromMContext);
+    }
+    if (err == 0) {
+        assert(preSignalFPFromMContext == preSignalFP);
+        
+        *nextFramePtr = preSignalFP;
+        *nextPCPtr    = preSignalPCFromMContext;
+    }
+    	
+	// If the PC is a system call, add a dummy leaf for that PC 
+	// and then get the next frame's PC from LR.
+	
+	if ( (err == 0) && PowerPCIsSystemCall(context, *nextPCPtr) ) {
+		AddFrame(context, *nextPCPtr, 0, kQBTFrameBadMask);
+		
+        *nextPCPtr = preSignalLRFromMContext;
+	}
+	
+	return err;
+}
+#endif //TARGET_CPU_PPC
+
+#pragma mark - Intel
+#if TARGET_CPU_X86 || TARGET_CPU_X86_64
+
+/*	Intel Stack Frame Basics
+	------------------------
+	
+                        Offset	Size	Purpose
+                        ------	----	-------
+	low memory
+	sp == ESP/RSP ->    -??     ??		general work area
+                        -??		??		local variables
+	fp == EBP/RBP ->	0		X		pointer to next frame
+                        X		X		return address
+                        -??		??		parameters
+	high memory
+
+                    where X is the address size (4 bytes for 32-bits, 
+                    8 bytes for 64-bits)
+
+	The stack frame on Intel is remarkably traditional.  Two registers 
+	are used to manage the stack: ESP/RSP points to the bottom of the stack, 
+	and EBP/RBP points to the stack frame itself.  The memory at offset 0 
+	off the frame stores the address of the next stack frame.  The memory at 
+	offset X stores the saved PC for the next stack frame (that is, the return 
+	address for this stack frame).
+*/
+
+static bool IntelIsSystemCall(QBTContext *context, QTMAddr pc)
+	// Using the PC from the thread state, look back in the code 
+	// stream to see if the previous bytes look something like a 
+	// system call.  This is a heuristic rather than solid design. 
+	// Because Intel instructions are of variable length, there's no 
+	// guarantee that these bytes are part of some other instruction. 
+	// Still, it works most of the time.
+	//
+	// For 64-bit, all systems calls are done via SYSCALL.  Nice!
+    //
+    // For 32-bit, we need to look for two instructions:
+	//
+	// o INT 81 -- used for Mach system calls
+	// o sysenter -- used by BSD system calls
+	// 
+	// We detect INT 81 simply by looking for its bytes.  It's no 
+	// so easy to detect sysenter, because the PC we get is an 
+	// address in the specific system call, which actually calls 
+	// another routine (_sysenter_trap) to do the sysenter.  
+	// We look for the CALL disp32 instruction and, if we see, 
+	// work out the address that it calls.  We then get the 
+	// instructions from that address.  If that looks like a 
+	// sysenter, we're probably looking at a system call.
+{
+	int	err;
+	bool		isSystemCall;
+	uint8_t		buf[5];
+	uint32_t	sysEnterOffset;
+
+	isSystemCall = false;
+	err = context->readBytes(context, pc - sizeof(buf), buf, sizeof(buf));
+	if (err == 0) {
+        if (context->arch->is64Bit) {
+            isSystemCall = ( buf[3] == 0x0f && buf [4] == 0x05 );           // syscall
+        } else {
+            isSystemCall = ( buf[3] == 0xcd && buf[4] == 0x81);				// INT 81
+            
+            if ( ! isSystemCall && (buf[0] == 0xe8) ) {						// CALL disp32
+                // Get the disp32.
+                
+                sysEnterOffset = (buf[1] | (buf[2] << 8) | (buf[3] << 16) | (buf[4] << 24));
+
+                // Read the instructions at that offset from the PC and see if they're 
+                // the standard _sysenter_trap code.
+                //
+                // It's a happy coincidence that the size of the _sysenter_trap code is 
+                // 5 bytes, which is also the size of the buffer that I have lying around 
+                // to read the instructions in front of the PC.  The upshot is that I can 
+                // reuse buf rather than needing a second one.
+                
+                err = context->readBytes(context, pc + sysEnterOffset, buf, sizeof(buf));
+                if (err == 0) {
+                    isSystemCall = (buf[0] == 0x5a)								// pop      %edx
+                                && (buf[1] == 0x89)	&& (buf[2] == 0xe1)			// mov      %esp,%ecx
+                                && (buf[3] == 0x0f) && (buf[4] == 0x34);		// sysenter
+                }
+            }
+        }
+	}
+	return isSystemCall;
+}
+
+static int IntelHandleLeaf(QBTContext *context, QTMAddr *pcPtr, QTMAddr *framePtr)
+	// This is the handleLeaf routine for the Intel architecture.  See the 
+    // description of QBTHandleLeafProc for a detailed discussion of its 
+    // parameters.
+	// 
+	// I don't have the experience or the time to fully analyse 
+	// the leaf routine problem for Intel.  Rather, I just implemented 
+	// a simple system call check, much like I did on PowerPC.  This 
+	// seems to be effective in the cases that I care about.
+{
+	int		err;
+	QTMAddr	pc;
+	QTMAddr	sp;
+	QTMAddr	fp;
+	
+    err = 0;
+    switch (context->threadStateFlavor) {
+#ifdef __LP64__
+        case x86_THREAD_STATE64:
+
+            pc = ((const x86_thread_state64_t *) context->threadState)->rip;
+            sp = ((const x86_thread_state64_t *) context->threadState)->rsp;
+            fp = ((const x86_thread_state64_t *) context->threadState)->rbp;
+            break;
+        case x86_THREAD_STATE32:
+            pc = ((const x86_thread_state32_t *) context->threadState)->eip;
+            sp = ((const x86_thread_state32_t *) context->threadState)->esp;
+            fp = ((const x86_thread_state32_t *) context->threadState)->ebp;
+            break;
+#else
+        case x86_THREAD_STATE64:
+
+            pc = ((const x86_thread_state64_t *) context->threadState)->rip;
+            sp = ((const x86_thread_state64_t *) context->threadState)->rsp;
+            fp = ((const x86_thread_state64_t *) context->threadState)->rbp;
+            break;
+        case x86_THREAD_STATE32:
+            pc = ((const x86_thread_state32_t *) context->threadState)->eip;
+            sp = ((const x86_thread_state32_t *) context->threadState)->esp;
+            fp = ((const x86_thread_state32_t *) context->threadState)->ebp;
+            break;
+#endif
+        default:
+            err = EINVAL;
+    }
+
+	// If the PC is a system call, add a dummy leaf for that PC 
+	// and then get the next frame's PC from the top of stack.
+
+	if (err == 0) {
+        if ( IntelIsSystemCall(context, pc) ) {
+            AddFrame(context, pc, 0, kQBTFrameBadMask);
+
+            err = ReadAddr(context, sp, &pc);
+        }
+        if (err == 0) {
+            *pcPtr    = pc;
+            *framePtr = fp;
+        }
+    }
+	
+	return err;
+}
+
+static bool  IntelValidPC(QBTContext *context, QTMAddr pc)
+	// This is the validPC routine for the Intel 
+	// architecture.  See the description of 
+	// QBTValidPCProc for a detailed discussion 
+	// of its parameters.
+	//
+	// Intel instructions are not aligned in any way.  All, I can do 
+	// is check for known bad values ((QTMAddr) -1 is used as a 
+	// known bad value by the core) and check that I can read at least 
+	// byte of instruction from the address.
+{
+	uint8_t	junkInst;
+	
+	return (pc != (QTMAddr) -1) && (context->readBytes(context, pc, &junkInst, sizeof(junkInst)) == 0);
+}
+
+static int IntelGetFrameNextPC(QBTContext *context, QTMAddr thisFrame, QTMAddr nextFrame, QTMAddr *nextPCPtr)
+	// This is the getFrameNextPC routine for the Intel architecture.  See the 
+    // description of QBTGetFrameNextPCProc for a detailed discussion of its 
+	// parameters.
+	//
+	// This is very easy on Intel, because it's the return address, which is at a 
+    // fixed offset in the frame.
+{
+    #pragma unused(nextFrame)
+	QTMAddr	offset;
+	
+	if ( context->arch->is64Bit ) {
+		offset = 8;
+	} else {
+		offset = 4;
+	}
+	
+	return ReadAddr(context, thisFrame + offset, nextPCPtr);
+}
+
+#endif
+
+#if TARGET_CPU_X86
+
+/*	Intel 32-Bit Signal Stack Frames
+	--------------------------------
+	Cross signal stack frames is much more reliable on Intel.  The parameters 
+	to _sigtramp are stored on the stack, and you can reliably pick them up 
+	from there.
+
+					Size	Purpose
+					----	-------
+	low memory
+	
+	frame  ->		0x004	pre-signal frame pointer
+					0x018	struct sigframe32
+					0x020?	pad
+					0x258	struct mcontext
+								0x00c	x86_exception_state32_t
+								0x040	x86_thread_state32_t
+								0x20c	x86_float_state32_t
+					0x040	siginfo_t
+					0x020	struct ucontext
+	high memory
+	
+	As for other architectures, the kernel aligns the stack such that the catcher 
+    field of the (struct sigframe32) is aligned on a 16 byte boundary.  This means 
+    that there's a variable amount of pad between the (struct sigframe32) and the 
+    other fields.  However, for x86 this isn't a problem because the 
+    (struct sigframe32) contains pointers to the other structures that we need.
+    
+    Another thing to note is that SA_64REGSET flag isn't significant on x86.  
+    A 32-bit process will always get 32-bit structures and a 64-bit process will 
+    always get 64-bit structures.  This makes things somewhat easier than on 
+    PowerPC.
+    
+    The three values we need to get are:
+    
+    o pre-signal FP -- This is easy.  It's always pointed to by the current FP.
+    
+    o pre-signal PC -- This is hard because the obvious place that it's stored 
+      (the si_addr field of the siginfo_t) isn't reliable.  Specifically, for 
+      SIGBUS and SIGSEGV, this field holds the faulting address, not the faulting 
+      instruction's address.  *sigh*  So, we get this value by following the 
+      (struct sigframe32) to the (struct ucontext) to the (struct mcontext) to 
+      the (x86_thread_state32_t) to the ebp field.  *phew*
+    
+    o pre-signal SP -- The kernel stores this in the pad[0] field of the siginfo_t, 
+      so we use that.  We also check it against the esp from the thread state, 
+      just 'cause that's easy.
+    
+	The sinfo field of the sigframe32 structure is at offset 0x10 and the uctx 
+    field is at offset 0x14.  Once you account for the pre-signal frame pointer 
+    that's pushed on to the stack by _sigtramp, you need to go 0x14 bytes up the 
+    frame to get the sinfo field, which is a pointer to a siginfo_t structure.  
+    The kernel places the pre-signal PC and SP in fields in that structure (si_addr 
+    and pad[0], offset 0x18 and 0x24 respectively). 
+    
+	Finally, if we detect a frameless leaf routine past the signal frame, 
+	we extract its return address from the top of stack.
+*/
+
+static int Intel32CrossSignalFrame(QBTContext *context, QTMAddr thisFrame, QTMAddr *nextPCPtr, QTMAddr *nextFramePtr)
+	// This is the crossSignalFrame routine for the Intel 
+	// architecture.  See the description of 
+	// QBTCrossSignalFrameProc for a detailed discussion 
+	// of its parameters.
+{
+	int         err;
+    QTMAddr     sigFrame;
+	QTMAddr     sigInfo;
+	QTMAddr     ucontext;
+    QTMAddr     mcontext;
+    QTMAddr     threadState;
+	QTMAddr     preSignalFP;
+	QTMAddr     preSignalSP;
+    QTMAddr     preSignalFPFromMContext;
+    QTMAddr     preSignalSPFromMContext;
+    QTMAddr     preSignalPCFromMContext;
+    
+    sigFrame = thisFrame + 4;
+    
+	// Get the pre-signal FP by simply reading from the frame pointer. 
+	// Because of the way __sigtramp works, this ends up being correct.
+	
+    err = ReadAddr(context, thisFrame, &preSignalFP);
+	
+	// Get the siginfo_t pointer from the parameters to _sigtramp 
+	// (the sinfo field of sigframe32).
+	
+	if (err == 0) {
+        err = ReadAddr(context, sigFrame + 0x10, &sigInfo);
+	}
+	
+    // Get the pre-signal SP from the pad[0] field of the siginfo_t.
+
+    if (err == 0) {
+		err = ReadAddr(context, sigInfo + 0x24, &preSignalSP);
+    }
+
+	// Get the ucontext address from the parameters to _sigtramp 
+    // (the uctx field of the sigframe32).
+	
+	if (err == 0) {
+		err = ReadAddr(context, sigFrame + 0x14, &ucontext);
+	}
+    
+    // Get the mcontext address from the uc_mcontext field of the ucontext.
+    
+    if (err == 0) {
+		err = ReadAddr(context, ucontext + 0x1c, &mcontext);
+    }
+    
+    // Get the address of the ss field of the mcontext.  This is the 
+    // x86_thread_state_32_t.  Then extract the ebp, esp, and eip fields from 
+    // that.
+    
+    if (err == 0) {
+        threadState = mcontext + 0x0c;
+        
+        err = ReadAddr(context, threadState + 0x18, &preSignalFPFromMContext);
+        if (err == 0) {
+            err = ReadAddr(context, threadState + 0x1c, &preSignalSPFromMContext);
+        }
+        if (err == 0) {
+            err = ReadAddr(context, threadState + 0x28, &preSignalPCFromMContext);
+        }
+    }
+    if (err == 0) {
+        assert(preSignalFPFromMContext == preSignalFP);
+        assert(preSignalSPFromMContext == preSignalSP);
+        
+        *nextFramePtr = preSignalFP;
+        *nextPCPtr    = preSignalPCFromMContext;
+    }
+    
+	// Finally, if we detect a leaf routine, add a dummy frame for it 
+	// and then get the pre-signal SP and, assuming that the top word on 
+    // the stack is a return address, use it for the next PC.
+	
+	if ( (err == 0) && IntelIsSystemCall(context, *nextPCPtr) ) {
+		AddFrame(context, *nextPCPtr, 0, kQBTFrameBadMask);
+		
+        err = ReadAddr(context, preSignalSP, nextPCPtr);
+	}
+	
+	return err;
+}
+
+#endif
+
+#if TARGET_CPU_X86_64
+
+/*
+	Intel 64-Bit Signal Stack Frames
+	--------------------------------
+    Like PowerPC, x86-64 passes most parameters in registers.  This makes it 
+    hard to cross signal stack frames successfully.  However, like PowerPC, some 
+    heuristics get us there most of the time.
+    
+					Size	Purpose
+					----	-------
+	low memory
+	
+	frame  ->		0x008	pre-signal frame pointer
+                    0x008   space for return address (unused)
+					0x014?  alignment padding (typically 0x014 or 0x01c)
+					0x2c4	struct mcontext64
+								0x010	x86_exception_state64_t
+								0x0A8	x86_thread_state64_t
+								0x20c	x86_float_state64_t
+					0x068	user_siginfo_t
+					0x038	struct user_ucontext64
+                    0x080   red zone
+	high memory
+
+	Things to note about the above:
+	
+	o The kernel places the pre-signal SP in the pad[0] field (offset 0x30) of 
+      the user_siginfo_t structure.
+    
+    o Most of the time the kernel puts the pre-signal PC in the si_addr field
+      of the same structure.  However, for SIGBUS and SIGSEGV this is actually 
+      the address of the fault itself, so that doesn't help us.
+	
+	o The kernel aligns the stack such that the start of the alignment padding 
+      is on a 16 byte boundary.  This means that there's a variable amount of pad 
+      (from 0x10 through 0x1c) between the current frame and the user_siginfo_t.  
+      Argh!
+
+    o The reason why this alignment padding is typically either 0x014 or 0x01c is 
+      that the (struct mcontext64) is 0x2c4 bytes.  So, if the stack was reasonably 
+      aligned (that is, to an 8 byte boundary) when the signal occurs, by the time 
+      we've deducted space for all our junk (0x080 + 0x038 + 0x068 + 0x2c4) we've 
+      pushed the alignment to a 4 byte boundary.  To bring it back, we have to 
+      pad to with either 0x014 or 0x01c.
+    
+      However, rather than just guess, I actually try all possible alignments 
+      (0x000 through 0x01c) and see which one makes sense.
+
+    Another thing to note is that SA_64REGSET flag isn't significant on x86.  
+    A 32-bit process will always get 32-bit structures and a 64-bit process will 
+    always get 64-bit structures.  This makes things somewhat easier than on 
+    PowerPC.
+
+	Finally, if we detect a frameless leaf routine past the signal frame, 
+	we extract its return address from the top of stack.
+*/
+
+static int Intel64CrossSignalFrame(QBTContext *context, QTMAddr thisFrame, QTMAddr *nextPCPtr, QTMAddr *nextFramePtr)
+	// This is the crossSignalFrame routine for the 64-bit Intel  
+	// architecture.  See the description of 
+	// QBTCrossSignalFrameProc for a detailed discussion 
+	// of its parameters.
+{
+	int         err;
+	QTMAddr     sigInfo;
+    QTMAddr     ucontext;
+    QTMAddr     mcontext;
+    QTMAddr     threadState;
+	QTMAddr     preSignalFP;
+    QTMAddr     preSignalSP;
+	QTMAddr     preSignalFPFromMContext;
+    QTMAddr     preSignalSPFromMContext;
+    QTMAddr     align;
+    
+	// Get the previous frame by simply reading from the frame pointer. 
+	// Because of the way things work, this ends up being correct.
+
+    err = ReadAddr(context, thisFrame, &preSignalFP);
+    
+    if (err == 0) {        
+        // Now try various alignments to see which one yields a valid result.
+        
+        for (align = 0x010; align < 0x020; align += 4) {
+            // Use the 'Hail Mary (tm)' algorithm to get a pointer to the user_siginfo_t 
+            // and the (struct user_ucontext64) that immediately follows it.
+            
+            sigInfo = thisFrame + 0x008 + 0x08 + align + 0x2