summaryrefslogtreecommitdiff
path: root/cpp
diff options
context:
space:
mode:
Diffstat (limited to 'cpp')
-rw-r--r--cpp/src/Ice/PropertyNames.cpp13
-rw-r--r--cpp/src/Ice/PropertyNames.h2
-rw-r--r--cpp/src/IceSSL/SChannelEngine.cpp142
-rw-r--r--cpp/src/IceSSL/SSLEngine.h3
-rw-r--r--cpp/src/IceSSL/Util.cpp62
-rw-r--r--cpp/test/IceSSL/configuration/AllTests.cpp11
6 files changed, 95 insertions, 138 deletions
diff --git a/cpp/src/Ice/PropertyNames.cpp b/cpp/src/Ice/PropertyNames.cpp
index 11b035d47df..85a3a74b44f 100644
--- a/cpp/src/Ice/PropertyNames.cpp
+++ b/cpp/src/Ice/PropertyNames.cpp
@@ -6,7 +6,7 @@
// ICE_LICENSE file included in this distribution.
//
// **********************************************************************
-// Generated by makeprops.py from file ./config/PropertyNames.xml, Tue Apr 28 17:34:50 2015
+// Generated by makeprops.py from file ./config/PropertyNames.xml, Tue Apr 28 22:03:41 2015
// IMPORTANT: Do not edit this file -- any edits made here will be lost!
@@ -999,9 +999,10 @@ const IceInternal::Property IceSSLPropsData[] =
{
IceInternal::Property("IceSSL.Alias", false, 0),
IceInternal::Property("IceSSL.CAs", false, 0),
- IceInternal::Property("IceSSL.CertAuthDir", true, 0),
- IceInternal::Property("IceSSL.CertAuthFile", true, 0),
+ IceInternal::Property("IceSSL.CertAuthDir", true, "IceSSL.CAs"),
+ IceInternal::Property("IceSSL.CertAuthFile", true, "IceSSL.CAs"),
IceInternal::Property("IceSSL.CertStore", false, 0),
+ IceInternal::Property("IceSSL.CertStoreLocation", false, 0),
IceInternal::Property("IceSSL.CertFile", false, 0),
IceInternal::Property("IceSSL.CertVerifier", false, 0),
IceInternal::Property("IceSSL.CheckCertName", false, 0),
@@ -1012,11 +1013,11 @@ const IceInternal::Property IceSSLPropsData[] =
IceInternal::Property("IceSSL.DHParams", false, 0),
IceInternal::Property("IceSSL.EntropyDaemon", false, 0),
IceInternal::Property("IceSSL.FindCert", false, 0),
- IceInternal::Property("IceSSL.FindCert.*", true, 0),
+ IceInternal::Property("IceSSL.FindCert.*", true, "IceSSL.FindCert"),
IceInternal::Property("IceSSL.ImportCert.*", true, 0),
IceInternal::Property("IceSSL.InitOpenSSL", false, 0),
IceInternal::Property("IceSSL.KeyFile", true, 0),
- IceInternal::Property("IceSSL.KeySet", false, 0),
+ IceInternal::Property("IceSSL.KeySet", true, "IceSSL.CertStoreLocation"),
IceInternal::Property("IceSSL.Keychain", false, 0),
IceInternal::Property("IceSSL.KeychainPassword", false, 0),
IceInternal::Property("IceSSL.Keystore", false, 0),
@@ -1025,7 +1026,7 @@ const IceInternal::Property IceSSLPropsData[] =
IceInternal::Property("IceSSL.Password", false, 0),
IceInternal::Property("IceSSL.PasswordCallback", false, 0),
IceInternal::Property("IceSSL.PasswordRetryMax", false, 0),
- IceInternal::Property("IceSSL.PersistKeySet", false, 0),
+ IceInternal::Property("IceSSL.PersistKeySet", true, 0),
IceInternal::Property("IceSSL.Protocols", false, 0),
IceInternal::Property("IceSSL.ProtocolVersionMax", false, 0),
IceInternal::Property("IceSSL.ProtocolVersionMin", false, 0),
diff --git a/cpp/src/Ice/PropertyNames.h b/cpp/src/Ice/PropertyNames.h
index cf92a38d43f..263f20d1008 100644
--- a/cpp/src/Ice/PropertyNames.h
+++ b/cpp/src/Ice/PropertyNames.h
@@ -6,7 +6,7 @@
// ICE_LICENSE file included in this distribution.
//
// **********************************************************************
-// Generated by makeprops.py from file ./config/PropertyNames.xml, Tue Apr 28 17:34:50 2015
+// Generated by makeprops.py from file ./config/PropertyNames.xml, Tue Apr 28 22:03:41 2015
// IMPORTANT: Do not edit this file -- any edits made here will be lost!
diff --git a/cpp/src/IceSSL/SChannelEngine.cpp b/cpp/src/IceSSL/SChannelEngine.cpp
index ddc47619373..89774a7b8f1 100644
--- a/cpp/src/IceSSL/SChannelEngine.cpp
+++ b/cpp/src/IceSSL/SChannelEngine.cpp
@@ -255,11 +255,12 @@ SChannelEngine::initialize()
getLogger()->trace(securityTraceCategory(), os.str());
}
- string certStore = properties->getPropertyWithDefault(prefix + "CertStore", "CurrentUser");
- if(certStore != "CurrentUser" && certStore != "LocalMachine")
+ string certStoreLocation = properties->getPropertyWithDefault(prefix + "CertStoreLocation", "CurrentUser");
+ if(certStoreLocation != "CurrentUser" && certStoreLocation != "LocalMachine")
{
- getLogger()->warning("Invalid IceSSL.CertStore value `" + certStore + "' adjusted to `CurrentUser'");
- certStore = "CurrentUser";
+ getLogger()->warning("invalid IceSSL.CertStoreLocation value `" + certStoreLocation +
+ "' adjusted to `CurrentUser'");
+ certStoreLocation = "CurrentUser";
}
//
@@ -276,7 +277,8 @@ SChannelEngine::initialize()
if(!_rootStore)
{
throw PluginInitializationException(__FILE__, __LINE__,
- "IceSSL: error creating in memory certificate store:\n" + lastErrorToString());
+ "IceSSL: error creating in memory certificate store:\n" +
+ lastErrorToString());
}
}
if(!caFile.empty())
@@ -310,7 +312,7 @@ SChannelEngine::initialize()
// Build the chain using the LocalMachine registry location as opposed
// to the CurrentUser location.
//
- if(certStore == "LocalMachine")
+ if(certStoreLocation == "LocalMachine")
{
config.dwFlags = CERT_CHAIN_USE_LOCAL_MACHINE_STORE;
}
@@ -322,28 +324,18 @@ SChannelEngine::initialize()
#endif
{
throw PluginInitializationException(__FILE__, __LINE__,
- "IceSSL: error creating certificate chain engine:\n" + lastErrorToString());
+ "IceSSL: error creating certificate chain engine:\n" +
+ lastErrorToString());
}
}
else
{
- _chainEngine = (certStore == "LocalMachine") ? HCCE_LOCAL_MACHINE : HCCE_CURRENT_USER;
+ _chainEngine = (certStoreLocation == "LocalMachine") ? HCCE_LOCAL_MACHINE : HCCE_CURRENT_USER;
}
- //
- // Import the application certificate and private keys.
- //
- string keySet = properties->getPropertyWithDefault(prefix + "KeySet", "DefaultKeySet");
- if(keySet != "DefaultKeySet" && keySet != "UserKeySet" && keySet != "MachineKeySet")
- {
- getLogger()->warning("Invalid IceSSL.KeySet value `" + keySet + "' adjusted to `DefaultKeySet'");
- keySet = "DefaultKeySet";
- }
-
- DWORD importFlags = (keySet == "MachineKeySet") ? CRYPT_MACHINE_KEYSET : CRYPT_USER_KEYSET;
-
string certFile = properties->getProperty(prefix + "CertFile");
- string keyFile = properties->getPropertyWithDefault(prefix + "KeyFile", certFile);
+ string keyFile = properties->getProperty(prefix + "KeyFile");
+ string findCert = properties->getProperty("IceSSL.FindCert");
if(!certFile.empty())
{
@@ -355,16 +347,19 @@ SChannelEngine::initialize()
}
vector<string> keyFiles;
- if(!splitString(keyFile, IceUtilInternal::pathsep, keyFiles) || keyFiles.size() > 2)
+ if(!keyFile.empty())
{
- throw PluginInitializationException(__FILE__, __LINE__,
- "IceSSL: invalid value for " + prefix + "KeyFile:\n" + keyFile);
- }
+ if(!splitString(keyFile, IceUtilInternal::pathsep, keyFiles) || keyFiles.size() > 2)
+ {
+ throw PluginInitializationException(__FILE__, __LINE__,
+ "IceSSL: invalid value for " + prefix + "KeyFile:\n" + keyFile);
+ }
- if(certFiles.size() != keyFiles.size())
- {
- throw PluginInitializationException(__FILE__, __LINE__,
- "IceSSL: " + prefix + "KeyFile does not agree with " + prefix + "CertFile");
+ if(certFiles.size() != keyFiles.size())
+ {
+ throw PluginInitializationException(__FILE__, __LINE__,
+ "IceSSL: " + prefix + "KeyFile does not agree with " + prefix + "CertFile");
+ }
}
for(size_t i = 0; i < certFiles.size(); ++i)
@@ -392,6 +387,7 @@ SChannelEngine::initialize()
PCCERT_CONTEXT cert = 0;
int err = 0;
int count = 0;
+ DWORD importFlags = (certStoreLocation == "LocalMachine") ? CRYPT_MACHINE_KEYSET : CRYPT_USER_KEYSET;
do
{
string s = password(false);
@@ -433,20 +429,17 @@ SChannelEngine::initialize()
{
cert = CertFindCertificateInStore(store, X509_ASN_ENCODING, 0, CERT_FIND_ANY, 0, cert);
}
-
if(!cert)
{
throw PluginInitializationException(__FILE__, __LINE__,
"IceSSL: certificate error:\n" + lastErrorToString());
}
-
- _certs.push_back(cert);
+ _allCerts.push_back(cert);
_stores.push_back(store);
continue;
}
assert(err);
-
if(err != CRYPT_E_BAD_ENCODE)
{
throw PluginInitializationException(__FILE__, __LINE__,
@@ -456,6 +449,11 @@ SChannelEngine::initialize()
//
// Try to load certificate & key as PEM files.
//
+ if(keyFiles.empty())
+ {
+ throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: no key file specified");
+ }
+
err = 0;
keyFile = keyFiles[i];
if(!checkPath(keyFile, defaultDir, false))
@@ -486,7 +484,6 @@ SChannelEngine::initialize()
PCRYPT_PRIVATE_KEY_INFO keyInfo = 0;
BYTE* key = 0;
HCRYPTKEY hKey = 0;
-
try
{
//
@@ -538,8 +535,11 @@ SChannelEngine::initialize()
const wstring keySetName = stringToWstring(generateUUID());
HCRYPTPROV cryptProv = 0;
- DWORD contextFlags = (keySet == "MachineKeySet") ? CRYPT_MACHINE_KEYSET | CRYPT_NEWKEYSET :
- CRYPT_NEWKEYSET;
+ DWORD contextFlags = CRYPT_NEWKEYSET;
+ if(certStoreLocation == "LocalMachine")
+ {
+ contextFlags |= CRYPT_MACHINE_KEYSET;
+ } ;
if(!CryptAcquireContextW(&cryptProv, keySetName.c_str(), MS_ENHANCED_PROV_W, PROV_RSA_FULL,
contextFlags))
@@ -583,14 +583,14 @@ SChannelEngine::initialize()
keyProvInfo.pwszProvName = const_cast<wchar_t*>(MS_DEF_PROV_W);
keyProvInfo.dwProvType = PROV_RSA_FULL;
keyProvInfo.dwKeySpec = AT_KEYEXCHANGE;
-
if(!CertSetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, 0, &keyProvInfo))
{
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: error seting certificate "
"property:\n" + lastErrorToString());
}
- _certs.push_back(cert);
+ _importedCerts.push_back(cert);
+ _allCerts.push_back(cert);
_stores.push_back(store);
}
catch(...)
@@ -622,31 +622,16 @@ SChannelEngine::initialize()
throw;
}
}
-
- _allCerts.insert(_allCerts.end(), _certs.begin(), _certs.end());
}
-
- const string findPrefix = prefix + "FindCert.";
- map<string, string> certProps = properties->getPropertiesForPrefix(findPrefix);
- if(!certProps.empty())
+ else if(!findCert.empty())
{
- for(map<string, string>::const_iterator i = certProps.begin(); i != certProps.end(); ++i)
- {
- const string name = i->first;
- const string val = i->second;
-
- if(!val.empty())
- {
- string storeSpec = name.substr(findPrefix.size());
- vector<PCCERT_CONTEXT> certs = findCertificates(name, storeSpec, val, _stores);
- _allCerts.insert(_allCerts.end(), certs.begin(), certs.end());
- }
- }
-
- if(_allCerts.empty())
+ string certStore = properties->getPropertyWithDefault(prefix + "CertStore", "My");
+ vector<PCCERT_CONTEXT> certs = findCertificates(certStoreLocation, certStore, findCert, _stores);
+ if(certs.empty())
{
throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: no certificates found");
}
+ _allCerts.insert(_allCerts.end(), certs.begin(), certs.end());
}
_initialized = true;
}
@@ -789,33 +774,30 @@ SChannelEngine::destroy()
CertCloseStore(_rootStore, 0);
}
- for(vector<PCCERT_CONTEXT>::const_iterator i = _allCerts.begin(); i != _allCerts.end(); ++i)
+ for(vector<PCCERT_CONTEXT>::const_iterator i = _importedCerts.begin(); i != _importedCerts.end(); ++i)
{
- PCCERT_CONTEXT cert = *i;
-
//
- // Only remove the keysets we create.
+ // Retrieve the certificate CERT_KEY_PROV_INFO_PROP_ID property, we use the CRYPT_KEY_PROV_INFO
+ // data to remove the key set associated with the certificate.
//
- if(find(_certs.begin(), _certs.end(), cert) != _certs.end())
+ DWORD length = 0;
+ if(!CertGetCertificateContextProperty(*i, CERT_KEY_PROV_INFO_PROP_ID, 0, &length))
{
- //
- // Retrieve the certificate CERT_KEY_PROV_INFO_PROP_ID property, we use the CRYPT_KEY_PROV_INFO
- // data to then remove the key set associated with the certificate.
- //
- DWORD length = 0;
- if(CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, 0, &length))
- {
- vector<char> buf(length);
- if(CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, &buf[0], &length))
- {
- CRYPT_KEY_PROV_INFO* keyProvInfo = reinterpret_cast<CRYPT_KEY_PROV_INFO*>(&buf[0]);
- HCRYPTPROV cryptProv = 0;
- CryptAcquireContextW(&cryptProv, keyProvInfo->pwszContainerName, keyProvInfo->pwszProvName,
- keyProvInfo->dwProvType, CRYPT_DELETEKEYSET);
- }
- CertFreeCertificateContext(cert);
- }
+ continue;
}
+ vector<char> buf(length);
+ if(!CertGetCertificateContextProperty(*i, CERT_KEY_PROV_INFO_PROP_ID, &buf[0], &length))
+ {
+ continue;
+ }
+ CRYPT_KEY_PROV_INFO* key = reinterpret_cast<CRYPT_KEY_PROV_INFO*>(&buf[0]);
+ HCRYPTPROV prov = 0;
+ CryptAcquireContextW(&prov, key->pwszContainerName, key->pwszProvName, key->dwProvType, CRYPT_DELETEKEYSET);
+ }
+
+ for(vector<PCCERT_CONTEXT>::const_iterator i = _allCerts.begin(); i != _allCerts.end(); ++i)
+ {
+ CertFreeCertificateContext(*i);
}
for(vector<HCERTSTORE>::const_iterator i = _stores.begin(); i != _stores.end(); ++i)
diff --git a/cpp/src/IceSSL/SSLEngine.h b/cpp/src/IceSSL/SSLEngine.h
index f2c36566f9a..09f060cbabb 100644
--- a/cpp/src/IceSSL/SSLEngine.h
+++ b/cpp/src/IceSSL/SSLEngine.h
@@ -208,12 +208,11 @@ private:
bool _initialized;
std::vector<PCCERT_CONTEXT> _allCerts;
- std::vector<PCCERT_CONTEXT> _certs;
+ std::vector<PCCERT_CONTEXT> _importedCerts;
DWORD _protocols;
IceUtil::Mutex _mutex;
std::vector<HCERTSTORE> _stores;
-
HCERTSTORE _rootStore;
HCERTCHAINENGINE _chainEngine;
diff --git a/cpp/src/IceSSL/Util.cpp b/cpp/src/IceSSL/Util.cpp
index 2e3287c1c35..a95ef6ff8d5 100644
--- a/cpp/src/IceSSL/Util.cpp
+++ b/cpp/src/IceSSL/Util.cpp
@@ -940,40 +940,6 @@ IceSSL::findCertificate(SecKeychainRef keychain, const string& value)
namespace
{
-//
-// Parse a string of the form "location.name" into two parts.
-//
-void
-parseStore(const string& prop, const string& store, DWORD& loc, string& sname)
-{
- size_t pos = store.find('.');
- if(pos == string::npos)
- {
- throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: property `" + prop + "' has invalid format");
- }
-
- const string sloc = IceUtilInternal::toUpper(store.substr(0, pos));
- if(sloc == "CURRENTUSER")
- {
- loc = CERT_SYSTEM_STORE_CURRENT_USER;
- }
- else if(sloc == "LOCALMACHINE")
- {
- loc = CERT_SYSTEM_STORE_LOCAL_MACHINE;
- }
- else
- {
- throw PluginInitializationException(__FILE__, __LINE__,
- "IceSSL: unknown store location `" + sloc + "' in " + prop);
- }
-
- sname = store.substr(pos + 1);
- if(sname.empty())
- {
- throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: invalid store name in " + prop);
- }
-}
-
void
addMatchingCertificates(HCERTSTORE source, HCERTSTORE target, DWORD findType, const void* findParam)
{
@@ -996,17 +962,23 @@ addMatchingCertificates(HCERTSTORE source, HCERTSTORE target, DWORD findType, co
}
vector<PCCERT_CONTEXT>
-IceSSL::findCertificates(const string& prop, const string& storeSpec, const string& value, vector<HCERTSTORE>& stores)
+IceSSL::findCertificates(const string& location, const string& name, const string& value, vector<HCERTSTORE>& stores)
{
- DWORD storeLoc = 0;
- string storeName;
- parseStore(prop, storeSpec, storeLoc, storeName);
+ DWORD storeLoc;
+ if(location == "CurrentUser")
+ {
+ storeLoc = CERT_SYSTEM_STORE_CURRENT_USER;
+ }
+ else
+ {
+ storeLoc = CERT_SYSTEM_STORE_LOCAL_MACHINE;
+ }
- HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, storeLoc, stringToWstring(storeName).c_str());
+ HCERTSTORE store = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, storeLoc, stringToWstring(name).c_str());
if(!store)
{
- throw PluginInitializationException(__FILE__, __LINE__,
- "IceSSL: failure while opening store specified by " + prop + ":\n" + IceUtilInternal::lastErrorToString());
+ throw PluginInitializationException(__FILE__, __LINE__, "IceSSL: failed to open certificate store `" + name +
+ "':\n" + IceUtilInternal::lastErrorToString());
}
//
@@ -1123,7 +1095,7 @@ IceSSL::findCertificates(const string& prop, const string& storeSpec, const stri
{
throw PluginInitializationException(
__FILE__, __LINE__,
- "IceSSL: invalid value `" + value + "' for property `" + prop + "'\n" +
+ "IceSSL: invalid value `" + value + "' for `IceSSL.FindCert' property:\n" +
IceUtilInternal::lastErrorToString());
}
@@ -1132,7 +1104,7 @@ IceSSL::findCertificates(const string& prop, const string& storeSpec, const stri
{
throw PluginInitializationException(
__FILE__, __LINE__,
- "IceSSL: invalid value `" + value + "' for property `" + prop + "'\n" +
+ "IceSSL: invalid value `" + value + "' for `IceSSL.FindCert' property:\n" +
IceUtilInternal::lastErrorToString());
}
@@ -1148,7 +1120,7 @@ IceSSL::findCertificates(const string& prop, const string& storeSpec, const stri
if(!parseBytes(arg, buffer))
{
throw PluginInitializationException(__FILE__, __LINE__,
- "IceSSL: invalid value `" + value + "' for property `" + prop + "'");
+ "IceSSL: invalid `IceSSL.FindCert' property: can't decode the value");
}
CRYPT_HASH_BLOB hash = { static_cast<DWORD>(buffer.size()), &buffer[0] };
@@ -1161,7 +1133,7 @@ IceSSL::findCertificates(const string& prop, const string& storeSpec, const stri
if(!parseBytes(arg, buffer))
{
throw PluginInitializationException(__FILE__, __LINE__,
- "IceSSL: invalid value `" + value + "' for property `" + prop + "'");
+ "IceSSL: invalid value `" + value + "' for `IceSSL.FindCert' property");
}
CRYPT_INTEGER_BLOB serial = { static_cast<DWORD>(buffer.size()), &buffer[0] };
diff --git a/cpp/test/IceSSL/configuration/AllTests.cpp b/cpp/test/IceSSL/configuration/AllTests.cpp
index 4a51b3416f1..256d4d33812 100644
--- a/cpp/test/IceSSL/configuration/AllTests.cpp
+++ b/cpp/test/IceSSL/configuration/AllTests.cpp
@@ -2972,7 +2972,9 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
InitializationData initData;
initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12);
initData.properties->setProperty("IceSSL.CAs", "cacert1.pem");
- initData.properties->setProperty("IceSSL.FindCert.CurrentUser.My", clientFindCertProperties[i]);
+ initData.properties->setProperty("IceSSL.CertStore", "My");
+ initData.properties->setProperty("IceSSL.CertStoreLocation", "CurrentUser");
+ initData.properties->setProperty("IceSSL.FindCert", clientFindCertProperties[i]);
//
// Use TrustOnly to ensure the peer has pick the expected certificate.
//
@@ -2984,7 +2986,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
test(fact);
Test::Properties d = createServerProps(defaultProps, defaultDir, defaultHost, p12, "s_rsa_ca1", "cacert1");
d["IceSSL.CAs"] = "cacert1.pem";
- d["IceSSL.FindCert.CurrentUser.My"] = serverFindCertProperties[i];
+ d["IceSSL.FindCert"] = serverFindCertProperties[i];
//
// Use TrustOnly to ensure the peer has pick the expected certificate.
//
@@ -3013,10 +3015,11 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
InitializationData initData;
initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12);
initData.properties->setProperty("IceSSL.CAs", "cacert1.pem");
- initData.properties->setProperty("IceSSL.FindCert.CurrentUser.My", failFindCertProperties[i]);
+ initData.properties->setProperty("IceSSL.FindCert", failFindCertProperties[i]);
try
{
CommunicatorPtr comm = initialize(initData);
+ cerr << failFindCertProperties[i] << endl;
import.cleanup();
test(false);
}
@@ -3042,7 +3045,7 @@ allTests(const CommunicatorPtr& communicator, const string& testDir, bool p12, b
InitializationData initData;
initData.properties = createClientProps(defaultProps, defaultDir, defaultHost, p12);
initData.properties->setProperty("IceSSL.CAs", "cacert1.pem");
- initData.properties->setProperty("IceSSL.FindCert.CurrentUser.My", clientFindCertProperties[i]);
+ initData.properties->setProperty("IceSSL.FindCert", clientFindCertProperties[i]);
try
{
CommunicatorPtr comm = initialize(initData);
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-03 19:05:10 +0000