diff --git a/tests/wpt/metadata/MANIFEST.json b/tests/wpt/metadata/MANIFEST.json
index f510bb80899..eebcd72c67f 100644
--- a/tests/wpt/metadata/MANIFEST.json
+++ b/tests/wpt/metadata/MANIFEST.json
@@ -109944,7 +109944,7 @@
      "/css/css-contain/contain-size-007.html",
      [
       [
-       "/css/reference/pass_if_pass_below.html",
+       "/css/css-contain/reference/pass_if_pass_below_clipped.html",
        "=="
       ]
      ],
@@ -109956,7 +109956,7 @@
      "/css/css-contain/contain-size-008.html",
      [
       [
-       "/css/reference/pass_if_pass_below.html",
+       "/css/css-contain/reference/pass_if_pass_below_clipped.html",
        "=="
       ]
      ],
@@ -109968,7 +109968,7 @@
      "/css/css-contain/contain-size-009.html",
      [
       [
-       "/css/reference/pass_if_pass_below.html",
+       "/css/css-contain/reference/pass_if_pass_below_clipped.html",
        "=="
       ]
      ],
@@ -109980,7 +109980,7 @@
      "/css/css-contain/contain-size-010.html",
      [
       [
-       "/css/reference/pass_if_pass_below.html",
+       "/css/css-contain/reference/pass_if_pass_below_clipped.html",
        "=="
       ]
      ],
@@ -241601,7 +241601,7 @@
      {}
     ]
    ],
-   "css/compositing/parsing/resources/parsing-testcommon.js": [
+   "css/compositing/support/parsing-testcommon.js": [
     [
      {}
     ]
@@ -242286,11 +242286,6 @@
      {}
     ]
    ],
-   "css/css-backgrounds/parsing/resources/parsing-testcommon.js": [
-    [
-     {}
-    ]
-   ],
    "css/css-backgrounds/reference/60x60-green-background.html": [
     [
      {}
@@ -242786,6 +242781,11 @@
      {}
     ]
    ],
+   "css/css-backgrounds/support/parsing-testcommon.js": [
+    [
+     {}
+    ]
+   ],
    "css/css-backgrounds/support/pattern-grg-rgr-grg.png": [
     [
      {}
@@ -242956,7 +242956,7 @@
      {}
     ]
    ],
-   "css/css-box/parsing/resources/parsing-testcommon.js": [
+   "css/css-box/support/parsing-testcommon.js": [
     [
      {}
     ]
@@ -242986,12 +242986,12 @@
      {}
     ]
    ],
-   "css/css-cascade/parsing/support/parsing-testcommon.js": [
+   "css/css-cascade/reference/ref-filled-green-100px-square.xht": [
     [
      {}
     ]
    ],
-   "css/css-cascade/reference/ref-filled-green-100px-square.xht": [
+   "css/css-cascade/support/parsing-testcommon.js": [
     [
      {}
     ]
@@ -243056,12 +243056,12 @@
      {}
     ]
    ],
-   "css/css-color/parsing/resources/parsing-testcommon.js": [
+   "css/css-color/rebeccapurple-ref.html": [
     [
      {}
     ]
    ],
-   "css/css-color/rebeccapurple-ref.html": [
+   "css/css-color/support/parsing-testcommon.js": [
     [
      {}
     ]
@@ -243561,6 +243561,11 @@
      {}
     ]
    ],
+   "css/css-contain/support/60x60-red.png": [
+    [
+     {}
+    ]
+   ],
    "css/css-contain/support/blue-100x100.png": [
     [
      {}
@@ -254111,11 +254116,6 @@
      {}
     ]
    ],
-   "css/css-images/parsing/resources/parsing-testcommon.js": [
-    [
-     {}
-    ]
-   ],
    "css/css-images/support/1x1-green.gif": [
     [
      {}
@@ -254211,6 +254211,11 @@
      {}
     ]
    ],
+   "css/css-images/support/parsing-testcommon.js": [
+    [
+     {}
+    ]
+   ],
    "css/css-images/support/pattern-grg-rgr-grg.png": [
     [
      {}
@@ -254796,7 +254801,7 @@
      {}
     ]
    ],
-   "css/css-masking/parsing/resources/parsing-testcommon.js": [
+   "css/css-masking/support/parsing-testcommon.js": [
     [
      {}
     ]
@@ -257381,11 +257386,6 @@
      {}
     ]
    ],
-   "css/css-shapes/parsing/resources/parsing-testcommon.js": [
-    [
-     {}
-    ]
-   ],
    "css/css-shapes/shape-outside/formatting-context/reference/shape-outside-formatting-context-ref.html": [
     [
      {}
@@ -257771,6 +257771,11 @@
      {}
     ]
    ],
+   "css/css-shapes/support/parsing-testcommon.js": [
+    [
+     {}
+    ]
+   ],
    "css/css-shapes/support/pattern-grg-rgr-grg.png": [
     [
      {}
@@ -260711,11 +260716,6 @@
      {}
     ]
    ],
-   "css/css-transforms/parsing/resources/parsing-testcommon.js": [
-    [
-     {}
-    ]
-   ],
    "css/css-transforms/patternTransform/reference/svg-patternTransform-combination-ref.html": [
     [
      {}
@@ -261086,6 +261086,11 @@
      {}
     ]
    ],
+   "css/css-transforms/support/parsing-testcommon.js": [
+    [
+     {}
+    ]
+   ],
    "css/css-transforms/support/pattern-grg-rgr-grg.png": [
     [
      {}
@@ -262296,11 +262301,6 @@
      {}
     ]
    ],
-   "css/css-ui/parsing/support/parsing-testcommon.js": [
-    [
-     {}
-    ]
-   ],
    "css/css-ui/reference/box-sizing-001-ref.html": [
     [
      {}
@@ -263581,6 +263581,11 @@
      {}
     ]
    ],
+   "css/css-ui/support/parsing-testcommon.js": [
+    [
+     {}
+    ]
+   ],
    "css/css-ui/support/r1-1.svg": [
     [
      {}
@@ -264476,11 +264481,6 @@
      {}
     ]
    ],
-   "css/css-writing-modes/parsing/resources/parsing-testcommon.js": [
-    [
-     {}
-    ]
-   ],
    "css/css-writing-modes/reference/available-size-001-ref.html": [
     [
      {}
@@ -266061,6 +266061,11 @@
      {}
     ]
    ],
+   "css/css-writing-modes/support/parsing-testcommon.js": [
+    [
+     {}
+    ]
+   ],
    "css/css-writing-modes/support/pass-cdts-abs-pos-non-replaced.png": [
     [
      {}
@@ -267371,11 +267376,6 @@
      {}
     ]
    ],
-   "css/filter-effects/parsing/resources/parsing-testcommon.js": [
-    [
-     {}
-    ]
-   ],
    "css/filter-effects/reference/filters-opacity-001-ref.html": [
     [
      {}
@@ -267481,6 +267481,11 @@
      {}
     ]
    ],
+   "css/filter-effects/support/parsing-testcommon.js": [
+    [
+     {}
+    ]
+   ],
    "css/filter-effects/support/pattern-grg-rgr-grg.png": [
     [
      {}
@@ -267691,7 +267696,7 @@
      {}
     ]
    ],
-   "css/motion/parsing/resources/parsing-testcommon.js": [
+   "css/motion/support/parsing-testcommon.js": [
     [
      {}
     ]
@@ -269691,6 +269696,11 @@
      {}
     ]
    ],
+   "css/support/parsing-testcommon.js": [
+    [
+     {}
+    ]
+   ],
    "css/support/pattern-grg-rgr-grg.png": [
     [
      {}
@@ -289681,6 +289691,11 @@
      {}
     ]
    ],
+   "interfaces/reporting.idl": [
+    [
+     {}
+    ]
+   ],
    "interfaces/requestidlecallback.idl": [
     [
      {}
@@ -294786,6 +294801,11 @@
      {}
     ]
    ],
+   "reporting/META.yml": [
+    [
+     {}
+    ]
+   ],
    "requestidlecallback/META.yml": [
     [
      {}
@@ -303546,6 +303566,296 @@
      {}
     ]
    ],
+   "tools/third_party/hyper/hyper/__init__.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/certs.pem": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/cli.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/common/__init__.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/common/bufsocket.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/common/connection.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/common/decoder.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/common/exceptions.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/common/headers.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/common/util.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/compat.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/contrib.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/h2/__init__.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/h2/config.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/h2/connection.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/h2/errors.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/h2/events.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/h2/exceptions.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/h2/frame_buffer.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/h2/settings.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/h2/stream.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/h2/utilities.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/h2/windows.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/http11/__init__.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/http11/connection.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/http11/parser.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/http11/response.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/http20/__init__.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/http20/connection.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/http20/errors.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/http20/exceptions.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/http20/response.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/http20/stream.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/http20/util.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/http20/window.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/httplib_compat.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/__init__.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/hpack/__init__.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/hpack/compat.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/hpack/exceptions.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/hpack/hpack.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/hpack/hpack_compat.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/hpack/huffman.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/hpack/huffman_constants.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/hyperframe/__init__.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/hyperframe/flags.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/hyperframe/frame.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/rfc3986/LICENSE": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/rfc3986/__init__.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/rfc3986/api.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/rfc3986/compat.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/rfc3986/exceptions.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/rfc3986/misc.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/rfc3986/normalizers.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/rfc3986/parseresult.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/packages/rfc3986/uri.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/ssl_compat.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/third_party/hyper/hyper/tls.py": [
+    [
+     {}
+    ]
+   ],
    "tools/third_party/hyperframe/CONTRIBUTORS.rst": [
     [
      {}
@@ -307336,6 +307646,21 @@
      {}
     ]
    ],
+   "tools/wptserve/tests/functional/docroot/test_h2_data.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/wptserve/tests/functional/docroot/test_h2_headers.py": [
+    [
+     {}
+    ]
+   ],
+   "tools/wptserve/tests/functional/docroot/test_h2_headers_data.py": [
+    [
+     {}
+    ]
+   ],
    "tools/wptserve/tests/functional/docroot/test_string.py": [
     [
      {}
@@ -337415,6 +337740,12 @@
      {}
     ]
    ],
+   "css/selectors/scope-selector.html": [
+    [
+     "/css/selectors/scope-selector.html",
+     {}
+    ]
+   ],
    "css/selectors/user-invalid.html": [
     [
      "/css/selectors/user-invalid.html",
@@ -348859,13 +349190,9 @@
      {}
     ]
    ],
-   "feature-policy/interfaces.any.js": [
+   "feature-policy/idlharness.window.js": [
     [
-     "/feature-policy/interfaces.any.html",
-     {}
-    ],
-    [
-     "/feature-policy/interfaces.any.worker.html",
+     "/feature-policy/idlharness.window.html",
      {}
     ]
    ],
@@ -357051,6 +357378,12 @@
      {}
     ]
    ],
+   "html/semantics/embedded-content/the-iframe-element/src-repeated-in-ancestor.html": [
+    [
+     "/html/semantics/embedded-content/the-iframe-element/src-repeated-in-ancestor.html",
+     {}
+    ]
+   ],
    "html/semantics/embedded-content/the-img-element/Image-constructor.html": [
     [
      "/html/semantics/embedded-content/the-img-element/Image-constructor.html",
@@ -386259,6 +386592,12 @@
      {}
     ]
    ],
+   "reporting/idlharness.window.js": [
+    [
+     "/reporting/idlharness.window.html",
+     {}
+    ]
+   ],
    "requestidlecallback/basic.html": [
     [
      "/requestidlecallback/basic.html",
@@ -387995,6 +388334,12 @@
      {}
     ]
    ],
+   "service-workers/service-worker/navigation-preload/navigationPreload.https.html": [
+    [
+     "/service-workers/service-worker/navigation-preload/navigationPreload.https.html",
+     {}
+    ]
+   ],
    "service-workers/service-worker/navigation-preload/redirect.https.html": [
     [
      "/service-workers/service-worker/navigation-preload/redirect.https.html",
@@ -393925,15 +394270,23 @@
      {}
     ]
    ],
-   "webgl/webgl1-idlharness.window.js": [
+   "webgl/webgl1-idlharness.any.js": [
     [
-     "/webgl/webgl1-idlharness.window.html",
+     "/webgl/webgl1-idlharness.any.html",
+     {}
+    ],
+    [
+     "/webgl/webgl1-idlharness.any.worker.html",
      {}
     ]
    ],
-   "webgl/webgl2-idlharness.window.js": [
+   "webgl/webgl2-idlharness.any.js": [
     [
-     "/webgl/webgl2-idlharness.window.html",
+     "/webgl/webgl2-idlharness.any.html",
+     {}
+    ],
+    [
+     "/webgl/webgl2-idlharness.any.worker.html",
      {}
     ]
    ],
@@ -512667,30 +513020,30 @@
    "support"
   ],
   "css/compositing/parsing/background-blend-mode-invalid.html": [
-   "e62ad2d9688a76d7c32a711fba9ed59bdb037558",
+   "1983adad24de2404efb205a5c79dae3464f509d6",
    "testharness"
   ],
   "css/compositing/parsing/background-blend-mode-valid.html": [
-   "debbafdbd548542ee1d0f1501ccc6e1d1fc1540b",
+   "eebe646bf8a269bae54d03948be2ac2c36052800",
    "testharness"
   ],
   "css/compositing/parsing/isolation-invalid.html": [
-   "759c6c9b70c5c772863aa8022be3041c3b0a2a0c",
+   "bb3a5db31c3dd0c5b44a85fd58dac4bbb33284a4",
    "testharness"
   ],
   "css/compositing/parsing/isolation-valid.html": [
-   "bfc27be65bbc74a1a5e950197abb16e9e7bee4a7",
+   "6fa4cc9bc76bab577203a3474916e3f37d18d348",
    "testharness"
   ],
   "css/compositing/parsing/mix-blend-mode-invalid.html": [
-   "cde6cee4b1593c7414cf7dc537812ca43de0d537",
+   "a7c1232c8a1999935ad40c2cd20ed7ef882ba0bc",
    "testharness"
   ],
   "css/compositing/parsing/mix-blend-mode-valid.html": [
-   "50a333a67424d86b322bc02f29d27c9fabec128a",
+   "2033f404941ea650623bf8dd56f848e911f7aa79",
    "testharness"
   ],
-  "css/compositing/parsing/resources/parsing-testcommon.js": [
+  "css/compositing/support/parsing-testcommon.js": [
    "b075882f89aae49b419220b234534241cde5fd42",
    "support"
   ],
@@ -516035,7 +516388,7 @@
    "reftest"
   ],
   "css/css-backgrounds/box-shadow-syntax-001.html": [
-   "e7c83b3ec2275d4e28e60ad41f6e3fdac6a2f47e",
+   "4b8f1869f57a16e883f9bb21ae9bbb2ff381fc1c",
    "testharness"
   ],
   "css/css-backgrounds/box-shadow/box-shadow-blur-definition-001.xht": [
@@ -516143,177 +516496,173 @@
    "visual"
   ],
   "css/css-backgrounds/parsing/background-attachment-invalid.html": [
-   "e4924a244db2987aef78c3d0f7e8dc86cadb789e",
+   "0af7394aa42829d66051a0920e8ba62176c86159",
    "testharness"
   ],
   "css/css-backgrounds/parsing/background-attachment-valid.html": [
-   "4c7243f878d50b6fda800173e047f14015908b55",
+   "9a0f240991087f89fcdf04d35d5bcafe697555d7",
    "testharness"
   ],
   "css/css-backgrounds/parsing/background-clip-invalid.html": [
-   "50647e8904f85f767f8ef45f3cffdf3c24e13189",
+   "50b887e1c61c40a1b8c0d9e7a1a33898b30b433d",
    "testharness"
   ],
   "css/css-backgrounds/parsing/background-clip-valid.html": [
-   "2b6bd491130b4a301e098f7b82c8924d2e02bad3",
+   "2778315260afd65cd7a4af7f000ac4c2fe88e4e7",
    "testharness"
   ],
   "css/css-backgrounds/parsing/background-color-invalid.html": [
-   "cc31e26168c3b20639679a8f508521cf60365b29",
+   "ff90dffb31114a5d610ed3627d45ae6bb28047af",
    "testharness"
   ],
   "css/css-backgrounds/parsing/background-color-valid.html": [
-   "d7a5d967d552a949131633700987cc26c87d72d2",
+   "b84e13fb957ccf06a2bcbae472d01b8430d2223c",
    "testharness"
   ],
   "css/css-backgrounds/parsing/background-image-invalid.html": [
-   "a5f2a905c1e33f7a49c439f46b7753b45f308313",
+   "12103e01dfa2e25afe03c17fcc48b2fd3ed1a080",
    "testharness"
   ],
   "css/css-backgrounds/parsing/background-image-valid.html": [
-   "873800f4beb79c26599751e5b115fa6f74821f9e",
+   "601efb6898a91d7ed322ea3d1f70aff2ca2e17d4",
    "testharness"
   ],
   "css/css-backgrounds/parsing/background-invalid.html": [
-   "adc178bddacf17a8265f1b6c0fc845b7b5cd04f9",
+   "19f5d965b4832386f940caf261863d9fd66ed757",
    "testharness"
   ],
   "css/css-backgrounds/parsing/background-origin-invalid.html": [
-   "54589257bf70fe5fbb8af63c0d7db26cf5fc1027",
+   "1ef2d9faa897e980b944ef9ba80b79dc3b7246cf",
    "testharness"
   ],
   "css/css-backgrounds/parsing/background-origin-valid.html": [
-   "ff5212667d67eda86642b4432bddd3a99525be13",
+   "bbd59d39790a5208543000a77f0898720372a1e6",
    "testharness"
   ],
   "css/css-backgrounds/parsing/background-position-invalid.html": [
-   "5ddf5e0668311f5f650db5856d0034cf0de4fd64",
+   "9a3e9cb0a619f9b6aba37f16a55c49da041018fd",
    "testharness"
   ],
   "css/css-backgrounds/parsing/background-position-valid.html": [
-   "836f3481997a98e25edba3968ec498ae65d13cc5",
+   "371bc7a351281257b8db13df5750afc437517b7c",
    "testharness"
   ],
   "css/css-backgrounds/parsing/background-repeat-invalid.html": [
-   "a32f5086f8c9262f645b5e621e5ba7b897fa11c7",
+   "55229a70cefface8ef53c02978f30fe484fb075a",
    "testharness"
   ],
   "css/css-backgrounds/parsing/background-repeat-valid.html": [
-   "75549090653b35b4118420bdf006d2e77fbbe7b0",
+   "3a00b19c4c50a28c6db972de4bcce6b94e0abd92",
    "testharness"
   ],
   "css/css-backgrounds/parsing/background-size-invalid.html": [
-   "7259cbdf13b2458f8926ad63a38ec9b693cd6f2f",
+   "7497f43df97b789fd3a9974df8043986e81ff145",
    "testharness"
   ],
   "css/css-backgrounds/parsing/background-size-valid.html": [
-   "670316461b1318d08233f33e9245c49069add98c",
+   "71d60698dca7915e3a580ac3c6a9ad966caad389",
    "testharness"
   ],
   "css/css-backgrounds/parsing/background-valid.html": [
-   "29737e2096f66f2e12920eb1b95f18134ac7460d",
+   "39c4672fb35b103b4a96c92bdeab4ced7c550e86",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-color-invalid.html": [
-   "5c63d8b4da8d5346667fc42fa6452b265efa9642",
+   "67248dd612219633456e2e091aa0fbd7cc72023c",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-color-valid.html": [
-   "6ee147c770c5e4dffefe246abaa90a574a0bd626",
+   "c69f9622811f8d06758dadbdb313e4ab0be260a7",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-image-invalid.html": [
-   "762be9a9d53ea42d92f66871316dac6fe3f892cf",
+   "87194a5477d3fa285bdc3e340659e43285107c76",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-image-outset-invalid.html": [
-   "ffe095911474934e8c7de9f93998dde5a3a4c7e4",
+   "5e76198141c8baef70367e6d8713629e35fe6440",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-image-outset-valid.html": [
-   "dc189372600a6e82aba3934df4be8889b6e570fd",
+   "5ead2608d2577fe37e0a6b04513e4619ea659515",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-image-repeat-invalid.html": [
-   "b17b531dd2906dafd01d3e661875c9fa29671aac",
+   "0a70aab2412982045a41905b45dc0d44f6cf64f6",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-image-repeat-valid.html": [
-   "6e13dc8581478427cc46dbec22d1c1ed3de329df",
+   "e77ae48fd192d4b35374d47376083f80fed48619",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-image-slice-invalid.html": [
-   "7bdb67f67b454ad597042c8c1b8f86119f44c617",
+   "b2f55f14fbe64cec31a40943b2559ef1cc164159",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-image-slice-valid.html": [
-   "257f276f739f06da08e11cb3ae490fe9b6fb53c6",
+   "66d747f7cd99f0b14a0ccd8fa9c9190aebcb9753",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-image-source-invalid.html": [
-   "99a06ce16fab2d57f815372188423e6c98c6be50",
+   "78d042ded419e744ff6b4e28e33501f3439f5e14",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-image-source-valid.html": [
-   "e12cb92716f45ec57fb00f8cfa4bbb4af1fed84e",
+   "c032dcda878b9606ccbca1971b9bd369f82c859d",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-image-valid.html": [
-   "79bff459ed8334d9e70e73cda636c882003c3f2e",
+   "880dc87700b66e742f3b07a5683c31aa6510b4cb",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-image-width-invalid.html": [
-   "f85e947e8c6a4276fdcabf33ea0c71b796509fe1",
+   "c7fba1c2ce32a94c7fe777ffdece604403721128",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-image-width-valid.html": [
-   "503f23742c303b091ab59d3c21095f22bdbb33aa",
+   "5917c7f6b9d16dbd557a3ac50ce3b5e186265cba",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-invalid.html": [
-   "f59f2493f779a5efee3e72345e4cad97941e9a51",
+   "baaa66c37da811c5efc5cae2d7e2018561443e04",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-radius-invalid.html": [
-   "a8afbbe99876688d4dc90e81daab665d414966e1",
+   "28460aa598d019bcfd4057e5ee61e1699ea6943d",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-radius-valid.html": [
-   "cd6fa491c24c5175b4588c9975c800d668ea3eb0",
+   "96cdf2019da1f3fae94fe37566178f1aa9841942",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-style-invalid.html": [
-   "47e5422458e66256821632dc99d049939c8cf0a4",
+   "ecc9d6b43a6d3c047a994009baae82b7b8dbc628",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-style-valid.html": [
-   "077985435b22521a8c08c70e92d85d424485a01c",
+   "dc8311b1243abab6d23401dd606b51902a094239",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-valid.html": [
-   "5f29f6b872ca030016dde67fc209b2bf6c82e0ae",
+   "e94938a3a487b05ff5c3eb56b5697e850afdea03",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-width-invalid.html": [
-   "ff908373212c185602cdf9400e1638fb9b92e526",
+   "85a3414d8132c3c5573201250146f857a898ca81",
    "testharness"
   ],
   "css/css-backgrounds/parsing/border-width-valid.html": [
-   "b98a2082e6ec765168c6308a0117c43624e0d789",
+   "00dc1c0fcff86382486e88e0383ae54d6597e93e",
    "testharness"
   ],
   "css/css-backgrounds/parsing/box-shadow-invalid.html": [
-   "fa007373f4452dcf008e16fa30247cbf4365f051",
+   "1bcfc694d4c31056aee1af81bfc049f91dae5d92",
    "testharness"
   ],
   "css/css-backgrounds/parsing/box-shadow-valid.html": [
-   "4ea289b786a78091a1e97f0a70eea90ed9cd24a1",
+   "29bb263bb0dda17f58c11322e353f9975077755d",
    "testharness"
   ],
-  "css/css-backgrounds/parsing/resources/parsing-testcommon.js": [
-   "b075882f89aae49b419220b234534241cde5fd42",
-   "support"
-  ],
   "css/css-backgrounds/reference/60x60-green-background.html": [
    "d19ed4ea2678a45bbe53838d6eebf61ab641bcdd",
    "support"
@@ -516714,6 +517063,10 @@
    "2ca46e53f3c3db20d4cd14d7284f9ba1c658bed9",
    "support"
   ],
+  "css/css-backgrounds/support/parsing-testcommon.js": [
+   "b075882f89aae49b419220b234534241cde5fd42",
+   "support"
+  ],
   "css/css-backgrounds/support/pattern-grg-rgr-grg.png": [
    "6fcfeb4883edea810f880fabb861e09df7871695",
    "support"
@@ -516899,105 +517252,105 @@
    "support"
   ],
   "css/css-box/parsing/clear-invalid.html": [
-   "6c2980cc23e62061b372ec36ca046f2cbd6d0c74",
+   "a91e61f97e216b409a3e337b0546c40c8a4df9ce",
    "testharness"
   ],
   "css/css-box/parsing/clear-valid.html": [
-   "59b68f1923b2a5af459c1e99ec7c7e8652b11ac6",
+   "db0b5aa094de27aedf2f6d7713125cce01eb2a82",
    "testharness"
   ],
   "css/css-box/parsing/float-invalid.html": [
-   "f20183f0527a719fde7f6d87f10eeaa56b153675",
+   "0ff53be36ac8864603c70479f4e7e50810ad7606",
    "testharness"
   ],
   "css/css-box/parsing/float-valid.html": [
-   "be91602a4a22fc7d8348469c08a6c9d9471ee47c",
+   "aecbd99d2201a0774d6ca407168606eb4f81c5a5",
    "testharness"
   ],
   "css/css-box/parsing/height-invalid.html": [
-   "120cce6fcfa3ca7b1bdc51e415afc67f3ab99039",
+   "acc595f063a23e9eee11262494dacc93ba4bc97d",
    "testharness"
   ],
   "css/css-box/parsing/height-valid.html": [
-   "9b3df67c11dcb8b43f093d7c6d362b52927f8a7a",
+   "38f76ea24abb0bfad60743ba7597020b274a0d7f",
    "testharness"
   ],
   "css/css-box/parsing/margin-invalid.html": [
-   "d28c4823b6ce7e4c003fdb26620737b92a7d5a4b",
+   "9c21749c8cc831140d264b318a1a712df100df0b",
    "testharness"
   ],
   "css/css-box/parsing/margin-valid.html": [
-   "9986222e263fbf3684278a3b8c415fdef8d3c9be",
+   "fc14af256281e5f152fc4c3d5432bef8d7c4881f",
    "testharness"
   ],
   "css/css-box/parsing/max-height-invalid.html": [
-   "9f37619f334b9cf0259b09692a30fe468cb73a6c",
+   "9b8e72dd86957e7e3055f1570de7212125959ea6",
    "testharness"
   ],
   "css/css-box/parsing/max-height-valid.html": [
-   "846eb1da92b671a08df6c4e7c6966bbeb471f554",
+   "35ad18ab2666e3cb057bfc66f4bf41f0ac79625e",
    "testharness"
   ],
   "css/css-box/parsing/max-width-invalid.html": [
-   "32f51ef452962224e04fa3c8c6bf6cf50c7b609b",
+   "487d15e6ec614a84a96db8531e5fbd8eab137e27",
    "testharness"
   ],
   "css/css-box/parsing/max-width-valid.html": [
-   "73e175918f80b49b4f87efb19c2066c2d2c2bc18",
+   "95b2ae9f55432b2a03be9cb2810fb2a4eb1e5b77",
    "testharness"
   ],
   "css/css-box/parsing/min-height-invalid.html": [
-   "846d18883627d53636e2f4a8c233a26c324c8ae9",
+   "a35ac3f8d05342a29a051aa80d3dbf87ed56c4cd",
    "testharness"
   ],
   "css/css-box/parsing/min-height-valid.html": [
-   "728667015e0dc229190d278833e9c564f98c07b9",
+   "1a2b838dcbc7732dc6120a33c5823f3b845566af",
    "testharness"
   ],
   "css/css-box/parsing/min-width-invalid.html": [
-   "e6998b0001ce826050ba9e48433a4d6b59bf0237",
+   "2a290901ed8ac6deb4aed56510a94ba62bc7831e",
    "testharness"
   ],
   "css/css-box/parsing/min-width-valid.html": [
-   "5440b8793d7017a1eb4dbb28ba356c12831300d2",
+   "ebe9ee70e85fe35b7c9a1cd7407057eb5b53b285",
    "testharness"
   ],
   "css/css-box/parsing/overflow-invalid.html": [
-   "dd97b9823f74fb71b5e304bbb7d9ff191c14618c",
+   "da09e64e69ea07963d7f1c9fd1a5cc09c61b50ab",
    "testharness"
   ],
   "css/css-box/parsing/overflow-valid.html": [
-   "d4411c80367066a918a4c8bdd6bbb72178783fef",
+   "898d7607de99527b669e098348f1dd72aea44878",
    "testharness"
   ],
   "css/css-box/parsing/padding-invalid.html": [
-   "54bfc69cfe364ee7d277c42c8bc5f68ce84ab91c",
+   "7a83d75accad2fa4cf0527fd3d5b82b10a0deacf",
    "testharness"
   ],
   "css/css-box/parsing/padding-valid.html": [
-   "f3cda52a4a29913dc0d6c1d4b9f7fba0eb1fcc14",
+   "33522ba6dbb98bf63454dcc289958ade1473c8c0",
    "testharness"
   ],
-  "css/css-box/parsing/resources/parsing-testcommon.js": [
-   "b075882f89aae49b419220b234534241cde5fd42",
-   "support"
-  ],
   "css/css-box/parsing/visibility-invalid.html": [
-   "39050694101fa266ca02c3dc3653aaafa85b04c3",
+   "07fe6ebe18acf36f4a7302cd08c0f1c36cd0b90f",
    "testharness"
   ],
   "css/css-box/parsing/visibility-valid.html": [
-   "fbff1f09812960c456a6ade636c2379160a9e6cf",
+   "de1cb9b0c11e9cbaa7beedd77c1dfc39fb6d0c6a",
    "testharness"
   ],
   "css/css-box/parsing/width-invalid.html": [
-   "f573ba2c5f457f452c6e751f1338770281c8282e",
+   "defd7d27912a0f1e4def24f4607ae6a598669b1d",
    "testharness"
   ],
   "css/css-box/parsing/width-valid.html": [
-   "7ae55ccb2d595e35cdfdeecec3fc5e376c32b123",
+   "f4be6b2b132232a3d415515c887636bbbb12465f",
    "testharness"
   ],
+  "css/css-box/support/parsing-testcommon.js": [
+   "b075882f89aae49b419220b234534241cde5fd42",
+   "support"
+  ],
   "css/css-break/META.yml": [
    "bfd40518b4a6477632fa319f3e53fe22517d326d",
    "support"
@@ -517051,17 +517404,13 @@
    "reftest"
   ],
   "css/css-cascade/parsing/all-invalid.html": [
-   "8b7c044a0341ad732640b7a827c9f24a9c1d4f5f",
+   "526f9fdf575736609b57a8a56f251223c8310c01",
    "testharness"
   ],
   "css/css-cascade/parsing/all-valid.html": [
-   "668a6c2424125c8d84de85ec6dee694e7cc4799f",
+   "42baa25d016b5b719f32dc759dc0962ddf600624",
    "testharness"
   ],
-  "css/css-cascade/parsing/support/parsing-testcommon.js": [
-   "b075882f89aae49b419220b234534241cde5fd42",
-   "support"
-  ],
   "css/css-cascade/reference/ref-filled-green-100px-square.xht": [
    "05a13794482a94f6c10bd9d4c98704e63ef60331",
    "support"
@@ -517070,6 +517419,10 @@
    "a346267c7bdb08b6b67ca68c6e821ea71ab1eefa",
    "reftest"
   ],
+  "css/css-cascade/support/parsing-testcommon.js": [
+   "b075882f89aae49b419220b234534241cde5fd42",
+   "support"
+  ],
   "css/css-cascade/unset-val-001.html": [
    "c25b980a3b5734df4782ee5b6feb32d845f19e6d",
    "reftest"
@@ -517319,25 +517672,21 @@
    "reftest"
   ],
   "css/css-color/parsing/color-invalid.html": [
-   "978eb895a2a519d0eb8d43e3e077023ec2ecb999",
+   "ec59e0fb8be770bc013c19c3746a434a83fa103d",
    "testharness"
   ],
   "css/css-color/parsing/color-valid.html": [
-   "e94eb38f6955ab006325dd864ec64cbd0f9b7cde",
+   "ee5948efec207fd2d473097f6223f9c344628b9f",
    "testharness"
   ],
   "css/css-color/parsing/opacity-invalid.html": [
-   "955903ff354c73e0fffa5964132c47934e289125",
+   "7e64036eb7a1de16feb785c2490a4c13f3469689",
    "testharness"
   ],
   "css/css-color/parsing/opacity-valid.html": [
-   "738c3d077061c04212d384ae7ecffd1c62b8965d",
+   "bf22b092ca09b1a48eddd47b5c19b92801d2c1e8",
    "testharness"
   ],
-  "css/css-color/parsing/resources/parsing-testcommon.js": [
-   "b075882f89aae49b419220b234534241cde5fd42",
-   "support"
-  ],
   "css/css-color/rebeccapurple-ref.html": [
    "8c15364f38e53cc1651f2f6c115c7b2fca3f4ba9",
    "support"
@@ -517410,6 +517759,10 @@
    "65eab55794c39e47d6afb5b71e5fea4b9b671b37",
    "reftest"
   ],
+  "css/css-color/support/parsing-testcommon.js": [
+   "b075882f89aae49b419220b234534241cde5fd42",
+   "support"
+  ],
   "css/css-color/t31-color-currentColor-b-ref.html": [
    "3013c7050c3c6f057e295923d43c87da6c09751f",
    "support"
@@ -518307,7 +518660,7 @@
    "reftest"
   ],
   "css/css-contain/contain-paint-cell-001.html": [
-   "964f33a21969d954ffb44fb85b7eda70ceefc554",
+   "d66a16944ecadca57a585a4514024b198c19478f",
    "reftest"
   ],
   "css/css-contain/contain-paint-cell-002.html": [
@@ -518387,19 +518740,19 @@
    "reftest"
   ],
   "css/css-contain/contain-size-007.html": [
-   "71e61aff4d13c86c94a8162e18ce9e005351dcee",
+   "4d4bce8e9264f6f4a9d390a7e43d05169dd00192",
    "reftest"
   ],
   "css/css-contain/contain-size-008.html": [
-   "fb7b5258a5ad9f44052e9711c9c030fc46cb451d",
+   "63deea8199fc13fd8c81021a0275b5127ed31e77",
    "reftest"
   ],
   "css/css-contain/contain-size-009.html": [
-   "4b080c4ad5ee168ebe3680d798f3369dfc916274",
+   "a285d5e2b38e5b4e5aa7cf924f859a9f782aed53",
    "reftest"
   ],
   "css/css-contain/contain-size-010.html": [
-   "59fdb8b63fd3dbea5d6e285d0d3445077e815c41",
+   "0061894ce0307c8a66ff39667fb39b7c8836d09b",
    "reftest"
   ],
   "css/css-contain/contain-size-011.html": [
@@ -518523,11 +518876,11 @@
    "reftest"
   ],
   "css/css-contain/contain-style-counters-003.html": [
-   "d99f139c500eaa273b0137d5b3fd9a0a472c414b",
+   "b550f1135aa5f4d1bec8d4636135a529f133edd4",
    "reftest"
   ],
   "css/css-contain/contain-style-counters-004.html": [
-   "1e751d1552040a99bb121fb645d2b4e388891411",
+   "e0e0528918abe7d3d696c8b077a58f310ad1a810",
    "reftest"
   ],
   "css/css-contain/contain-style-counters-ref.html": [
@@ -518730,6 +519083,10 @@
    "a5b4e9f47a8e60ad0bede1ac81e02b3542c80f3b",
    "support"
   ],
+  "css/css-contain/support/60x60-red.png": [
+   "823f125b8e4a60f780f00443c9c9a10b9fa1f447",
+   "support"
+  ],
   "css/css-contain/support/blue-100x100.png": [
    "3b72d5ce53c07b68fe508bb57aa61a933dbda768",
    "support"
@@ -534007,57 +534364,53 @@
    "support"
   ],
   "css/css-images/parsing/gradient-position-invalid.html": [
-   "7a636481bebdaf23ca9bc058227a76156fae457c",
+   "f224263952666372d59d82a72d31cf8a6dd3450f",
    "testharness"
   ],
   "css/css-images/parsing/gradient-position-valid.html": [
-   "6eae484752c53b580d29575f69712c001baaaa90",
+   "04ca328da01babeaf249ba3dff4e312900af39ac",
    "testharness"
   ],
   "css/css-images/parsing/image-orientation-invalid.html": [
-   "c16c7bd91af151d6675bb7feb97d323c2de5fd11",
+   "a55e335e64f1caa83f97a2eaf5df979147d86586",
    "testharness"
   ],
   "css/css-images/parsing/image-orientation-valid.html": [
-   "d2d24baf608d21e52a10b1bbeb974c2f6cdfd96d",
+   "c1e2015b302d8614fadca491cf4da47d596094e5",
    "testharness"
   ],
   "css/css-images/parsing/image-rendering-invalid.html": [
-   "84b0727572e350d3d01d56ee0f878f2ef2ced579",
+   "1ce1a2327a6febadd1aaabb686174a70e90ab287",
    "testharness"
   ],
   "css/css-images/parsing/image-rendering-valid.html": [
-   "80ea1c446da37caa3320713059827d306378a0f3",
+   "1918a247313e9d39be7fdf5b4112271908fcd8cf",
    "testharness"
   ],
   "css/css-images/parsing/image-resolution-invalid.html": [
-   "332ad1543177a4719fe60ec779b0f909143e2cd6",
+   "d0998cc2b7f78f69649b8a2c1d665464fe979de3",
    "testharness"
   ],
   "css/css-images/parsing/image-resolution-valid.html": [
-   "9317902c82275c6404d0ce8b55a490b4a741ea7e",
+   "6ee676f429f842f4701c70a1296428ce0610a786",
    "testharness"
   ],
   "css/css-images/parsing/object-fit-invalid.html": [
-   "e4a298b91a352afda8dd6f0a5c9928a64608e0a8",
+   "26841d4be7eccaeb658776d8f0d67dddb9751406",
    "testharness"
   ],
   "css/css-images/parsing/object-fit-valid.html": [
-   "0f73cfe256c7d62a64d4c3c2e3ca981a4f5b4fa5",
+   "50ea7254b0bbd2f12f8ce73152ca15d263cb8bf5",
    "testharness"
   ],
   "css/css-images/parsing/object-position-invalid.html": [
-   "87de7b9231abc62323f1c53e3f4a951a95a64e22",
+   "d722f1a1af94818e047713d30d71f19def9eaeae",
    "testharness"
   ],
   "css/css-images/parsing/object-position-valid.html": [
-   "f78f67e6326cc216b800ad9a427f24ba7439597f",
+   "7121cc42021a1122a2b96d893469252fb5e4ce1b",
    "testharness"
   ],
-  "css/css-images/parsing/resources/parsing-testcommon.js": [
-   "b075882f89aae49b419220b234534241cde5fd42",
-   "support"
-  ],
   "css/css-images/support/1x1-green.gif": [
    "e023d92c7ad04264d06196d47a5edd828a7f71db",
    "support"
@@ -534134,6 +534487,10 @@
    "833e6e36cdf316be9e4f54dc68732712afe11ba2",
    "support"
   ],
+  "css/css-images/support/parsing-testcommon.js": [
+   "b075882f89aae49b419220b234534241cde5fd42",
+   "support"
+  ],
   "css/css-images/support/pattern-grg-rgr-grg.png": [
    "6fcfeb4883edea810f880fabb861e09df7871695",
    "support"
@@ -535723,30 +536080,30 @@
    "testharness"
   ],
   "css/css-masking/parsing/clip-invalid.html": [
-   "68b67c93131b3717ae2f90e18a52f423f351b94f",
+   "919396375a2947be03001e21af72c4f09fc4ddab",
    "testharness"
   ],
   "css/css-masking/parsing/clip-path-invalid.html": [
-   "3f5940a5f87f2dc3eebc95b6a5b8623c8453affe",
+   "881cbc08a64b6170a6ae7ce00ca3306cb51dada6",
    "testharness"
   ],
   "css/css-masking/parsing/clip-path-valid.html": [
-   "d7b2785907a5e2846098bfca6e10536c956f7aa6",
+   "fef14c97d5c529e2e54b19b263dc13340f44a17d",
    "testharness"
   ],
   "css/css-masking/parsing/clip-rule-invalid.html": [
-   "10f6aeef256c43b8f7de26db049ee6b21a57da75",
+   "50694703ce46efa41305abfcad060970df64334c",
    "testharness"
   ],
   "css/css-masking/parsing/clip-rule-valid.html": [
-   "db22680cb14583128c020045b528cfe38bbeff45",
+   "ca805e1fcecc3b6c4c4f42d3461b36f18c89c3e4",
    "testharness"
   ],
   "css/css-masking/parsing/clip-valid.html": [
-   "34a24ea305d9af405d517a60466d489a7a0e8e29",
+   "95c31f7de06cf22f3d72f29f280278338d6e7536",
    "testharness"
   ],
-  "css/css-masking/parsing/resources/parsing-testcommon.js": [
+  "css/css-masking/support/parsing-testcommon.js": [
    "b075882f89aae49b419220b234534241cde5fd42",
    "support"
   ],
@@ -540846,40 +541203,36 @@
    "5e4842d234f6af393a5ee04fa604a63f6db5cae1",
    "testharness"
   ],
-  "css/css-shapes/parsing/resources/parsing-testcommon.js": [
-   "b075882f89aae49b419220b234534241cde5fd42",
-   "support"
-  ],
   "css/css-shapes/parsing/shape-image-threshold-invalid.html": [
-   "e3871d869b4e561b8a98088fc149fbea661a3092",
+   "dcabbe6cce1dc627f28ffe55bef09dce0dfc7525",
    "testharness"
   ],
   "css/css-shapes/parsing/shape-image-threshold-valid.html": [
-   "5b77db8e507b6b3eeab2e71cafbe951c006f66ea",
+   "0a71e75ba0a2abba82efce5880c17d2f44c9f80b",
    "testharness"
   ],
   "css/css-shapes/parsing/shape-margin-invalid.html": [
-   "4f3b4f26fb747ffeb7944ccdfcf5d143abfccf95",
+   "ebb1938d422422142ef3caa9699d7a419dce0b0e",
    "testharness"
   ],
   "css/css-shapes/parsing/shape-margin-valid.html": [
-   "68634b6b97aa35b98e935f8505a44518c0c20a06",
+   "f36a8eb3249210538e1be6d1d30fa7a6d062cd2e",
    "testharness"
   ],
   "css/css-shapes/parsing/shape-outside-invalid-position.html": [
-   "7d2b64b328c3da8db6224f816cb26ebfbbd19f80",
+   "90023aeaf25f3f318b57e691f8ff31462948ebbb",
    "testharness"
   ],
   "css/css-shapes/parsing/shape-outside-invalid.html": [
-   "9f541cf2930b11a5a84c1dc8970cdeb23c49707b",
+   "a2a8923818e7500ee895c27c2ee3deae7c38daff",
    "testharness"
   ],
   "css/css-shapes/parsing/shape-outside-valid-position.html": [
-   "ca01b352b6360f9aadcdce35f41fe9658a5be094",
+   "225b0156ad77af4ea24a509faf26cbcdc9ea854e",
    "testharness"
   ],
   "css/css-shapes/parsing/shape-outside-valid.html": [
-   "ae0e0bfe29e8ef87d959be9d26806e197747a8bf",
+   "28f45353dcb316350c11bb304db93184a349944d",
    "testharness"
   ],
   "css/css-shapes/shape-outside-invalid-001.html": [
@@ -542002,6 +542355,10 @@
    "85dd7324815b8f8ef1a1d0496224c1a0661db9d8",
    "support"
   ],
+  "css/css-shapes/support/parsing-testcommon.js": [
+   "b075882f89aae49b419220b234534241cde5fd42",
+   "support"
+  ],
   "css/css-shapes/support/pattern-grg-rgr-grg.png": [
    "9b88fbd81149891234185f54f8b4a0431759f181",
    "support"
@@ -548547,63 +548904,59 @@
    "reftest"
   ],
   "css/css-transforms/parsing/perspective-origin-parsing-invalid.html": [
-   "09f2f477c1660b03af723676373cfd23cd64a355",
+   "75350cc323633cdb4c8e63d2d35b336470764b92",
    "testharness"
   ],
   "css/css-transforms/parsing/perspective-origin-parsing-valid.html": [
-   "8421376002a9f7da547370fd690b6d533c8a1c27",
+   "b53a34a21d7b7eed791e7bce49c3260446c68e37",
    "testharness"
   ],
-  "css/css-transforms/parsing/resources/parsing-testcommon.js": [
-   "b075882f89aae49b419220b234534241cde5fd42",
-   "support"
-  ],
   "css/css-transforms/parsing/rotate-parsing-invalid.html": [
-   "8326db38e68a789c2fa3e801f3386ea71e62cb58",
+   "63a74e24699631ce4e77947075d775640b29c722",
    "testharness"
   ],
   "css/css-transforms/parsing/rotate-parsing-valid.html": [
-   "b2e57495a874a20c59cc4c739199c9169e084c00",
+   "789ea00ac4bbdad73c6f7a17d2b5c75ba2cdd058",
    "testharness"
   ],
   "css/css-transforms/parsing/scale-parsing-invalid.html": [
-   "82b47cca0bcd499539024a324f3e1056451ffdeb",
+   "050171ca18c570b1c2f8c332a87e88ca29144e4d",
    "testharness"
   ],
   "css/css-transforms/parsing/scale-parsing-valid.html": [
-   "e058f06c25987b200da2f72b4e50691061ffac71",
+   "0d8783afc4d2b84749d4ae5eb98957a4e6fc7142",
    "testharness"
   ],
   "css/css-transforms/parsing/transform-box-invalid.html": [
-   "3af91965883df4d655ed099ea317b90a8480b9ab",
+   "23f7ddc463e707499891581d944af28424420e50",
    "testharness"
   ],
   "css/css-transforms/parsing/transform-box-valid.html": [
-   "742750b6677b08bf1101f3861d37f42818c20abd",
+   "a5d8af9537e39581d94ef6da3fc006cb2a2a2f52",
    "testharness"
   ],
   "css/css-transforms/parsing/transform-invalid.html": [
-   "dc81069c9e89a6715ee7d69669376db3cc5b3076",
+   "02c2b9570a7b0e5c927b2e68e7e91de4e2faba25",
    "testharness"
   ],
   "css/css-transforms/parsing/transform-origin-invalid.html": [
-   "dab56a0423192641e9815149d377232288942462",
+   "0adcc1f2803a0dd8c127c5e3ea3ff0535718c465",
    "testharness"
   ],
   "css/css-transforms/parsing/transform-origin-valid.html": [
-   "ab36024ef2bbb5ccc34efa3616c909ffb86c669f",
+   "52aa6ff9322615d1d1d35c824b544aaf7d0c16bf",
    "testharness"
   ],
   "css/css-transforms/parsing/transform-valid.html": [
-   "9a5b9c0696ec4f7daaff06edb058e4cec74c3373",
+   "f9efaa1f71051d497b616194b1cd98d6661503be",
    "testharness"
   ],
   "css/css-transforms/parsing/translate-parsing-invalid.html": [
-   "d8de1f7540379e9c82d6806511dfbee15f055140",
+   "e602d91bb1324fb86c1ef57fafa6a2a2085139e7",
    "testharness"
   ],
   "css/css-transforms/parsing/translate-parsing-valid.html": [
-   "b117d27ce4fe7119cf14117c8778f8f801234173",
+   "ab4f27f1019408c681e3be36b855a16d8acc8eaf",
    "testharness"
   ],
   "css/css-transforms/patternTransform/reference/svg-patternTransform-combination-ref.html": [
@@ -549866,6 +550219,10 @@
    "9945ef47114c2841a746c99a2fb1e93e050aac8b",
    "support"
   ],
+  "css/css-transforms/support/parsing-testcommon.js": [
+   "b075882f89aae49b419220b234534241cde5fd42",
+   "support"
+  ],
   "css/css-transforms/support/pattern-grg-rgr-grg.png": [
    "9b88fbd81149891234185f54f8b4a0431759f181",
    "support"
@@ -555843,95 +556200,91 @@
    "reftest"
   ],
   "css/css-ui/parsing/box-sizing-invalid.html": [
-   "4ced38240f29163814f1d57a9923af8962d06c06",
+   "0b6ee8578abd97a69a5129997f16c21d108720e6",
    "testharness"
   ],
   "css/css-ui/parsing/box-sizing-valid.html": [
-   "fb60ac23bb8d2a509d1bdede4069cb09a52ae415",
+   "68010ffe34e1db1047b689a6224109905ba9fe55",
    "testharness"
   ],
   "css/css-ui/parsing/caret-color-invalid.html": [
-   "b4c9cb71e038b81ed2dfa582cb579395ae060aa0",
+   "a980b0e25b5a8863c3363fa912ada8e89d9803fd",
    "testharness"
   ],
   "css/css-ui/parsing/caret-color-valid.html": [
-   "41cc70654dade5dccfab56b0c1b18c8dba50344a",
+   "31e1b6c5ec5b909c25eb44c43080a533438af84a",
    "testharness"
   ],
   "css/css-ui/parsing/cursor-invalid.html": [
-   "dda8031d3090699885bbe896ad77158046b87bcd",
+   "1866b45c0aef1a1e42d476726bed9ae6aff6d547",
    "testharness"
   ],
   "css/css-ui/parsing/cursor-valid.html": [
-   "e33b82e2ddc54455f7da26728e457b1821dec2ea",
+   "b16a6fe2e8726b64dd7fc7d823fdc109c4815a51",
    "testharness"
   ],
   "css/css-ui/parsing/outline-color-invalid.html": [
-   "195f55dc72bd3a943f457f700677484e94fc5ba1",
+   "b554c1ac61196a5ef8a19c68700591db68f4ee28",
    "testharness"
   ],
   "css/css-ui/parsing/outline-color-valid-mandatory.html": [
-   "fbe730bdae37d0148d767d8745589e363f98938d",
+   "92f1b047d7247869a7b1a759fd4bcd1b5e5d969d",
    "testharness"
   ],
   "css/css-ui/parsing/outline-color-valid-optional.html": [
-   "bf12b87f2193bcd11e4a382ffb94073300b47eaf",
+   "9b82aeb5cd94828ad4d6a79d5969c9818565ce8d",
    "testharness"
   ],
   "css/css-ui/parsing/outline-invalid.html": [
-   "c56a579452fb78daf9f48bd45cd996a1f2697b25",
+   "f9aa61b89ec6e1495805a97e625a629ea0a6066c",
    "testharness"
   ],
   "css/css-ui/parsing/outline-offset-invalid.html": [
-   "1ee9477a1118f7f262d7e7b1c29f2978c8b80092",
+   "1106e86d4bfe2b5b6c12add4d7aa009f39d0d7b7",
    "testharness"
   ],
   "css/css-ui/parsing/outline-offset-valid.html": [
-   "c5e023b8e9607dd38bd0bd33cd52244e25a9b0fb",
+   "c0b8891d97bba361417fc10dcf2e85d09b32287a",
    "testharness"
   ],
   "css/css-ui/parsing/outline-style-invalid.html": [
-   "2340c62d90299a636abbaf9973ed08e55c9d9d66",
+   "b93a98407aa3079a552d5fe8576826052fa7322b",
    "testharness"
   ],
   "css/css-ui/parsing/outline-style-valid.html": [
-   "5adcfda7ec75dadb3b87475cd6e0009c8aaa94ff",
+   "93d14a46764bd6f42c3f8fa44105d3c176787e4b",
    "testharness"
   ],
   "css/css-ui/parsing/outline-valid-mandatory.html": [
-   "a296c989bce262b620a8acc028cfa79d513a8acb",
+   "f8322a459347cf139780897fe8ed168c6ba0a9fc",
    "testharness"
   ],
   "css/css-ui/parsing/outline-valid-optional.html": [
-   "e179406cafb53cefc35fdc69b46b0530233dafc2",
+   "44cf823ba4c74e6a96cf253d8d87744c6a07c7e8",
    "testharness"
   ],
   "css/css-ui/parsing/outline-width-invalid.html": [
-   "07012fef225859ae8f4194f19795c24363685108",
+   "40e4961a0025d5a94ba2cba0c15e22df4743549e",
    "testharness"
   ],
   "css/css-ui/parsing/outline-width-valid.html": [
-   "050371246ce4006b922e1ab2d69255d1cf454d5d",
+   "db6c77c8645ba890d4bc059d014c9b3e86a2fb55",
    "testharness"
   ],
   "css/css-ui/parsing/resize-invalid.html": [
-   "a56a1dbc6e24e851e9055513c7ebe86e1c847760",
+   "b166c01395c10aad1dcad6f2697fa226a84903dc",
    "testharness"
   ],
   "css/css-ui/parsing/resize-valid.html": [
-   "025b0e447bb66d8daf828dccf009fcc039fa0b53",
+   "3acc9b09e6f18740d013837f47e3fbf9c74a1dc3",
    "testharness"
   ],
-  "css/css-ui/parsing/support/parsing-testcommon.js": [
-   "b075882f89aae49b419220b234534241cde5fd42",
-   "support"
-  ],
   "css/css-ui/parsing/text-overflow-invalid.html": [
-   "f3945a162ec4c67fdf36753a270b3c2e350726a4",
+   "22affb7cafa0f6c60f04f7805c6e54be83eb7318",
    "testharness"
   ],
   "css/css-ui/parsing/text-overflow-valid.html": [
-   "3f0aaa60938ff98e8d0f10d201d6e05d79d2771d",
+   "bc2a4fd87402d614d3b9b96cab998cb7269d1028",
    "testharness"
   ],
   "css/css-ui/reference/box-sizing-001-ref.html": [
@@ -557046,6 +557399,10 @@
    "56346a8295ba14f002eee4e35cd864e1829ae840",
    "support"
   ],
+  "css/css-ui/support/parsing-testcommon.js": [
+   "b075882f89aae49b419220b234534241cde5fd42",
+   "support"
+  ],
   "css/css-ui/support/r1-1.svg": [
    "84f1b9532b5f55ee48c6502ec00470b7b2d93431",
    "support"
@@ -561291,47 +561648,43 @@
    "manual"
   ],
   "css/css-writing-modes/parsing/direction-invalid.html": [
-   "a587b9fb0e0f2de52e2bc8cdc3e0ea8d9709b8c3",
+   "0927ca388b7cc7a0e37149f1c8a23b15d0d44444",
    "testharness"
   ],
   "css/css-writing-modes/parsing/direction-valid.html": [
-   "436226a9187a387cbc3aeb1d7388c8bc2bc72841",
+   "ca4d7bb9df9e48606b92f0bb7a515488ad73a18c",
    "testharness"
   ],
-  "css/css-writing-modes/parsing/resources/parsing-testcommon.js": [
-   "b075882f89aae49b419220b234534241cde5fd42",
-   "support"
-  ],
   "css/css-writing-modes/parsing/text-combine-upright-invalid.html": [
-   "8807997de8bb606f7e744e9834ee42111bb6face",
+   "08cbb967bb81f19bfdf7d2f8e71daaceae364cb1",
    "testharness"
   ],
   "css/css-writing-modes/parsing/text-combine-upright-valid.html": [
-   "f599f12bf170de49aabe221e2638324ef3479c8e",
+   "bd56fb5c4935cf9db038a64b652e3ce81a0d4b01",
    "testharness"
   ],
   "css/css-writing-modes/parsing/text-orientation-invalid.html": [
-   "4461dbeea2fb9652ef0743fb176e8a095b837a2c",
+   "118764d6c5f346600cd416ff08a2971e7009b05c",
    "testharness"
   ],
   "css/css-writing-modes/parsing/text-orientation-valid.html": [
-   "f6304fd4d8af079be5d9a00d15e4d31f002accce",
+   "2f2b6625505a1e2e613297a0fac3d185bf75c94b",
    "testharness"
   ],
   "css/css-writing-modes/parsing/unicode-bidi-invalid.html": [
-   "10907cbe931783a8fcd9ee8b4c293b680944dc42",
+   "de7cb6d20f71086b573a809762735ad35796f5b0",
    "testharness"
   ],
   "css/css-writing-modes/parsing/unicode-bidi-valid.html": [
-   "49c42345a36102baf32345a7f02ddafed70b0121",
+   "97a3d59c9acf77a263627bf2199a77fa517a3026",
    "testharness"
   ],
   "css/css-writing-modes/parsing/writing-mode-invalid.html": [
-   "7b36e47cc56027b23e2449f56cc37ab42c6e2dfc",
+   "6a512a71834a36961bcf3022ed76904cfc6be124",
    "testharness"
   ],
   "css/css-writing-modes/parsing/writing-mode-valid.html": [
-   "4264e3840dbe99b752d7c085ebab5476930eed42",
+   "4fd856ae9dde5128b0a8ea8740a7123697ea41d3",
    "testharness"
   ],
   "css/css-writing-modes/percent-margin-vlr-003.xht": [
@@ -563194,6 +563547,10 @@
    "04dc0fe2e9e838e592f8da044555f1a379ab641f",
    "support"
   ],
+  "css/css-writing-modes/support/parsing-testcommon.js": [
+   "b075882f89aae49b419220b234534241cde5fd42",
+   "support"
+  ],
   "css/css-writing-modes/support/pass-cdts-abs-pos-non-replaced.png": [
    "15fd6065ef670fcab7e0b662285c19bdd881da1d",
    "support"
@@ -565851,33 +566208,29 @@
    "testharness"
   ],
   "css/filter-effects/parsing/color-interpolation-filters-parsing-invalid.html": [
-   "3aca3734eaad689f0bde34e3ce3004bd2c16a3ca",
+   "d07f195d62631a3896e892e40033d84b30e20a97",
    "testharness"
   ],
   "css/filter-effects/parsing/color-interpolation-filters-parsing-valid.html": [
-   "d2e89a3625853fecdb86618afaad9d3354f34ed2",
+   "68313d8db7f444a611075c0b1188a131fde54cd1",
    "testharness"
   ],
   "css/filter-effects/parsing/filter-parsing-invalid.html": [
-   "30ebf6764f56e156d41047a9ba99d504ed05ff34",
+   "f89f45628ce8a2e5c755204b1a73ff32751588d2",
    "testharness"
   ],
   "css/filter-effects/parsing/filter-parsing-valid.html": [
-   "773b1101138c6764ca39d63c622ec4f2f42d7ded",
+   "3de19c023cf8c75ee87899393819b77b03060d3b",
    "testharness"
   ],
   "css/filter-effects/parsing/lighting-color-parsing-invalid.html": [
-   "b74888ee9f8b19d0420a277066b76e13e9ed5a43",
+   "0711cdd4cf33e4644f73ca352fa0fd9682dd19d7",
    "testharness"
   ],
   "css/filter-effects/parsing/lighting-color-parsing-valid.html": [
-   "1a3202536ce255802e4885a0368e4e327386e5a6",
+   "495ddc5f8f6e8ff8171fefb6763843e23f60c94e",
    "testharness"
   ],
-  "css/filter-effects/parsing/resources/parsing-testcommon.js": [
-   "b075882f89aae49b419220b234534241cde5fd42",
-   "support"
-  ],
   "css/filter-effects/reference/filters-opacity-001-ref.html": [
    "17d891ee707c36b7d404d9836060d7bb9275e841",
    "support"
@@ -565962,6 +566315,10 @@
    "9945ef47114c2841a746c99a2fb1e93e050aac8b",
    "support"
   ],
+  "css/filter-effects/support/parsing-testcommon.js": [
+   "b075882f89aae49b419220b234534241cde5fd42",
+   "support"
+  ],
   "css/filter-effects/support/pattern-grg-rgr-grg.png": [
    "9b88fbd81149891234185f54f8b4a0431759f181",
    "support"
@@ -566423,54 +566780,54 @@
    "testharness"
   ],
   "css/motion/parsing/offset-anchor-parsing-invalid.html": [
-   "39c3eb1e6b525a953da34b425653174cd8950c8c",
+   "45917c1b818c7760c42dcdd79b25787037b79520",
    "testharness"
   ],
   "css/motion/parsing/offset-anchor-parsing-valid.html": [
-   "5bb10bb836105f7955b9a904dd64c60a49f8af83",
+   "30101061b5ce62569bd3701494434e4f6d1088de",
    "testharness"
   ],
   "css/motion/parsing/offset-distance-parsing-invalid.html": [
-   "5fbbe8ebe04ca6017ec30adf4b2d4bdd66e9a39d",
+   "1cbb27fe536c2ba202fd3b7ed65bde1309460f95",
    "testharness"
   ],
   "css/motion/parsing/offset-distance-parsing-valid.html": [
-   "4fe67558283f6b6baba741b2d66f8aedb2241fe5",
+   "56569c8e0222068860ddda93faadb2580a818a78",
    "testharness"
   ],
   "css/motion/parsing/offset-parsing-invalid.html": [
-   "54298acb8dde726b86b7d32285e09f8d65b65ec6",
+   "343d22e46b4714dde6f484b37ae8d3fd8772460a",
    "testharness"
   ],
   "css/motion/parsing/offset-parsing-valid.html": [
-   "c7a4e645991027e1b3d53acee0e3107941308bf8",
+   "b645199f3a13015941648df08d8583b9a7fc7fed",
    "testharness"
   ],
   "css/motion/parsing/offset-path-parsing-invalid.html": [
-   "95bce0620d4c51ac85c723550e1bb8352eef1ecd",
+   "c0a32486922b4b1b482817f409571e1e6c4219f7",
    "testharness"
   ],
   "css/motion/parsing/offset-path-parsing-valid.html": [
-   "429abb9c60a944b12bc938478ac7b6c75cf12aac",
+   "c1e229e1a05a4c85845384ace9b884125f579415",
    "testharness"
   ],
   "css/motion/parsing/offset-position-parsing-invalid.html": [
-   "c008eff094530e87d75c5c66954d05a12643c5be",
+   "42370d44a38c2618d7f556d6be4b7a206e76b7e7",
    "testharness"
   ],
   "css/motion/parsing/offset-position-parsing-valid.html": [
-   "984e79c87a9059f334e4269a603bd57bc2799dba",
+   "3cf235cc855fc7e1325610ce4170974b746f1182",
    "testharness"
   ],
   "css/motion/parsing/offset-rotate-parsing-invalid.html": [
-   "f69ccfc3ca72a5e58445e80d662435b53e7d6357",
+   "591189acb050b8f5ff48175f461de837b036ae2f",
    "testharness"
   ],
   "css/motion/parsing/offset-rotate-parsing-valid.html": [
-   "18eb8203ec765f33e2567b48c382e6e423f83fb7",
+   "f481ec8971d3a680c7c0ceb48502adb9ffbf83b4",
    "testharness"
   ],
-  "css/motion/parsing/resources/parsing-testcommon.js": [
+  "css/motion/support/parsing-testcommon.js": [
    "b075882f89aae49b419220b234534241cde5fd42",
    "support"
   ],
@@ -568274,6 +568631,10 @@
    "99c0cb4c26294d1d8b655ed0a35d1f0eeb4a9ccb",
    "reftest"
   ],
+  "css/selectors/scope-selector.html": [
+   "bda0aed602aa691bba4c4089f0a4827a9b836c9e",
+   "testharness"
+  ],
   "css/selectors/scope-without-scoping.html": [
    "2ee7619e8023923c7d484554fd78c8e042d4b6ad",
    "reftest"
@@ -568518,6 +568879,10 @@
    "9945ef47114c2841a746c99a2fb1e93e050aac8b",
    "support"
   ],
+  "css/support/parsing-testcommon.js": [
+   "b075882f89aae49b419220b234534241cde5fd42",
+   "support"
+  ],
   "css/support/pattern-grg-rgr-grg.png": [
    "9b88fbd81149891234185f54f8b4a0431759f181",
    "support"
@@ -583082,8 +583447,8 @@
    "961d40336aeb3ed04c58b9a8b6196b3393cb92d5",
    "support"
   ],
-  "feature-policy/interfaces.any.js": [
-   "baebc2ff0c86e2eafe92811df9e41f2d67eb7662",
+  "feature-policy/idlharness.window.js": [
+   "fb17cab982acecdb7d8aadcc02544bc7cae1a2bb",
    "testharness"
   ],
   "feature-policy/payment-allowed-by-feature-policy-attribute-redirect-on-load.https.sub.html": [
@@ -597658,6 +598023,10 @@
    "4e6293949a0d9a799e6b3bb627fa181e29fe0b2c",
    "testharness"
   ],
+  "html/semantics/embedded-content/the-iframe-element/src-repeated-in-ancestor.html": [
+   "2f77dfe164df3737cbbabf4efce6e28028e62537",
+   "testharness"
+  ],
   "html/semantics/embedded-content/the-iframe-element/stash.py": [
    "0b8693a901152cc7a7f21de1fbdd191dce6078c3",
    "support"
@@ -604451,7 +604820,7 @@
    "support"
   ],
   "interfaces/feature-policy.idl": [
-   "34d92778624f4ea314a2ab2dfc146bc8da51df3d",
+   "de2f0464683394194f347c7155c38ad48bfc190c",
    "support"
   ],
   "interfaces/fetch.idl": [
@@ -604642,6 +605011,10 @@
    "8321e59fb632bb078c7df7d2831cbddba9e1a50c",
    "support"
   ],
+  "interfaces/reporting.idl": [
+   "e9800365c4c03e9d98990de54bdf0fede7690448",
+   "support"
+  ],
   "interfaces/requestidlecallback.idl": [
    "812cc0ef81533136f537b2591cf6c1774bf525ba",
    "support"
@@ -604719,7 +605092,7 @@
    "support"
   ],
   "interfaces/web-animations.idl": [
-   "2e66d6fd5a2211437bf037b7f2b685d84df88821",
+   "7dce1002e666d3efa9b18531e05b087f0f4adc0d",
    "support"
   ],
   "interfaces/web-bluetooth.idl": [
@@ -604747,11 +605120,11 @@
    "support"
   ],
   "interfaces/webgl1.idl": [
-   "fce2cdf032875d9182ce2d927ba52a8153e1c2da",
+   "bab7d421da02399e8006466a395eee113904e04d",
    "support"
   ],
   "interfaces/webgl2.idl": [
-   "b8f5b23bf65b68c4e93ae3a64a2c0661345cc3e0",
+   "11d0d8c2a3be65e2286387cb3ff727a0cf5e376a",
    "support"
   ],
   "interfaces/webmidi.idl": [
@@ -608271,7 +608644,7 @@
    "manual"
   ],
   "notifications/idlharness.https.any.js": [
-   "e2907f318373cb7a975bd8be3167701b74550416",
+   "0b9a71ba85ad09d6ab2068c70ff61c337eb0b1a0",
    "testharness"
   ],
   "notifications/instance.html": [
@@ -624474,6 +624847,14 @@
    "851558b06f211ac2cda5d38b1d447a2e0475586d",
    "testharness"
   ],
+  "reporting/META.yml": [
+   "980823f59f7e3ac4f35a31ab6df37ce16e538f54",
+   "support"
+  ],
+  "reporting/idlharness.window.js": [
+   "17cef8183596ae1d0b307fb8ddccc7455b955966",
+   "testharness"
+  ],
   "requestidlecallback/META.yml": [
    "9c829d3c8885bb9b594e7096a878166e07f3e278",
    "support"
@@ -625007,7 +625388,7 @@
    "support"
   ],
   "resources/chromium/webxr-test.js": [
-   "d760e7c76d3050973e365021766cb00488b16156",
+   "10ed703e01b7efe434333a9c69ac27be1aa0cc08",
    "support"
   ],
   "resources/chromium/webxr-test.js.headers": [
@@ -625315,7 +625696,7 @@
    "support"
   ],
   "resources/testdriver.js": [
-   "c9231d9e3132c6e9b255391a46cd82aa8996e47d",
+   "42ec824d015ab53e1de21aa4e86564b9cd5ed094",
    "support"
   ],
   "resources/testdriver.js.headers": [
@@ -627603,7 +627984,7 @@
    "testharness"
   ],
   "service-workers/service-worker/active.https.html": [
-   "deee6a50ea009ef541c1154353288242e3c3aeae",
+   "350a34b802f70d6b6c78e6fdba9b2acabe7d143c",
    "testharness"
   ],
   "service-workers/service-worker/appcache-ordering-main.https.html": [
@@ -627943,7 +628324,7 @@
    "testharness"
   ],
   "service-workers/service-worker/installing.https.html": [
-   "57d8781119212454c27a2a226c3d6bcb6b067062",
+   "0f257b6aba4f3d65802e7d7f8a7503d6c6aedd42",
    "testharness"
   ],
   "service-workers/service-worker/interfaces-sw.https.html": [
@@ -628038,6 +628419,10 @@
    "914648bcffbfac5f2d69fb087c87db5901a93e03",
    "testharness"
   ],
+  "service-workers/service-worker/navigation-preload/navigationPreload.https.html": [
+   "392e5c14dc8c7ca7d40df4396a102f379e1d55ad",
+   "testharness"
+  ],
   "service-workers/service-worker/navigation-preload/redirect.https.html": [
    "5970f053e36996f4cad93aec104c55f53055465a",
    "testharness"
@@ -629399,7 +629784,7 @@
    "testharness"
   ],
   "service-workers/service-worker/serviceworkerobject-scripturl.https.html": [
-   "58f25f3a442c01387807300b1a278e71e9254d0a",
+   "6004985a34608132825086dab0c0777f3f0fdf1e",
    "testharness"
   ],
   "service-workers/service-worker/shared-worker-controlled.https.html": [
@@ -629487,7 +629872,7 @@
    "testharness"
   ],
   "service-workers/service-worker/waiting.https.html": [
-   "2b0dbc9485bf863fcb324f169de2e28ba18d07b0",
+   "499e581eb353a2e433580e413a730bea2a9b7ad9",
    "testharness"
   ],
   "service-workers/service-worker/websocket-in-service-worker.https.html": [
@@ -634327,7 +634712,7 @@
    "support"
   ],
   "svg/render/reftests/blending-001.svg": [
-   "2278019cc736eeb517e5f4f619211e5ce0847cf1",
+   "f8fcf9fae49363d94157b1a5c9c50e8d6c997d15",
    "reftest"
   ],
   "svg/render/reftests/blending-002-ref.svg": [
@@ -634335,7 +634720,7 @@
    "support"
   ],
   "svg/render/reftests/blending-002.svg": [
-   "01e180f23a5b35b27e80ceee39087e1fa3118c6b",
+   "d74333c96fd7e4974bebf51544e961c63f3f2cea",
    "reftest"
   ],
   "svg/render/reftests/blending-svg-foreign-object-ref.html": [
@@ -635171,7 +635556,7 @@
    "support"
   ],
   "tools/localpaths.py": [
-   "6758107a922736ef7f9db987fa0135349b0f04da",
+   "f6e24b486d58b788b9441175c5e1c89f93874feb",
    "support"
   ],
   "tools/manifest/XMLParser.py": [
@@ -636775,7 +637160,7 @@
    "support"
   ],
   "tools/third_party/hpack/hpack/hpack.py": [
-   "57e8c7f6078bd09ac198b4877a3cebe8c27db50a",
+   "f8e808bec9eb9be9d90b86e5b0866e568309f12d",
    "support"
   ],
   "tools/third_party/hpack/hpack/huffman.py": [
@@ -637226,6 +637611,238 @@
    "6dccf5f0bfd0025566426c314096e67e568359be",
    "support"
   ],
+  "tools/third_party/hyper/hyper/__init__.py": [
+   "afa88035298f065dde7e5f132932fd5ddd8915e5",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/certs.pem": [
+   "72a750f94fa85f772eea13b60374c801d05279b7",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/cli.py": [
+   "1d5384cdd88b463fa5fa83e5f1a4d7c60ca3aab7",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/common/__init__.py": [
+   "cf84291208bb7532cc146802b464153573274f1c",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/common/bufsocket.py": [
+   "b35393af2a02d0b24430312bf2e8bbb3d3a259b4",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/common/connection.py": [
+   "dee18d680e49dc22b616a3e79f41a2eacaddaa57",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/common/decoder.py": [
+   "e86f1f4e09a4fa4b960e96fc3d5550c5a2534b31",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/common/exceptions.py": [
+   "268431abcb5c260621accac303e8dd8b81a17660",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/common/headers.py": [
+   "655a591ac239085967d19cbdfb7c7992f15e21cd",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/common/util.py": [
+   "6d199a0cdebb4146218cc7fb9762091fccc0ba60",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/compat.py": [
+   "368b5fedfd9b09d78629ef5011eec20076bc0e88",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/contrib.py": [
+   "dccec5185502c0df4a7a29f2bc058cae521e0a5d",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/h2/__init__.py": [
+   "00f22d9623b57b7ba9162d8fd959b7d5357795b3",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/h2/config.py": [
+   "f3c6df744faa9dd16fdafa5d79f18879b56f590b",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/h2/connection.py": [
+   "37dc6365470845737f0bf1c2e8f4448fd54463a3",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/h2/errors.py": [
+   "1198b3b8a84f0f1acc70be56b7e3e9eb88cc7fe6",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/h2/events.py": [
+   "55f202183541f7732cbece33aa4b7856596d7334",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/h2/exceptions.py": [
+   "388f9e9a3893d8b1355a03bbbf011001b9d32dc9",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/h2/frame_buffer.py": [
+   "bc1f7ca4e8faffe9db1f00db240222df85423b40",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/h2/settings.py": [
+   "fedc5e3c445c711b673f3efdb562a5301577b206",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/h2/stream.py": [
+   "1b1e0b54232bee65fe9a1fe67b55b853283157c9",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/h2/utilities.py": [
+   "7a525f086ca58614eaa5edc6c13cb784a2864b9e",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/h2/windows.py": [
+   "6656975f486ceca3d165c9a4b08c0acb777ad39a",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/http11/__init__.py": [
+   "2faef667e4580697e52e750f312ea0c45ffde8da",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/http11/connection.py": [
+   "61361c3580d703a04ea9105b07604c1027ec174b",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/http11/parser.py": [
+   "ee391210dd11ed1d9d8a84790f0a50b1810ed434",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/http11/response.py": [
+   "ee23be08c916b9052971b839598fb6bde2541bc9",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/http20/__init__.py": [
+   "4a756d2c48491fb4aee3599e3babb4ac1e850869",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/http20/connection.py": [
+   "3c3927671f567d0b3314a8d5c5d56180ab6a2693",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/http20/errors.py": [
+   "bcad88595962e95e8e2895aa89fde3df6029fbe1",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/http20/exceptions.py": [
+   "69e25816fdbc40c5dc346730e9f0a637e7fb5434",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/http20/response.py": [
+   "bb339b2fde399264921a3daed1aa890692b18a3a",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/http20/stream.py": [
+   "f4d9247ed66b0edc5c8813ecc4c198064d47a7c5",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/http20/util.py": [
+   "b116d095e7f1e149cbe84d946c874c0e9469202f",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/http20/window.py": [
+   "a4e13c3c1509fc3077cad18831c6bcf96c6f79aa",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/httplib_compat.py": [
+   "deb07cf65606f7021368992f1ec1a3b556fe0c2e",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/__init__.py": [
+   "4cf1e65314978704e8bc24546e44a6782dae0f70",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/hpack/__init__.py": [
+   "98b2e0f95aece96f88ffe1f029bf187b6c7269e6",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/hpack/compat.py": [
+   "03a0768e46a785e84bb85f574f0b001d3cece631",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/hpack/exceptions.py": [
+   "0dbc4d9f1dddedbd7ffb8555ea565096b7e6a536",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/hpack/hpack.py": [
+   "c3c5663e42ff6a6748329ad722252caf9d1bb420",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/hpack/hpack_compat.py": [
+   "87918d7b00e0d00873182c096c21ab31c0277b86",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/hpack/huffman.py": [
+   "c8aa276ef5cfa8f6fb08c386cd75e4e8b5aed501",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/hpack/huffman_constants.py": [
+   "c2b3bb283e8ff686512a65a8364d3ab8e8f53bb6",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/hyperframe/__init__.py": [
+   "9b6a84e721d68c84620640a75afbb73c707e1127",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/hyperframe/flags.py": [
+   "e8f6300566db444cec4eb86ca326a34e8a96e1b8",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/hyperframe/frame.py": [
+   "22e20031177d0fc9f533fd23ce1507f0ebc00e5c",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/rfc3986/LICENSE": [
+   "72ce24cf02822ef81cd50905c094b5c7ac958df8",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/rfc3986/__init__.py": [
+   "a3aea4c4da2c1b1aa7a7ca21cea4c70c9ec53c91",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/rfc3986/api.py": [
+   "3e9e401aebaf5a75e5e8d497d7460a3b2b645469",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/rfc3986/compat.py": [
+   "6fc7f6d808d27094b7988a6698dea1dce7c9cab7",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/rfc3986/exceptions.py": [
+   "f9adbde718aa290949606d53de4417f7cc5acb7c",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/rfc3986/misc.py": [
+   "c599434cde10cf0f3acd8ab2d70611ee37908c6a",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/rfc3986/normalizers.py": [
+   "bb0630cb3264fe0b60422acb39662385efefcfe5",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/rfc3986/parseresult.py": [
+   "2def55b636ffb979142a0935d80a3a2676b98211",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/packages/rfc3986/uri.py": [
+   "b7f5ccb79ca60bfd20c7c06266f991563d8be51a",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/ssl_compat.py": [
+   "976b62359310277d3f9d1ba3c6e73cd5cb37ec92",
+   "support"
+  ],
+  "tools/third_party/hyper/hyper/tls.py": [
+   "422b001cda86242d383375be87aa462f33b1c047",
+   "support"
+  ],
   "tools/third_party/hyperframe/CONTRIBUTORS.rst": [
    "aa7ab8b637cab250e1e625373ce93104204771b6",
    "support"
@@ -640087,7 +640704,7 @@
    "support"
   ],
   "tools/wptrunner/wptrunner/wptrunner.py": [
-   "1ee4d54c71ebfe8d65fe9a99fe1e3055711a6049",
+   "aab5996afd94e78686a027fd8546ca83e77766f4",
    "support"
   ],
   "tools/wptrunner/wptrunner/wpttest.py": [
@@ -640175,7 +640792,7 @@
    "support"
   ],
   "tools/wptserve/tests/functional/base.py": [
-   "ad8109822a853efb27881b8ce6d363d4de7ed01c",
+   "e49c8287c5985aa5ebbed04ef3070bc785831733",
    "support"
   ],
   "tools/wptserve/tests/functional/docroot/document.txt": [
@@ -640258,6 +640875,18 @@
    "b05ba7da80932036cef863a541d9f417ebd0dcf6",
    "support"
   ],
+  "tools/wptserve/tests/functional/docroot/test_h2_data.py": [
+   "ffd6586d393e9f70ac493d9c918950984aeaf469",
+   "support"
+  ],
+  "tools/wptserve/tests/functional/docroot/test_h2_headers.py": [
+   "60e72d949255436db6693041fca12d89a01c2883",
+   "support"
+  ],
+  "tools/wptserve/tests/functional/docroot/test_h2_headers_data.py": [
+   "74a81f81f24a487b0433960d4cbfd21ec7147016",
+   "support"
+  ],
   "tools/wptserve/tests/functional/docroot/test_string.py": [
    "8fa605bb181940cea184774f94015ce43ad939a4",
    "support"
@@ -640283,7 +640912,7 @@
    "support"
   ],
   "tools/wptserve/tests/functional/test_handlers.py": [
-   "4c6d37196a168e38b36c74d23e4efc159ea16cc8",
+   "15c7cb7e803d771bb3814de2b0e85ac606f2759f",
    "support"
   ],
   "tools/wptserve/tests/functional/test_input_file.py": [
@@ -640299,7 +640928,7 @@
    "support"
   ],
   "tools/wptserve/tests/functional/test_response.py": [
-   "0842e024f9e96fe5c6a69ecb9efc592df9f4fd62",
+   "daf8e6ed0028502f0876159cbda37e9ac6b6c99c",
    "support"
   ],
   "tools/wptserve/tests/functional/test_server.py": [
@@ -640331,7 +640960,7 @@
    "support"
   ],
   "tools/wptserve/wptserve/handlers.py": [
-   "9e6fe9bbc76e4b9b86e7b29f8ee930427b83a543",
+   "7fbe4234ea0a252aaed07182fd3bed741c147285",
    "support"
   ],
   "tools/wptserve/wptserve/logger.py": [
@@ -640347,11 +640976,11 @@
    "support"
   ],
   "tools/wptserve/wptserve/request.py": [
-   "5088946c0f69b1c5fe2a9b61f8008c85671967d7",
+   "cb575ccdba4514a456c0cbf73904bb63c12fd7ff",
    "support"
   ],
   "tools/wptserve/wptserve/response.py": [
-   "dd0acfd690686ec63f8e5de7668168cfb7e78423",
+   "bc21452eeffce73bc6395fa1a15f35f9f55b93c7",
    "support"
   ],
   "tools/wptserve/wptserve/router.py": [
@@ -640363,7 +640992,7 @@
    "support"
   ],
   "tools/wptserve/wptserve/server.py": [
-   "61a758ab6513ced2a67d8ce7e7af4d1c2894cc68",
+   "8370cca0d3872f5e9f0fe65a40049b5c4065cb91",
    "support"
   ],
   "tools/wptserve/wptserve/sslutils/__init__.py": [
@@ -640387,7 +641016,7 @@
    "support"
   ],
   "tools/wptserve/wptserve/utils.py": [
-   "14a75af9666deee6986a00735a74033ef855cf95",
+   "d0f87fea60f8e304d54fe74d5f73c72cf6164fb2",
    "support"
   ],
   "tools/wptserve/wptserve/wptserve.py": [
@@ -644839,7 +645468,7 @@
    "support"
   ],
   "webdriver/tests/set_window_rect/set.py": [
-   "f7965681744745458296864fda6718ebe4b75a26",
+   "17210af4f46a25a6f2484ba76a74cd5c54e31d6a",
    "wdspec"
   ],
   "webdriver/tests/set_window_rect/user_prompts.py": [
@@ -644938,11 +645567,11 @@
    "f75cbcb99724219224c63d0dc595b1c001298500",
    "testharness"
   ],
-  "webgl/webgl1-idlharness.window.js": [
+  "webgl/webgl1-idlharness.any.js": [
    "884def896cb4d1c987f678c1d9e71aa157773e70",
    "testharness"
   ],
-  "webgl/webgl2-idlharness.window.js": [
+  "webgl/webgl2-idlharness.any.js": [
    "97edfa18285daeeb35a2bf563981283b6399fde4",
    "testharness"
   ],
diff --git a/tests/wpt/metadata/css/selectors/scope-selector.html.ini b/tests/wpt/metadata/css/selectors/scope-selector.html.ini
new file mode 100644
index 00000000000..b7531ec39c3
--- /dev/null
+++ b/tests/wpt/metadata/css/selectors/scope-selector.html.ini
@@ -0,0 +1,4 @@
+[scope-selector.html]
+  [scope-selector]
+    expected: FAIL
+
diff --git a/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_4.html.ini b/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_4.html.ini
new file mode 100644
index 00000000000..385376c7321
--- /dev/null
+++ b/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_4.html.ini
@@ -0,0 +1,4 @@
+[traverse_the_history_4.html]
+  [Multiple history traversals, last would be aborted]
+    expected: FAIL
+
diff --git a/tests/wpt/metadata/html/browsers/history/the-location-interface/location-protocol-setter-non-broken.html.ini b/tests/wpt/metadata/html/browsers/history/the-location-interface/location-protocol-setter-non-broken.html.ini
index 20865f493ec..9579b42287e 100644
--- a/tests/wpt/metadata/html/browsers/history/the-location-interface/location-protocol-setter-non-broken.html.ini
+++ b/tests/wpt/metadata/html/browsers/history/the-location-interface/location-protocol-setter-non-broken.html.ini
@@ -30,3 +30,6 @@
   [Set HTTP URL frame location.protocol to data]
     expected: FAIL
 
+  [Set HTTP URL frame location.protocol to x]
+    expected: FAIL
+
diff --git a/tests/wpt/metadata/html/semantics/embedded-content/image-maps/image-map-processing-model/hash-name-reference.html.ini b/tests/wpt/metadata/html/semantics/embedded-content/image-maps/image-map-processing-model/hash-name-reference.html.ini
index 1de3f8d68b2..1f54c6cbdf1 100644
--- a/tests/wpt/metadata/html/semantics/embedded-content/image-maps/image-map-processing-model/hash-name-reference.html.ini
+++ b/tests/wpt/metadata/html/semantics/embedded-content/image-maps/image-map-processing-model/hash-name-reference.html.ini
@@ -172,3 +172,63 @@
   [XHTML img usemap="http://example.org/#garbage-before-hash-id"]
     expected: FAIL
 
+  [HTML (standards) IMG usemap="no-hash-name"]
+    expected: FAIL
+
+  [HTML (standards) IMG usemap="#percent-escape-name-%41"]
+    expected: FAIL
+
+  [HTML (standards) IMG usemap="#percent-escape-id-%41"]
+    expected: FAIL
+
+  [XHTML img usemap="#percent-escape-id-%41"]
+    expected: FAIL
+
+  [HTML (standards) IMG usemap=""]
+    expected: FAIL
+
+  [XHTML img usemap="#different-CASE-id"]
+    expected: FAIL
+
+  [XHTML img usemap="hash-last#"]
+    expected: FAIL
+
+  [HTML (standards) IMG usemap="hash-last#"]
+    expected: FAIL
+
+  [HTML (standards) IMG usemap="no-hash-id"]
+    expected: FAIL
+
+  [HTML (standards) IMG usemap="#different-CASE-name"]
+    expected: FAIL
+
+  [HTML (standards) IMG usemap="#"]
+    expected: FAIL
+
+  [HTML (standards) IMG usemap="#different-CASE-id"]
+    expected: FAIL
+
+  [XHTML img usemap="no-hash-id"]
+    expected: FAIL
+
+  [XHTML img usemap="#no-such-map"]
+    expected: FAIL
+
+  [XHTML img usemap="#percent-escape-name-%41"]
+    expected: FAIL
+
+  [XHTML img usemap="#"]
+    expected: FAIL
+
+  [XHTML img usemap="#different-CASE-name"]
+    expected: FAIL
+
+  [XHTML img usemap=""]
+    expected: FAIL
+
+  [HTML (standards) IMG usemap="#no-such-map"]
+    expected: FAIL
+
+  [XHTML img usemap="no-hash-name"]
+    expected: FAIL
+
diff --git a/tests/wpt/metadata/html/semantics/embedded-content/the-iframe-element/src-repeated-in-ancestor.html.ini b/tests/wpt/metadata/html/semantics/embedded-content/the-iframe-element/src-repeated-in-ancestor.html.ini
new file mode 100644
index 00000000000..79fa0648e41
--- /dev/null
+++ b/tests/wpt/metadata/html/semantics/embedded-content/the-iframe-element/src-repeated-in-ancestor.html.ini
@@ -0,0 +1,14 @@
+[src-repeated-in-ancestor.html]
+  expected: TIMEOUT
+  [same path name, different document fragment]
+    expected: NOTRUN
+
+  [same path name, no document fragement (intermediary browsing context)]
+    expected: NOTRUN
+
+  [same path name, no document fragment]
+    expected: NOTRUN
+
+  [different path name]
+    expected: TIMEOUT
+
diff --git a/tests/wpt/metadata/url/urlencoded-parser.any.js.ini b/tests/wpt/metadata/url/urlencoded-parser.any.js.ini
index 99026edf969..073158c046b 100644
--- a/tests/wpt/metadata/url/urlencoded-parser.any.js.ini
+++ b/tests/wpt/metadata/url/urlencoded-parser.any.js.ini
@@ -1,17 +1,11 @@
 [urlencoded-parser.any.html]
-  [request.formData() with input: a&b&c]
-    expected: FAIL
-
   [response.formData() with input: a&b&c]
     expected: FAIL
 
-  [response.formData() with input: a=b&c=d&]
+  [request.formData() with input: _charset_=windows-1252&test=%C2x]
     expected: FAIL
 
-  [response.formData() with input: _charset_=windows-1252&test=%C2x]
-    expected: FAIL
-
-  [response.formData() with input: a=b&c=d]
+  [request.formData() with input: a=b&c=d]
     expected: FAIL
 
 
@@ -22,9 +16,12 @@
   [request.formData() with input: a=b&c=d]
     expected: FAIL
 
-  [response.formData() with input: _charset_=windows-1252&test=%C2x]
-    expected: FAIL
-
   [response.formData() with input: a=b&c=d]
     expected: FAIL
 
+  [response.formData() with input: a&b&c]
+    expected: FAIL
+
+  [request.formData() with input: a=b&c=d&]
+    expected: FAIL
+
diff --git a/tests/wpt/metadata/webgl/webgl1-idlharness.any.js.ini b/tests/wpt/metadata/webgl/webgl1-idlharness.any.js.ini
new file mode 100644
index 00000000000..43008eb8e6d
--- /dev/null
+++ b/tests/wpt/metadata/webgl/webgl1-idlharness.any.js.ini
@@ -0,0 +1,9 @@
+[webgl1-idlharness.any.worker.html]
+  [webgl1-idlharness]
+    expected: FAIL
+
+
+[webgl1-idlharness.any.html]
+  [webgl1-idlharness]
+    expected: FAIL
+
diff --git a/tests/wpt/metadata/webgl/webgl2-idlharness.any.js.ini b/tests/wpt/metadata/webgl/webgl2-idlharness.any.js.ini
new file mode 100644
index 00000000000..51577de30cb
--- /dev/null
+++ b/tests/wpt/metadata/webgl/webgl2-idlharness.any.js.ini
@@ -0,0 +1,9 @@
+[webgl2-idlharness.any.html]
+  [webgl2-idlharness]
+    expected: FAIL
+
+
+[webgl2-idlharness.any.worker.html]
+  [webgl2-idlharness]
+    expected: FAIL
+
diff --git a/tests/wpt/web-platform-tests/css/compositing/parsing/background-blend-mode-invalid.html b/tests/wpt/web-platform-tests/css/compositing/parsing/background-blend-mode-invalid.html
index e62ad2d9688..1983adad24d 100644
--- a/tests/wpt/web-platform-tests/css/compositing/parsing/background-blend-mode-invalid.html
+++ b/tests/wpt/web-platform-tests/css/compositing/parsing/background-blend-mode-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background-blend-mode supports only the grammar '<blend-mode>#'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/compositing/parsing/background-blend-mode-valid.html b/tests/wpt/web-platform-tests/css/compositing/parsing/background-blend-mode-valid.html
index debbafdbd54..eebe646bf8a 100644
--- a/tests/wpt/web-platform-tests/css/compositing/parsing/background-blend-mode-valid.html
+++ b/tests/wpt/web-platform-tests/css/compositing/parsing/background-blend-mode-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background-blend-mode supports the full grammar '<blend-mode>#'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/compositing/parsing/isolation-invalid.html b/tests/wpt/web-platform-tests/css/compositing/parsing/isolation-invalid.html
index 759c6c9b70c..bb3a5db31c3 100644
--- a/tests/wpt/web-platform-tests/css/compositing/parsing/isolation-invalid.html
+++ b/tests/wpt/web-platform-tests/css/compositing/parsing/isolation-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="isolation supports only the grammar '<isolation-mode>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/compositing/parsing/isolation-valid.html b/tests/wpt/web-platform-tests/css/compositing/parsing/isolation-valid.html
index bfc27be65bb..6fa4cc9bc76 100644
--- a/tests/wpt/web-platform-tests/css/compositing/parsing/isolation-valid.html
+++ b/tests/wpt/web-platform-tests/css/compositing/parsing/isolation-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="isolation supports the full grammar '<isolation-mode>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/compositing/parsing/mix-blend-mode-invalid.html b/tests/wpt/web-platform-tests/css/compositing/parsing/mix-blend-mode-invalid.html
index cde6cee4b15..a7c1232c8a1 100644
--- a/tests/wpt/web-platform-tests/css/compositing/parsing/mix-blend-mode-invalid.html
+++ b/tests/wpt/web-platform-tests/css/compositing/parsing/mix-blend-mode-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="mix-blend-mode supports only the grammar '<blend-mode>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/compositing/parsing/mix-blend-mode-valid.html b/tests/wpt/web-platform-tests/css/compositing/parsing/mix-blend-mode-valid.html
index 50a333a6742..2033f404941 100644
--- a/tests/wpt/web-platform-tests/css/compositing/parsing/mix-blend-mode-valid.html
+++ b/tests/wpt/web-platform-tests/css/compositing/parsing/mix-blend-mode-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="mix-blend-mode supports the full grammar '<blend-mode>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/compositing/parsing/resources/parsing-testcommon.js b/tests/wpt/web-platform-tests/css/compositing/support/parsing-testcommon.js
similarity index 100%
rename from tests/wpt/web-platform-tests/css/compositing/parsing/resources/parsing-testcommon.js
rename to tests/wpt/web-platform-tests/css/compositing/support/parsing-testcommon.js
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/box-shadow-syntax-001.html b/tests/wpt/web-platform-tests/css/css-backgrounds/box-shadow-syntax-001.html
index e7c83b3ec22..4b8f1869f57 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/box-shadow-syntax-001.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/box-shadow-syntax-001.html
@@ -5,7 +5,7 @@
 <meta name="assert" content="Box shadow color, inset, and length parameters can be mixed in any order, but lengths must stay adjacent." />
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="parsing/resources/parsing-testcommon.js"></script>
+<script src="support/parsing-testcommon.js"></script>
 <script>
   // color only
   test_valid_value("box-shadow", "4px 4px green", "green 4px 4px");
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-attachment-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-attachment-invalid.html
index e4924a244db..0af7394aa42 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-attachment-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-attachment-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background-attachment supports only the grammar '<attachment>#'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-attachment-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-attachment-valid.html
index 4c7243f878d..9a0f2409910 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-attachment-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-attachment-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background-attachment supports the full grammar '<attachment>#'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-clip-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-clip-invalid.html
index 50647e8904f..50b887e1c61 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-clip-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-clip-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background-clip supports only the grammar '<box>#'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-clip-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-clip-valid.html
index 2b6bd491130..2778315260a 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-clip-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-clip-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background-clip supports the full grammar '<box>#'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-color-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-color-invalid.html
index cc31e26168c..ff90dffb311 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-color-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-color-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background-color supports only the grammar '<color>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-color-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-color-valid.html
index d7a5d967d55..b84e13fb957 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-color-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-color-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background-color supports the full grammar '<color>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-image-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-image-invalid.html
index a5f2a905c1e..12103e01dfa 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-image-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-image-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background-image supports only the grammar '<bg-image>#'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-image-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-image-valid.html
index 873800f4beb..601efb6898a 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-image-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-image-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background-image supports the full grammar '<bg-image>#'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-invalid.html
index adc178bddac..19f5d965b48 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background supports only the grammar '<bg-layer># , <final-bg-layer>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-origin-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-origin-invalid.html
index 54589257bf7..1ef2d9faa89 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-origin-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-origin-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background-origin supports only the grammar '<box>#'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-origin-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-origin-valid.html
index ff5212667d6..bbd59d39790 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-origin-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-origin-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background-origin supports the full grammar '<box>#'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-position-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-position-invalid.html
index 5ddf5e06683..9a3e9cb0a61 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-position-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-position-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background-position supports only the grammar '<bg-position>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-position-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-position-valid.html
index 836f3481997..371bc7a3512 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-position-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-position-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background-position supports the full grammar '<bg-position>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-repeat-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-repeat-invalid.html
index a32f5086f8c..55229a70cef 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-repeat-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-repeat-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background-repeat supports only the grammar '<repeat-style>#'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-repeat-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-repeat-valid.html
index 75549090653..3a00b19c4c5 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-repeat-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-repeat-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background-repeat supports the full grammar '<repeat-style>#'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-size-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-size-invalid.html
index 7259cbdf13b..7497f43df97 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-size-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-size-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background-size supports only the grammar '<bg-size>#'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-size-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-size-valid.html
index 670316461b1..71d60698dca 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-size-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-size-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background-size supports the full grammar '<bg-size>#'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-valid.html
index 29737e2096f..39c4672fb35 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/background-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="background supports the full grammar '<bg-layer># , <final-bg-layer>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-color-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-color-invalid.html
index 5c63d8b4da8..67248dd6122 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-color-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-color-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-color supports only the grammar '<color>{1,4}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-color-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-color-valid.html
index 6ee147c770c..c69f9622811 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-color-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-color-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-color supports the full grammar '<color>{1,4}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-invalid.html
index 762be9a9d53..87194a5477d 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-image supports only the grammar ' <‘border-image-source’> || <‘border-image-slice’> [ / <‘border-image-width’> | / <‘border-image-width’>? / <‘border-image-outset’> ]? || <‘border-image-repeat’>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-outset-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-outset-invalid.html
index ffe09591147..5e76198141c 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-outset-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-outset-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-image-outset supports only the grammar '[ <length> | <number> ]{1,4}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-outset-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-outset-valid.html
index dc189372600..5ead2608d25 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-outset-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-outset-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-image-outset supports the full grammar '[ <length> | <number> ]{1,4}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-repeat-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-repeat-invalid.html
index b17b531dd29..0a70aab2412 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-repeat-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-repeat-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-image-repeat supports only the grammar '[ stretch | repeat | round | space ]{1,2}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-repeat-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-repeat-valid.html
index 6e13dc85814..e77ae48fd19 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-repeat-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-repeat-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-image-repeat supports the full grammar '[ stretch | repeat | round | space ]{1,2}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-slice-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-slice-invalid.html
index 7bdb67f67b4..b2f55f14fbe 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-slice-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-slice-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-image-slice supports only the grammar '[<number> | <percentage>]{1,4} && fill?'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-slice-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-slice-valid.html
index 257f276f739..66d747f7cd9 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-slice-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-slice-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-image-slice supports the full grammar '[<number> | <percentage>]{1,4} && fill?'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-source-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-source-invalid.html
index 99a06ce16fa..78d042ded41 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-source-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-source-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-image-source supports only the grammar 'none | <image>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-source-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-source-valid.html
index e12cb92716f..c032dcda878 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-source-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-source-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-image-source supports the full grammar 'none | <image>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-valid.html
index 79bff459ed8..880dc87700b 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-image supports the full grammar ' <‘border-image-source’> || <‘border-image-slice’> [ / <‘border-image-width’> | / <‘border-image-width’>? / <‘border-image-outset’> ]? || <‘border-image-repeat’>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-width-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-width-invalid.html
index f85e947e8c6..c7fba1c2ce3 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-width-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-width-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-image-width supports only the grammar '[ <length-percentage> | <number> | auto ]{1,4}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-width-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-width-valid.html
index 503f23742c3..5917c7f6b9d 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-width-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-image-width-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-image-width supports the full grammar '[ <length-percentage> | <number> | auto ]{1,4}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-invalid.html
index f59f2493f77..baaa66c37da 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-width supports only the grammar '<line-width> || <line-style> || <color>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-radius-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-radius-invalid.html
index a8afbbe9987..28460aa598d 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-radius-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-radius-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-radius supports only the grammar '<length-percentage>{1,4} [ / <length-percentage>{1,4} ]?'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-radius-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-radius-valid.html
index cd6fa491c24..96cdf2019da 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-radius-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-radius-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-radius supports the full grammar '<length-percentage>{1,4} [ / <length-percentage>{1,4} ]?'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-style-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-style-invalid.html
index 47e5422458e..ecc9d6b43a6 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-style-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-style-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-style supports only the grammar '<line-style>{1,4}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-style-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-style-valid.html
index 077985435b2..dc8311b1243 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-style-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-style-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-style supports the full grammar '<line-style>{1,4}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-valid.html
index 5f29f6b872c..e94938a3a48 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-width supports the full grammar '<line-width> || <line-style> || <color>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-width-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-width-invalid.html
index ff908373212..85a3414d813 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-width-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-width-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-width supports only the grammar '<line-width>{1,4}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-width-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-width-valid.html
index b98a2082e6e..00dc1c0fcff 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-width-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/border-width-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="border-width supports the full grammar '<line-width>{1,4}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/box-shadow-invalid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/box-shadow-invalid.html
index fa007373f44..1bcfc694d4c 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/box-shadow-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/box-shadow-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="box-shadow supports only the grammar 'none | <shadow>#'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/box-shadow-valid.html b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/box-shadow-valid.html
index 4ea289b786a..29bb263bb0d 100644
--- a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/box-shadow-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/box-shadow-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="box-shadow supports the full grammar 'none | <shadow>#'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-backgrounds/parsing/resources/parsing-testcommon.js b/tests/wpt/web-platform-tests/css/css-backgrounds/support/parsing-testcommon.js
similarity index 100%
rename from tests/wpt/web-platform-tests/css/css-backgrounds/parsing/resources/parsing-testcommon.js
rename to tests/wpt/web-platform-tests/css/css-backgrounds/support/parsing-testcommon.js
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/clear-invalid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/clear-invalid.html
index 6c2980cc23e..a91e61f97e2 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/clear-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/clear-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="clear supports only the grammar 'none | left | right | both'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/clear-valid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/clear-valid.html
index 59b68f1923b..db0b5aa094d 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/clear-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/clear-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="clear supports the full grammar 'none | left | right | both'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/float-invalid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/float-invalid.html
index f20183f0527..0ff53be36ac 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/float-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/float-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="float supports only the grammar 'left | right | top | bottom | start | end | none | <page-floats>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/float-valid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/float-valid.html
index be91602a4a2..aecbd99d220 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/float-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/float-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="float supports the full grammar 'left | right | top | bottom | start | end | none | <page-floats>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/height-invalid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/height-invalid.html
index 120cce6fcfa..acc595f063a 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/height-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/height-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="height supports only the grammar '[<length> | <percentage>] | available | min-content | max-content | fit-content | complex | auto'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/height-valid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/height-valid.html
index 9b3df67c11d..38f76ea24ab 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/height-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/height-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="height supports the full grammar '[<length> | <percentage>] | available | min-content | max-content | fit-content | complex | auto'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/margin-invalid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/margin-invalid.html
index d28c4823b6c..9c21749c8cc 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/margin-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/margin-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="margin supports only the grammar '[ <length> | <percentage> | auto]{1,4}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/margin-valid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/margin-valid.html
index 9986222e263..fc14af25628 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/margin-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/margin-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="margin supports the full grammar '[ <length> | <percentage> | auto]{1,4}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/max-height-invalid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/max-height-invalid.html
index 9f37619f334..9b8e72dd869 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/max-height-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/max-height-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="max-height supports only the grammar '[ [<length> | <percentage>] && [border-box | content-box]? ] | available | min-content | max-content | fit-content | none'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/max-height-valid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/max-height-valid.html
index 846eb1da92b..35ad18ab266 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/max-height-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/max-height-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="max-height supports the full grammar '[ [<length> | <percentage>] && [border-box | content-box]? ] | available | min-content | max-content | fit-content | none'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/max-width-invalid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/max-width-invalid.html
index 32f51ef4529..487d15e6ec6 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/max-width-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/max-width-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="max-width supports only the grammar '[ [<length> | <percentage>] && [border-box | content-box]? ] | available | min-content | max-content | fit-content | none'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/max-width-valid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/max-width-valid.html
index 73e175918f8..95b2ae9f554 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/max-width-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/max-width-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="max-width supports the full grammar '[ [<length> | <percentage>] && [border-box | content-box]? ] | available | min-content | max-content | fit-content | none'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/min-height-invalid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/min-height-invalid.html
index 846d1888362..a35ac3f8d05 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/min-height-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/min-height-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="min-height supports only the grammar '[ [<length> | <percentage>] && [border-box | content-box]? ] | available | min-content | max-content | fit-content'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/min-height-valid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/min-height-valid.html
index 728667015e0..1a2b838dcbc 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/min-height-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/min-height-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="min-height supports the full grammar '[ [<length> | <percentage>] && [border-box | content-box]? ] | available | min-content | max-content | fit-content'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/min-width-invalid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/min-width-invalid.html
index e6998b0001c..2a290901ed8 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/min-width-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/min-width-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="min-width supports only the grammar '[ [<length> | <percentage>] && [border-box | content-box]? ] | available | min-content | max-content | fit-content'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/min-width-valid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/min-width-valid.html
index 5440b8793d7..ebe9ee70e85 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/min-width-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/min-width-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="min-width supports the full grammar '[ [<length> | <percentage>] && [border-box | content-box]? ] | available | min-content | max-content | fit-content'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/overflow-invalid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/overflow-invalid.html
index dd97b9823f7..da09e64e69e 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/overflow-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/overflow-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="overflow supports only the grammar '[ visible | hidden | scroll | auto | no-display | no-content ]{1,2}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/overflow-valid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/overflow-valid.html
index d4411c80367..898d7607de9 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/overflow-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/overflow-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="overflow supports the full grammar '[ visible | hidden | scroll | auto | no-display | no-content ]{1,2}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/padding-invalid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/padding-invalid.html
index 54bfc69cfe3..7a83d75acca 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/padding-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/padding-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="padding supports only the grammar '<length>{1,4}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/padding-valid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/padding-valid.html
index f3cda52a4a2..33522ba6dbb 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/padding-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/padding-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="padding supports the full grammar '<length>{1,4}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/visibility-invalid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/visibility-invalid.html
index 39050694101..07fe6ebe18a 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/visibility-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/visibility-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="visibility supports only the grammar 'visible | hidden | collapse'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/visibility-valid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/visibility-valid.html
index fbff1f09812..de1cb9b0c11 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/visibility-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/visibility-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="visibility supports the full grammar 'visible | hidden | collapse'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/width-invalid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/width-invalid.html
index f573ba2c5f4..defd7d27912 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/width-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/width-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="width supports only the grammar '[<length> | <percentage>] | available | min-content | max-content | fit-content | auto'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/width-valid.html b/tests/wpt/web-platform-tests/css/css-box/parsing/width-valid.html
index 7ae55ccb2d5..f4be6b2b132 100644
--- a/tests/wpt/web-platform-tests/css/css-box/parsing/width-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-box/parsing/width-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="width supports the full grammar '[<length> | <percentage>] | available | min-content | max-content | fit-content | auto'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-box/parsing/resources/parsing-testcommon.js b/tests/wpt/web-platform-tests/css/css-box/support/parsing-testcommon.js
similarity index 100%
rename from tests/wpt/web-platform-tests/css/css-box/parsing/resources/parsing-testcommon.js
rename to tests/wpt/web-platform-tests/css/css-box/support/parsing-testcommon.js
diff --git a/tests/wpt/web-platform-tests/css/css-cascade/parsing/all-invalid.html b/tests/wpt/web-platform-tests/css/css-cascade/parsing/all-invalid.html
index 8b7c044a034..526f9fdf575 100644
--- a/tests/wpt/web-platform-tests/css/css-cascade/parsing/all-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-cascade/parsing/all-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="all supports only the grammar 'initial | inherit | unset'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-cascade/parsing/all-valid.html b/tests/wpt/web-platform-tests/css/css-cascade/parsing/all-valid.html
index 668a6c24241..42baa25d016 100644
--- a/tests/wpt/web-platform-tests/css/css-cascade/parsing/all-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-cascade/parsing/all-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="all supports the full grammar 'initial | inherit | unset'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-cascade/parsing/support/parsing-testcommon.js b/tests/wpt/web-platform-tests/css/css-cascade/support/parsing-testcommon.js
similarity index 100%
rename from tests/wpt/web-platform-tests/css/css-cascade/parsing/support/parsing-testcommon.js
rename to tests/wpt/web-platform-tests/css/css-cascade/support/parsing-testcommon.js
diff --git a/tests/wpt/web-platform-tests/css/css-color/parsing/color-invalid.html b/tests/wpt/web-platform-tests/css/css-color/parsing/color-invalid.html
index 978eb895a2a..ec59e0fb8be 100644
--- a/tests/wpt/web-platform-tests/css/css-color/parsing/color-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-color/parsing/color-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="color supports only the grammar '<color>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-color/parsing/color-valid.html b/tests/wpt/web-platform-tests/css/css-color/parsing/color-valid.html
index e94eb38f695..ee5948efec2 100644
--- a/tests/wpt/web-platform-tests/css/css-color/parsing/color-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-color/parsing/color-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="color supports the full grammar '<color>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-color/parsing/opacity-invalid.html b/tests/wpt/web-platform-tests/css/css-color/parsing/opacity-invalid.html
index 955903ff354..7e64036eb7a 100644
--- a/tests/wpt/web-platform-tests/css/css-color/parsing/opacity-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-color/parsing/opacity-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="opacity supports only the grammar '<alphavalue>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-color/parsing/opacity-valid.html b/tests/wpt/web-platform-tests/css/css-color/parsing/opacity-valid.html
index 738c3d07706..bf22b092ca0 100644
--- a/tests/wpt/web-platform-tests/css/css-color/parsing/opacity-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-color/parsing/opacity-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="opacity supports the full grammar '<alphavalue>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-color/parsing/resources/parsing-testcommon.js b/tests/wpt/web-platform-tests/css/css-color/support/parsing-testcommon.js
similarity index 100%
rename from tests/wpt/web-platform-tests/css/css-color/parsing/resources/parsing-testcommon.js
rename to tests/wpt/web-platform-tests/css/css-color/support/parsing-testcommon.js
diff --git a/tests/wpt/web-platform-tests/css/css-contain/contain-paint-cell-001.html b/tests/wpt/web-platform-tests/css/css-contain/contain-paint-cell-001.html
index 964f33a2196..d66a16944ec 100644
--- a/tests/wpt/web-platform-tests/css/css-contain/contain-paint-cell-001.html
+++ b/tests/wpt/web-platform-tests/css/css-contain/contain-paint-cell-001.html
@@ -5,7 +5,7 @@
   <title>CSS Containment Test: 'contain: paint' applies to 'table-cell' elements</title>
 
   <link rel="author" title="Gérard Talbot" href="http://www.gtalbot.org/BrowserBugsSection/css21testsuite/">
-  <link rel="help" href="https://www.w3.org/TR/css-contain-1/#containment-layout">
+  <link rel="help" href="https://www.w3.org/TR/css-contain-1/#containment-paint">
   <link rel="match" href="reference/contain-paint-047-ref.html">
 
   <meta content="This test checks that the paint containment applies to table-cell elements. Therefore the content of the table-cell element should be clipped to the padding edge of its principal box." name="assert">
diff --git a/tests/wpt/web-platform-tests/css/css-contain/contain-size-007.html b/tests/wpt/web-platform-tests/css/css-contain/contain-size-007.html
index 71e61aff4d1..4d4bce8e926 100644
--- a/tests/wpt/web-platform-tests/css/css-contain/contain-size-007.html
+++ b/tests/wpt/web-platform-tests/css/css-contain/contain-size-007.html
@@ -3,15 +3,19 @@
 <title>CSS Containment Test: Size containment on table-row-group</title>
 <link rel="author" title="Manuel Rego Casasnovas" href="mailto:rego@igalia.com">
 <link rel="help" href="https://drafts.csswg.org/css-contain-1/#containment-size">
-<link rel="match" href="../reference/pass_if_pass_below.html">
+<link rel="match" href="reference/pass_if_pass_below_clipped.html">
 <meta name=assert content="Size containment doesn't apply to table-row-group elements.">
 <style>
 div {
   display: table-row-group;
   contain: size;
+}
+section {
   overflow: hidden;
 }
 </style>
 
 <p>Test passes if there is the word "PASS" below.</p>
+<section>
 <div>PASS</div>
+<section>
diff --git a/tests/wpt/web-platform-tests/css/css-contain/contain-size-008.html b/tests/wpt/web-platform-tests/css/css-contain/contain-size-008.html
index fb7b5258a5a..63deea8199f 100644
--- a/tests/wpt/web-platform-tests/css/css-contain/contain-size-008.html
+++ b/tests/wpt/web-platform-tests/css/css-contain/contain-size-008.html
@@ -3,15 +3,19 @@
 <title>CSS Containment Test: Size containment on table-header-group</title>
 <link rel="author" title="Manuel Rego Casasnovas" href="mailto:rego@igalia.com">
 <link rel="help" href="https://drafts.csswg.org/css-contain-1/#containment-size">
-<link rel="match" href="../reference/pass_if_pass_below.html">
+<link rel="match" href="reference/pass_if_pass_below_clipped.html">
 <meta name=assert content="Size containment doesn't apply to table-header-group elements.">
 <style>
 div {
   display: table-header-group;
   contain: size;
+}
+section {
   overflow: hidden;
 }
 </style>
 
 <p>Test passes if there is the word "PASS" below.</p>
+<section>
 <div>PASS</div>
+</section>
diff --git a/tests/wpt/web-platform-tests/css/css-contain/contain-size-009.html b/tests/wpt/web-platform-tests/css/css-contain/contain-size-009.html
index 4b080c4ad5e..a285d5e2b38 100644
--- a/tests/wpt/web-platform-tests/css/css-contain/contain-size-009.html
+++ b/tests/wpt/web-platform-tests/css/css-contain/contain-size-009.html
@@ -3,15 +3,19 @@
 <title>CSS Containment Test: Size containment on table-footer-group</title>
 <link rel="author" title="Manuel Rego Casasnovas" href="mailto:rego@igalia.com">
 <link rel="help" href="https://drafts.csswg.org/css-contain-1/#containment-size">
-<link rel="match" href="../reference/pass_if_pass_below.html">
+<link rel="match" href="reference/pass_if_pass_below_clipped.html">
 <meta name=assert content="Size containment doesn't apply to table-footer-group elements.">
 <style>
 div {
   display: table-footer-group;
   contain: size;
+}
+section {
   overflow: hidden;
 }
 </style>
 
 <p>Test passes if there is the word "PASS" below.</p>
+<section>
 <div>PASS</div>
+</section>
diff --git a/tests/wpt/web-platform-tests/css/css-contain/contain-size-010.html b/tests/wpt/web-platform-tests/css/css-contain/contain-size-010.html
index 59fdb8b63fd..0061894ce03 100644
--- a/tests/wpt/web-platform-tests/css/css-contain/contain-size-010.html
+++ b/tests/wpt/web-platform-tests/css/css-contain/contain-size-010.html
@@ -3,15 +3,19 @@
 <title>CSS Containment Test: Size containment on table-row</title>
 <link rel="author" title="Manuel Rego Casasnovas" href="mailto:rego@igalia.com">
 <link rel="help" href="https://drafts.csswg.org/css-contain-1/#containment-size">
-<link rel="match" href="../reference/pass_if_pass_below.html">
+<link rel="match" href="reference/pass_if_pass_below_clipped.html">
 <meta name=assert content="Size containment doesn't apply to table-row elements.">
 <style>
 div {
   display: table-row;
   contain: size;
+}
+section {
   overflow: hidden;
 }
 </style>
 
 <p>Test passes if there is the word "PASS" below.</p>
+<section>
 <div>PASS</div>
+</section>
diff --git a/tests/wpt/web-platform-tests/css/css-contain/contain-style-counters-003.html b/tests/wpt/web-platform-tests/css/css-contain/contain-style-counters-003.html
index d99f139c500..b550f1135aa 100644
--- a/tests/wpt/web-platform-tests/css/css-contain/contain-style-counters-003.html
+++ b/tests/wpt/web-platform-tests/css/css-contain/contain-style-counters-003.html
@@ -40,7 +40,7 @@
     This increments the counter identified as "counter-of-span"
     of the step value of 4 (an entirely arbitrary number) each
     and every time there is a <span> descendant within the subtree
-    of div#test
+    of body
     */
 
   div
diff --git a/tests/wpt/web-platform-tests/css/css-contain/contain-style-counters-004.html b/tests/wpt/web-platform-tests/css/css-contain/contain-style-counters-004.html
index 1e751d15520..e0e0528918a 100644
--- a/tests/wpt/web-platform-tests/css/css-contain/contain-style-counters-004.html
+++ b/tests/wpt/web-platform-tests/css/css-contain/contain-style-counters-004.html
@@ -40,7 +40,7 @@
     This increments the counter identified as "counter-of-span"
     of the step value of 5 (an entirely arbitrary number) each
     and every time there is a <span> descendant within the subtree
-    of div#test
+    of body
     */
 
   div
diff --git a/tests/wpt/web-platform-tests/css/css-contain/support/60x60-red.png b/tests/wpt/web-platform-tests/css/css-contain/support/60x60-red.png
new file mode 100644
index 00000000000..823f125b8e4
Binary files /dev/null and b/tests/wpt/web-platform-tests/css/css-contain/support/60x60-red.png differ
diff --git a/tests/wpt/web-platform-tests/css/css-images/parsing/gradient-position-invalid.html b/tests/wpt/web-platform-tests/css/css-images/parsing/gradient-position-invalid.html
index 7a636481beb..f2242639526 100644
--- a/tests/wpt/web-platform-tests/css/css-images/parsing/gradient-position-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-images/parsing/gradient-position-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="gradient positions support only the '<position>' grammar.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-images/parsing/gradient-position-valid.html b/tests/wpt/web-platform-tests/css/css-images/parsing/gradient-position-valid.html
index 6eae484752c..04ca328da01 100644
--- a/tests/wpt/web-platform-tests/css/css-images/parsing/gradient-position-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-images/parsing/gradient-position-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="gradient positions support the full '<position>' grammar.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-images/parsing/image-orientation-invalid.html b/tests/wpt/web-platform-tests/css/css-images/parsing/image-orientation-invalid.html
index c16c7bd91af..a55e335e64f 100644
--- a/tests/wpt/web-platform-tests/css/css-images/parsing/image-orientation-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-images/parsing/image-orientation-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="image-orientation supports only the grammar 'from-image | none'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-images/parsing/image-orientation-valid.html b/tests/wpt/web-platform-tests/css/css-images/parsing/image-orientation-valid.html
index d2d24baf608..c1e2015b302 100644
--- a/tests/wpt/web-platform-tests/css/css-images/parsing/image-orientation-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-images/parsing/image-orientation-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="image-orientation supports the full grammar 'from-image | none'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-images/parsing/image-rendering-invalid.html b/tests/wpt/web-platform-tests/css/css-images/parsing/image-rendering-invalid.html
index 84b0727572e..1ce1a2327a6 100644
--- a/tests/wpt/web-platform-tests/css/css-images/parsing/image-rendering-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-images/parsing/image-rendering-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="image-rendering supports only the grammar 'auto | smooth | high-quality | crisp-edges | pixelated'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-images/parsing/image-rendering-valid.html b/tests/wpt/web-platform-tests/css/css-images/parsing/image-rendering-valid.html
index 80ea1c446da..1918a247313 100644
--- a/tests/wpt/web-platform-tests/css/css-images/parsing/image-rendering-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-images/parsing/image-rendering-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="image-rendering supports the full grammar 'auto | smooth | high-quality | crisp-edges | pixelated'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-images/parsing/image-resolution-invalid.html b/tests/wpt/web-platform-tests/css/css-images/parsing/image-resolution-invalid.html
index 332ad154317..d0998cc2b7f 100644
--- a/tests/wpt/web-platform-tests/css/css-images/parsing/image-resolution-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-images/parsing/image-resolution-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="image-resolution supports only the grammar '[ from-image || <resolution> ] && snap?'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-images/parsing/image-resolution-valid.html b/tests/wpt/web-platform-tests/css/css-images/parsing/image-resolution-valid.html
index 9317902c822..6ee676f429f 100644
--- a/tests/wpt/web-platform-tests/css/css-images/parsing/image-resolution-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-images/parsing/image-resolution-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="image-resolution supports the full grammar '[ from-image || <resolution> ] && snap?'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-images/parsing/object-fit-invalid.html b/tests/wpt/web-platform-tests/css/css-images/parsing/object-fit-invalid.html
index e4a298b91a3..26841d4be7e 100644
--- a/tests/wpt/web-platform-tests/css/css-images/parsing/object-fit-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-images/parsing/object-fit-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="object-fit supports only the grammar 'fill | none | [contain | cover] || scale-down'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-images/parsing/object-fit-valid.html b/tests/wpt/web-platform-tests/css/css-images/parsing/object-fit-valid.html
index 0f73cfe256c..50ea7254b0b 100644
--- a/tests/wpt/web-platform-tests/css/css-images/parsing/object-fit-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-images/parsing/object-fit-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="object-fit supports the full grammar 'fill | none | [contain | cover] || scale-down'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-images/parsing/object-position-invalid.html b/tests/wpt/web-platform-tests/css/css-images/parsing/object-position-invalid.html
index 87de7b9231a..d722f1a1af9 100644
--- a/tests/wpt/web-platform-tests/css/css-images/parsing/object-position-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-images/parsing/object-position-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="object-position supports only the '<position>' grammar.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-images/parsing/object-position-valid.html b/tests/wpt/web-platform-tests/css/css-images/parsing/object-position-valid.html
index f78f67e6326..7121cc42021 100644
--- a/tests/wpt/web-platform-tests/css/css-images/parsing/object-position-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-images/parsing/object-position-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="object-position supports the full '<position>' grammar.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-images/parsing/resources/parsing-testcommon.js b/tests/wpt/web-platform-tests/css/css-images/support/parsing-testcommon.js
similarity index 100%
rename from tests/wpt/web-platform-tests/css/css-images/parsing/resources/parsing-testcommon.js
rename to tests/wpt/web-platform-tests/css/css-images/support/parsing-testcommon.js
diff --git a/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-invalid.html b/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-invalid.html
index 68b67c93131..919396375a2 100644
--- a/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="clip supports only the grammar 'rect() | auto'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-path-invalid.html b/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-path-invalid.html
index 3f5940a5f87..881cbc08a64 100644
--- a/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-path-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-path-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="clip-path supports only the grammar '<clip-source> | [ <basic-shape> || <geometry-box> ] | none'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-path-valid.html b/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-path-valid.html
index d7b2785907a..fef14c97d5c 100644
--- a/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-path-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-path-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="clip-path supports the full grammar '<clip-source> | [ <basic-shape> || <geometry-box> ] | none'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-rule-invalid.html b/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-rule-invalid.html
index 10f6aeef256..50694703ce4 100644
--- a/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-rule-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-rule-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="clip-rule supports only the grammar 'nonzero | evenodd'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-rule-valid.html b/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-rule-valid.html
index db22680cb14..ca805e1fcec 100644
--- a/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-rule-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-rule-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="clip-rule supports the full grammar 'nonzero | evenodd'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-valid.html b/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-valid.html
index 34a24ea305d..95c31f7de06 100644
--- a/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-masking/parsing/clip-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="clip supports the full grammar 'rect() | auto'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-masking/parsing/resources/parsing-testcommon.js b/tests/wpt/web-platform-tests/css/css-masking/support/parsing-testcommon.js
similarity index 100%
rename from tests/wpt/web-platform-tests/css/css-masking/parsing/resources/parsing-testcommon.js
rename to tests/wpt/web-platform-tests/css/css-masking/support/parsing-testcommon.js
diff --git a/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-image-threshold-invalid.html b/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-image-threshold-invalid.html
index e3871d869b4..dcabbe6cce1 100644
--- a/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-image-threshold-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-image-threshold-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="shape-image-threshold supports only the grammar '<number>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-image-threshold-valid.html b/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-image-threshold-valid.html
index 5b77db8e507..0a71e75ba0a 100644
--- a/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-image-threshold-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-image-threshold-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="shape-image-threshold supports the full grammar '<number>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-margin-invalid.html b/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-margin-invalid.html
index 4f3b4f26fb7..ebb1938d422 100644
--- a/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-margin-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-margin-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="shape-margin supports only the grammar '<length> | <percentage>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-margin-valid.html b/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-margin-valid.html
index 68634b6b97a..f36a8eb3249 100644
--- a/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-margin-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-margin-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="shape-margin supports the full grammar '<length> | <percentage>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-outside-invalid-position.html b/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-outside-invalid-position.html
index 7d2b64b328c..90023aeaf25 100644
--- a/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-outside-invalid-position.html
+++ b/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-outside-invalid-position.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="shape-outside positions support only the '<position>' grammar.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-outside-invalid.html b/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-outside-invalid.html
index 9f541cf2930..a2a8923818e 100644
--- a/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-outside-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-outside-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="shape-outside supports only the grammar 'none | [ <basic-shape> || <shape-box> ] | <image>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-outside-valid-position.html b/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-outside-valid-position.html
index ca01b352b63..225b0156ad7 100644
--- a/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-outside-valid-position.html
+++ b/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-outside-valid-position.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="shape-outside positions support the full '<position>' grammar.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-outside-valid.html b/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-outside-valid.html
index ae0e0bfe29e..28f45353dcb 100644
--- a/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-outside-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-shapes/parsing/shape-outside-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="shape-outside supports the full grammar 'none | [ <basic-shape> || <shape-box> ] | <image>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-shapes/parsing/resources/parsing-testcommon.js b/tests/wpt/web-platform-tests/css/css-shapes/support/parsing-testcommon.js
similarity index 100%
rename from tests/wpt/web-platform-tests/css/css-shapes/parsing/resources/parsing-testcommon.js
rename to tests/wpt/web-platform-tests/css/css-shapes/support/parsing-testcommon.js
diff --git a/tests/wpt/web-platform-tests/css/css-transforms/parsing/perspective-origin-parsing-invalid.html b/tests/wpt/web-platform-tests/css/css-transforms/parsing/perspective-origin-parsing-invalid.html
index 09f2f477c16..75350cc3236 100644
--- a/tests/wpt/web-platform-tests/css/css-transforms/parsing/perspective-origin-parsing-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-transforms/parsing/perspective-origin-parsing-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="perspective-origin supports only the '<position>' grammar.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-transforms/parsing/perspective-origin-parsing-valid.html b/tests/wpt/web-platform-tests/css/css-transforms/parsing/perspective-origin-parsing-valid.html
index 8421376002a..b53a34a21d7 100644
--- a/tests/wpt/web-platform-tests/css/css-transforms/parsing/perspective-origin-parsing-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-transforms/parsing/perspective-origin-parsing-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="perspective-origin supports the full '<position>' grammar.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-transforms/parsing/rotate-parsing-invalid.html b/tests/wpt/web-platform-tests/css/css-transforms/parsing/rotate-parsing-invalid.html
index 8326db38e68..63a74e24699 100644
--- a/tests/wpt/web-platform-tests/css/css-transforms/parsing/rotate-parsing-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-transforms/parsing/rotate-parsing-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="rotate supports only the grammar 'none | <number>{3}? <angle>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-transforms/parsing/rotate-parsing-valid.html b/tests/wpt/web-platform-tests/css/css-transforms/parsing/rotate-parsing-valid.html
index b2e57495a87..789ea00ac4b 100644
--- a/tests/wpt/web-platform-tests/css/css-transforms/parsing/rotate-parsing-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-transforms/parsing/rotate-parsing-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="rotate supports the full grammar 'none | <number>{3}? <angle>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-transforms/parsing/scale-parsing-invalid.html b/tests/wpt/web-platform-tests/css/css-transforms/parsing/scale-parsing-invalid.html
index 82b47cca0bc..050171ca18c 100644
--- a/tests/wpt/web-platform-tests/css/css-transforms/parsing/scale-parsing-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-transforms/parsing/scale-parsing-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="scale supports only the grammar 'none | <number>{1,3}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-transforms/parsing/scale-parsing-valid.html b/tests/wpt/web-platform-tests/css/css-transforms/parsing/scale-parsing-valid.html
index e058f06c259..0d8783afc4d 100644
--- a/tests/wpt/web-platform-tests/css/css-transforms/parsing/scale-parsing-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-transforms/parsing/scale-parsing-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="scale supports the full grammar 'none | <number>{1,3}'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-box-invalid.html b/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-box-invalid.html
index 3af91965883..23f7ddc463e 100644
--- a/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-box-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-box-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="transform-box supports only the grammar 'content-box | border-box | fill-box | stroke-box | view-box'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-box-valid.html b/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-box-valid.html
index 742750b6677..a5d8af9537e 100644
--- a/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-box-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-box-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="transform-box supports the full grammar 'content-box | border-box | fill-box | stroke-box | view-box'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-invalid.html b/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-invalid.html
index dc81069c9e8..02c2b9570a7 100644
--- a/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="transform supports only the grammar 'none | <transform-list>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-origin-invalid.html b/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-origin-invalid.html
index dab56a04231..0adcc1f2803 100644
--- a/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-origin-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-origin-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="transform-origin supports only the grammar from spec.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-origin-valid.html b/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-origin-valid.html
index ab36024ef2b..52aa6ff9322 100644
--- a/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-origin-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-origin-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="transform-origin supports the full grammar from spec.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-valid.html b/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-valid.html
index 9a5b9c0696e..f9efaa1f710 100644
--- a/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-transforms/parsing/transform-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="transform supports the full grammar 'none | <transform-list>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-transforms/parsing/translate-parsing-invalid.html b/tests/wpt/web-platform-tests/css/css-transforms/parsing/translate-parsing-invalid.html
index d8de1f75403..e602d91bb13 100644
--- a/tests/wpt/web-platform-tests/css/css-transforms/parsing/translate-parsing-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-transforms/parsing/translate-parsing-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="translate supports only the grammar 'none | <length-percentage> [ <length-percentage> <length>? ]?'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-transforms/parsing/translate-parsing-valid.html b/tests/wpt/web-platform-tests/css/css-transforms/parsing/translate-parsing-valid.html
index b117d27ce4f..ab4f27f1019 100644
--- a/tests/wpt/web-platform-tests/css/css-transforms/parsing/translate-parsing-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-transforms/parsing/translate-parsing-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="translate supports the full grammar 'none | <length-percentage> [ <length-percentage> <length>? ]?'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-transforms/parsing/resources/parsing-testcommon.js b/tests/wpt/web-platform-tests/css/css-transforms/support/parsing-testcommon.js
similarity index 100%
rename from tests/wpt/web-platform-tests/css/css-transforms/parsing/resources/parsing-testcommon.js
rename to tests/wpt/web-platform-tests/css/css-transforms/support/parsing-testcommon.js
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/box-sizing-invalid.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/box-sizing-invalid.html
index 4ced38240f2..0b6ee8578ab 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/box-sizing-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/box-sizing-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="box-sizing supports only the grammar 'content-box | border-box'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/box-sizing-valid.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/box-sizing-valid.html
index fb60ac23bb8..68010ffe34e 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/box-sizing-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/box-sizing-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="box-sizing supports the full grammar 'content-box | border-box'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/caret-color-invalid.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/caret-color-invalid.html
index b4c9cb71e03..a980b0e25b5 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/caret-color-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/caret-color-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="caret-color supports only the grammar 'auto | <color>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/caret-color-valid.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/caret-color-valid.html
index 41cc70654da..31e1b6c5ec5 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/caret-color-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/caret-color-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="caret-color supports the full grammar 'auto | <color>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/cursor-invalid.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/cursor-invalid.html
index dda8031d309..1866b45c0ae 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/cursor-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/cursor-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="cursor supports only the grammar.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/cursor-valid.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/cursor-valid.html
index e33b82e2ddc..b16a6fe2e87 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/cursor-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/cursor-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="cursor supports the full grammar.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-color-invalid.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-color-invalid.html
index 195f55dc72b..b554c1ac611 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-color-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-color-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="outline-color supports only the grammar '<color> | invert'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-color-valid-mandatory.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-color-valid-mandatory.html
index fbe730bdae3..92f1b047d72 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-color-valid-mandatory.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-color-valid-mandatory.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="outline-color supports '<color>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-color-valid-optional.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-color-valid-optional.html
index bf12b87f219..9b82aeb5cd9 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-color-valid-optional.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-color-valid-optional.html
@@ -9,7 +9,7 @@
 <meta name="flags" content="may">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-invalid.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-invalid.html
index c56a579452f..f9aa61b89ec 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="outline supports only the grammar '<outline-color> || <outline> || <outline>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-offset-invalid.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-offset-invalid.html
index 1ee9477a111..1106e86d4bf 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-offset-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-offset-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="outline-offset supports only the grammar '<length>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-offset-valid.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-offset-valid.html
index c5e023b8e96..c0b8891d97b 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-offset-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-offset-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="outline-offset supports the full grammar '<length>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-style-invalid.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-style-invalid.html
index 2340c62d902..b93a98407aa 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-style-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-style-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="outline-style supports only the grammar 'auto | <outline-line-style>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-style-valid.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-style-valid.html
index 5adcfda7ec7..93d14a46764 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-style-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-style-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="outline-style supports the full grammar 'auto | <outline-line-style>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-valid-mandatory.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-valid-mandatory.html
index a296c989bce..f8322a45934 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-valid-mandatory.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-valid-mandatory.html
@@ -9,7 +9,7 @@
 <meta name="assert" content="outline supports the full grammar '<outline-color> || <outline> || <outline>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-valid-optional.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-valid-optional.html
index e179406cafb..44cf823ba4c 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-valid-optional.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-valid-optional.html
@@ -11,7 +11,7 @@
 <meta name="flags" content="may">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-width-invalid.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-width-invalid.html
index 07012fef225..40e4961a002 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-width-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-width-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="outline-width supports only the grammar '<border-width>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-width-valid.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-width-valid.html
index 050371246ce..db6c77c8645 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-width-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/outline-width-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="outline-width supports the full grammar '<border-width>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/resize-invalid.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/resize-invalid.html
index a56a1dbc6e2..b166c01395c 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/resize-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/resize-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="resize supports only the grammar 'none | both | horizontal | vertical'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/resize-valid.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/resize-valid.html
index 025b0e447bb..3acc9b09e6f 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/resize-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/resize-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="resize supports the full grammar 'none | both | horizontal | vertical'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/text-overflow-invalid.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/text-overflow-invalid.html
index f3945a162ec..22affb7cafa 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/text-overflow-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/text-overflow-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="text-overflow supports only the grammar 'clip | ellipsis'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/text-overflow-valid.html b/tests/wpt/web-platform-tests/css/css-ui/parsing/text-overflow-valid.html
index 3f0aaa60938..bc2a4fd8740 100644
--- a/tests/wpt/web-platform-tests/css/css-ui/parsing/text-overflow-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-ui/parsing/text-overflow-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="text-overflow supports the full grammar 'clip | ellipsis'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="support/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-ui/parsing/support/parsing-testcommon.js b/tests/wpt/web-platform-tests/css/css-ui/support/parsing-testcommon.js
similarity index 100%
rename from tests/wpt/web-platform-tests/css/css-ui/parsing/support/parsing-testcommon.js
rename to tests/wpt/web-platform-tests/css/css-ui/support/parsing-testcommon.js
diff --git a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/direction-invalid.html b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/direction-invalid.html
index a587b9fb0e0..0927ca388b7 100644
--- a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/direction-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/direction-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="direction supports only the grammar 'ltr | rtl'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/direction-valid.html b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/direction-valid.html
index 436226a9187..ca4d7bb9df9 100644
--- a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/direction-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/direction-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="direction supports the full grammar 'ltr | rtl'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/text-combine-upright-invalid.html b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/text-combine-upright-invalid.html
index 8807997de8b..08cbb967bb8 100644
--- a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/text-combine-upright-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/text-combine-upright-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="text-combine-upright supports only the grammar 'none | all'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/text-combine-upright-valid.html b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/text-combine-upright-valid.html
index f599f12bf17..bd56fb5c493 100644
--- a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/text-combine-upright-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/text-combine-upright-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="text-combine-upright supports the full grammar 'none | all'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/text-orientation-invalid.html b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/text-orientation-invalid.html
index 4461dbeea2f..118764d6c5f 100644
--- a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/text-orientation-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/text-orientation-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="text-orientation supports only the grammar 'mixed | upright | sideways'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/text-orientation-valid.html b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/text-orientation-valid.html
index f6304fd4d8a..2f2b6625505 100644
--- a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/text-orientation-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/text-orientation-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="text-orientation supports the full grammar 'mixed | upright | sideways'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/unicode-bidi-invalid.html b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/unicode-bidi-invalid.html
index 10907cbe931..de7cb6d20f7 100644
--- a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/unicode-bidi-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/unicode-bidi-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="unicode-bidi supports only the grammar 'normal | embed | isolate | bidi-override | isolate-override | plaintext'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/unicode-bidi-valid.html b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/unicode-bidi-valid.html
index 49c42345a36..97a3d59c9ac 100644
--- a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/unicode-bidi-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/unicode-bidi-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="unicode-bidi supports the full grammar 'normal | embed | isolate | bidi-override | isolate-override | plaintext'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/writing-mode-invalid.html b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/writing-mode-invalid.html
index 7b36e47cc56..6a512a71834 100644
--- a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/writing-mode-invalid.html
+++ b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/writing-mode-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="writing-mode supports only the grammar 'horizontal-tb | vertical-rl | vertical-lr'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/writing-mode-valid.html b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/writing-mode-valid.html
index 4264e3840db..4fd856ae9dd 100644
--- a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/writing-mode-valid.html
+++ b/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/writing-mode-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="writing-mode supports the full grammar 'horizontal-tb | vertical-rl | vertical-lr'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/css-writing-modes/parsing/resources/parsing-testcommon.js b/tests/wpt/web-platform-tests/css/css-writing-modes/support/parsing-testcommon.js
similarity index 100%
rename from tests/wpt/web-platform-tests/css/css-writing-modes/parsing/resources/parsing-testcommon.js
rename to tests/wpt/web-platform-tests/css/css-writing-modes/support/parsing-testcommon.js
diff --git a/tests/wpt/web-platform-tests/css/filter-effects/parsing/color-interpolation-filters-parsing-invalid.html b/tests/wpt/web-platform-tests/css/filter-effects/parsing/color-interpolation-filters-parsing-invalid.html
index 3aca3734eaa..d07f195d626 100644
--- a/tests/wpt/web-platform-tests/css/filter-effects/parsing/color-interpolation-filters-parsing-invalid.html
+++ b/tests/wpt/web-platform-tests/css/filter-effects/parsing/color-interpolation-filters-parsing-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="color-interpolation-filters supports only the grammar 'auto | sRGB | linearRGB'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/filter-effects/parsing/color-interpolation-filters-parsing-valid.html b/tests/wpt/web-platform-tests/css/filter-effects/parsing/color-interpolation-filters-parsing-valid.html
index d2e89a36258..68313d8db7f 100644
--- a/tests/wpt/web-platform-tests/css/filter-effects/parsing/color-interpolation-filters-parsing-valid.html
+++ b/tests/wpt/web-platform-tests/css/filter-effects/parsing/color-interpolation-filters-parsing-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="color-interpolation-filters supports the full grammar 'auto | sRGB | linearRGB'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/filter-effects/parsing/filter-parsing-invalid.html b/tests/wpt/web-platform-tests/css/filter-effects/parsing/filter-parsing-invalid.html
index 30ebf6764f5..f89f45628ce 100644
--- a/tests/wpt/web-platform-tests/css/filter-effects/parsing/filter-parsing-invalid.html
+++ b/tests/wpt/web-platform-tests/css/filter-effects/parsing/filter-parsing-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="filter supports only the grammar 'none | <filter-function-list>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/filter-effects/parsing/filter-parsing-valid.html b/tests/wpt/web-platform-tests/css/filter-effects/parsing/filter-parsing-valid.html
index 773b1101138..3de19c023cf 100644
--- a/tests/wpt/web-platform-tests/css/filter-effects/parsing/filter-parsing-valid.html
+++ b/tests/wpt/web-platform-tests/css/filter-effects/parsing/filter-parsing-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="filter supports the full grammar 'none | <filter-function-list>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/filter-effects/parsing/lighting-color-parsing-invalid.html b/tests/wpt/web-platform-tests/css/filter-effects/parsing/lighting-color-parsing-invalid.html
index b74888ee9f8..0711cdd4cf3 100644
--- a/tests/wpt/web-platform-tests/css/filter-effects/parsing/lighting-color-parsing-invalid.html
+++ b/tests/wpt/web-platform-tests/css/filter-effects/parsing/lighting-color-parsing-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="lighting-color supports only the grammar 'auto | sRGB | linearRGB'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/filter-effects/parsing/lighting-color-parsing-valid.html b/tests/wpt/web-platform-tests/css/filter-effects/parsing/lighting-color-parsing-valid.html
index 1a3202536ce..495ddc5f8f6 100644
--- a/tests/wpt/web-platform-tests/css/filter-effects/parsing/lighting-color-parsing-valid.html
+++ b/tests/wpt/web-platform-tests/css/filter-effects/parsing/lighting-color-parsing-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="lighting-color supports the full grammar 'auto | sRGB | linearRGB'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/filter-effects/parsing/resources/parsing-testcommon.js b/tests/wpt/web-platform-tests/css/filter-effects/support/parsing-testcommon.js
similarity index 100%
rename from tests/wpt/web-platform-tests/css/filter-effects/parsing/resources/parsing-testcommon.js
rename to tests/wpt/web-platform-tests/css/filter-effects/support/parsing-testcommon.js
diff --git a/tests/wpt/web-platform-tests/css/motion/parsing/offset-anchor-parsing-invalid.html b/tests/wpt/web-platform-tests/css/motion/parsing/offset-anchor-parsing-invalid.html
index 39c3eb1e6b5..45917c1b818 100644
--- a/tests/wpt/web-platform-tests/css/motion/parsing/offset-anchor-parsing-invalid.html
+++ b/tests/wpt/web-platform-tests/css/motion/parsing/offset-anchor-parsing-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="offset-anchor supports only the grammar 'auto | <position>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/motion/parsing/offset-anchor-parsing-valid.html b/tests/wpt/web-platform-tests/css/motion/parsing/offset-anchor-parsing-valid.html
index 5bb10bb8361..30101061b5c 100644
--- a/tests/wpt/web-platform-tests/css/motion/parsing/offset-anchor-parsing-valid.html
+++ b/tests/wpt/web-platform-tests/css/motion/parsing/offset-anchor-parsing-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="offset-anchor supports the full grammar 'auto | <position>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/motion/parsing/offset-distance-parsing-invalid.html b/tests/wpt/web-platform-tests/css/motion/parsing/offset-distance-parsing-invalid.html
index 5fbbe8ebe04..1cbb27fe536 100644
--- a/tests/wpt/web-platform-tests/css/motion/parsing/offset-distance-parsing-invalid.html
+++ b/tests/wpt/web-platform-tests/css/motion/parsing/offset-distance-parsing-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="offset-distance supports only the grammar '<length-percentage>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/motion/parsing/offset-distance-parsing-valid.html b/tests/wpt/web-platform-tests/css/motion/parsing/offset-distance-parsing-valid.html
index 4fe67558283..56569c8e022 100644
--- a/tests/wpt/web-platform-tests/css/motion/parsing/offset-distance-parsing-valid.html
+++ b/tests/wpt/web-platform-tests/css/motion/parsing/offset-distance-parsing-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="offset-distance supports the full grammar '<length-percentage>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/motion/parsing/offset-parsing-invalid.html b/tests/wpt/web-platform-tests/css/motion/parsing/offset-parsing-invalid.html
index 54298acb8dd..343d22e46b4 100644
--- a/tests/wpt/web-platform-tests/css/motion/parsing/offset-parsing-invalid.html
+++ b/tests/wpt/web-platform-tests/css/motion/parsing/offset-parsing-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="offset supports only the grammar from the spec.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/motion/parsing/offset-parsing-valid.html b/tests/wpt/web-platform-tests/css/motion/parsing/offset-parsing-valid.html
index c7a4e645991..b645199f3a1 100644
--- a/tests/wpt/web-platform-tests/css/motion/parsing/offset-parsing-valid.html
+++ b/tests/wpt/web-platform-tests/css/motion/parsing/offset-parsing-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="offset supports the full grammar from the spec.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/motion/parsing/offset-path-parsing-invalid.html b/tests/wpt/web-platform-tests/css/motion/parsing/offset-path-parsing-invalid.html
index 95bce0620d4..c0a32486922 100644
--- a/tests/wpt/web-platform-tests/css/motion/parsing/offset-path-parsing-invalid.html
+++ b/tests/wpt/web-platform-tests/css/motion/parsing/offset-path-parsing-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="offset-path supports only the grammar from the spec.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/motion/parsing/offset-path-parsing-valid.html b/tests/wpt/web-platform-tests/css/motion/parsing/offset-path-parsing-valid.html
index 429abb9c60a..c1e229e1a05 100644
--- a/tests/wpt/web-platform-tests/css/motion/parsing/offset-path-parsing-valid.html
+++ b/tests/wpt/web-platform-tests/css/motion/parsing/offset-path-parsing-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="offset-path supports the full grammar from the spec.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/motion/parsing/offset-position-parsing-invalid.html b/tests/wpt/web-platform-tests/css/motion/parsing/offset-position-parsing-invalid.html
index c008eff0945..42370d44a38 100644
--- a/tests/wpt/web-platform-tests/css/motion/parsing/offset-position-parsing-invalid.html
+++ b/tests/wpt/web-platform-tests/css/motion/parsing/offset-position-parsing-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="offset-position supports only the grammar 'auto | <position>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/motion/parsing/offset-position-parsing-valid.html b/tests/wpt/web-platform-tests/css/motion/parsing/offset-position-parsing-valid.html
index 984e79c87a9..3cf235cc855 100644
--- a/tests/wpt/web-platform-tests/css/motion/parsing/offset-position-parsing-valid.html
+++ b/tests/wpt/web-platform-tests/css/motion/parsing/offset-position-parsing-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="offset-position supports the full grammar 'auto | <position>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/motion/parsing/offset-rotate-parsing-invalid.html b/tests/wpt/web-platform-tests/css/motion/parsing/offset-rotate-parsing-invalid.html
index f69ccfc3ca7..591189acb05 100644
--- a/tests/wpt/web-platform-tests/css/motion/parsing/offset-rotate-parsing-invalid.html
+++ b/tests/wpt/web-platform-tests/css/motion/parsing/offset-rotate-parsing-invalid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="offset-rotate supports only the grammar '[ auto | reverse ] || <angle>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/motion/parsing/offset-rotate-parsing-valid.html b/tests/wpt/web-platform-tests/css/motion/parsing/offset-rotate-parsing-valid.html
index 18eb8203ec7..f481ec8971d 100644
--- a/tests/wpt/web-platform-tests/css/motion/parsing/offset-rotate-parsing-valid.html
+++ b/tests/wpt/web-platform-tests/css/motion/parsing/offset-rotate-parsing-valid.html
@@ -8,7 +8,7 @@
 <meta name="assert" content="offset-rotate supports the full grammar '[ auto | reverse ] || <angle>'.">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
-<script src="resources/parsing-testcommon.js"></script>
+<script src="../support/parsing-testcommon.js"></script>
 </head>
 <body>
 <script>
diff --git a/tests/wpt/web-platform-tests/css/motion/parsing/resources/parsing-testcommon.js b/tests/wpt/web-platform-tests/css/motion/support/parsing-testcommon.js
similarity index 100%
rename from tests/wpt/web-platform-tests/css/motion/parsing/resources/parsing-testcommon.js
rename to tests/wpt/web-platform-tests/css/motion/support/parsing-testcommon.js
diff --git a/tests/wpt/web-platform-tests/css/selectors/scope-selector.html b/tests/wpt/web-platform-tests/css/selectors/scope-selector.html
new file mode 100644
index 00000000000..bda0aed602a
--- /dev/null
+++ b/tests/wpt/web-platform-tests/css/selectors/scope-selector.html
@@ -0,0 +1,34 @@
+<!doctype html>
+<link rel='help' href='https://drafts.csswg.org/selectors-4/#the-scope-pseudo'>
+<meta name='description' content=':scope should match when context object is a shadow root'>
+<script src='/resources/testharness.js'></script>
+<script src='/resources/testharnessreport.js'></script>
+<div id='shadowHost'></div>
+<script>
+'use strict'
+  const shadowRoot = shadowHost.attachShadow({mode:'open'})
+  shadowRoot.innerHTML = '<div class="div" id="external_div">Shadow Element<div id="nesteddiv">nested</div></div>';
+
+test(() => {
+  assert_equals(shadowRoot.firstChild.querySelectorAll(':scope >  div').length, 1, 'should get the number of direct children of external_div');
+  assert_equals(shadowRoot.firstChild.querySelector(':scope > div'), shadowRoot.getElementById("nesteddiv"), 'should get the first direct child of external_div');
+  assert_equals(shadowRoot.firstChild.querySelector(':scope > div').innerHTML, 'nested', 'should get the text in nesteddiv');
+}, 'scope selector works in shadowRoot.firstChild')
+
+test(() => {
+  assert_equals(shadowRoot.querySelector(':scope > div'), shadowRoot.getElementById('external_div'), 'should get the direct child of shadowRoot');
+  assert_equals(shadowRoot.querySelectorAll(':scope > div').length, 1, 'should get the number of direct div children of shadowRoot');
+}, 'Selecting direct child of shadow root with :scope should work')
+
+test(() => {
+  assert_equals(shadowRoot.querySelector(':scope div'), shadowRoot.getElementById('external_div'), 'should get the first div descendant of shadowRoot');
+  assert_equals(shadowRoot.querySelectorAll(':scope div').length, 2, 'should get the number of the div descendants of shadowRoot');
+}, 'Selecting descendants of shadow root with :scope should work')
+
+test(() => {
+  assert_equals(shadowRoot.firstChild.querySelector(':scope'), null, 'should return null');
+  assert_equals(shadowRoot.querySelector(':scope'), null, 'should return null');
+  assert_equals(shadowRoot.querySelectorAll(':scope').length, 0, 'should return 0');
+}, 'querySelector() with ":scope" should return null, whether the context object is an element or a shadow root')
+
+</script>
diff --git a/tests/wpt/web-platform-tests/css/support/parsing-testcommon.js b/tests/wpt/web-platform-tests/css/support/parsing-testcommon.js
new file mode 100644
index 00000000000..b075882f89a
--- /dev/null
+++ b/tests/wpt/web-platform-tests/css/support/parsing-testcommon.js
@@ -0,0 +1,39 @@
+'use strict';
+
+// serializedValue can be the expected serialization of value,
+// or an array of permitted serializations,
+// or omitted if value should serialize as value.
+function test_valid_value(property, value, serializedValue) {
+    if (arguments.length < 3)
+        serializedValue = value;
+
+    var stringifiedValue = JSON.stringify(value);
+
+    test(function(){
+        var div = document.createElement('div');
+        div.style[property] = value;
+        assert_not_equals(div.style.getPropertyValue(property), "", "property should be set");
+
+        var div = document.createElement('div');
+        div.style[property] = value;
+        var readValue = div.style.getPropertyValue(property);
+        if (serializedValue instanceof Array)
+            assert_in_array(readValue, serializedValue, "serialization should be sound");
+        else
+            assert_equals(readValue, serializedValue, "serialization should be canonical");
+
+        div.style[property] = readValue;
+        assert_equals(div.style.getPropertyValue(property), readValue, "serialization should round-trip");
+
+    }, "e.style['" + property + "'] = " + stringifiedValue + " should set the property value");
+}
+
+function test_invalid_value(property, value) {
+    var stringifiedValue = JSON.stringify(value);
+
+    test(function(){
+        var div = document.createElement('div');
+        div.style[property] = value;
+        assert_equals(div.style.getPropertyValue(property), "");
+    }, "e.style['" + property + "'] = " + stringifiedValue + " should not set the property value");
+}
diff --git a/tests/wpt/web-platform-tests/feature-policy/idlharness.window.js b/tests/wpt/web-platform-tests/feature-policy/idlharness.window.js
new file mode 100644
index 00000000000..fb17cab982a
--- /dev/null
+++ b/tests/wpt/web-platform-tests/feature-policy/idlharness.window.js
@@ -0,0 +1,18 @@
+// META: script=/resources/WebIDLParser.js
+// META: script=/resources/idlharness.js
+
+"use strict";
+
+// https://wicg.github.io/feature-policy/
+
+idl_test(
+  ['feature-policy'],
+  ['reporting', 'html', 'dom'],
+  idl_array => {
+    idl_array.add_objects({
+      Document: ['document'],
+      HTMLIframeElement: ['document.createElement("iframe")'],
+      Policy: ['document.policy'],
+    })
+  }
+);
diff --git a/tests/wpt/web-platform-tests/feature-policy/interfaces.any.js b/tests/wpt/web-platform-tests/feature-policy/interfaces.any.js
deleted file mode 100644
index baebc2ff0c8..00000000000
--- a/tests/wpt/web-platform-tests/feature-policy/interfaces.any.js
+++ /dev/null
@@ -1,23 +0,0 @@
-// META: script=/resources/WebIDLParser.js
-// META: script=/resources/idlharness.js
-
-"use strict";
-
-// https://wicg.github.io/feature-policy/
-
-var idlArray = new IdlArray();
-
-function doTest(idl) {
-  idlArray.add_untested_idls("interface HTMLIFrameElement {};");
-  idlArray.add_idls(idl);
-  idlArray.add_objects({
-    HTMLIframeElement: ['document.createElement("iframe")'],
-  })
-  idlArray.test();
-  done();
-}
-
-promise_test(function () {
-  return fetch("/interfaces/feature-policy.idl").then(response => response.text())
-    .then(doTest);
-}, "Test interfaces");
diff --git a/tests/wpt/web-platform-tests/html/semantics/embedded-content/the-iframe-element/src-repeated-in-ancestor.html b/tests/wpt/web-platform-tests/html/semantics/embedded-content/the-iframe-element/src-repeated-in-ancestor.html
new file mode 100644
index 00000000000..2f77dfe164d
--- /dev/null
+++ b/tests/wpt/web-platform-tests/html/semantics/embedded-content/the-iframe-element/src-repeated-in-ancestor.html
@@ -0,0 +1,138 @@
+<!doctype html>
+<meta charset="utf-8">
+<title>Navigation should not occur when `src` matches the location of a anscestor browsing context</title>
+<script>
+// Avoid recursion in non-conforming browsers
+if (parent !== window && parent.title == window.title) {
+  window.stop();
+}
+</script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body>
+<script>
+/**
+ * This test uses the `beforeunload` event to detect navigation. Because that
+ * event is fired synchronously in response to "process the iframe attributes",
+ * a second "control" iframe may be used to verify cases where navigation
+ * should *not* occur. `Promise.race` ensures that tests complete as soon as
+ * possible.
+ *
+ * Although the specification dictates that the `beforeunload` event must be
+ * emitted synchronously during navigation, a number of user agents do not
+ * adhere to this requirement. WPT includes a dedicated test for synchronous
+ * emission of the event [1]. This test is authored to support non-standard
+ * behavior in order to avoid spuriously passing in those UAs.
+ *
+ * [1] https://github.com/web-platform-tests/wpt/pull/12343
+ */
+'use strict';
+
+function when(target, eventName) {
+  return new Promise(function(resolve, reject) {
+    target.addEventListener(eventName, function() {
+      resolve();
+    }, { once: true });
+    target.addEventListener('error', function() {
+      reject(new Error('Error while waiting for ' + eventName));
+    }, { once: true });
+  });
+}
+
+function init(doc, t) {
+  var iframes = [doc.createElement('iframe'), doc.createElement('iframe')];
+
+  iframes.forEach(function(iframe) {
+    iframe.src = '/common/blank.html';
+    doc.body.appendChild(iframe);
+
+    t.add_cleanup(function() {
+      iframe.parentNode.removeChild(iframe);
+    });
+  });
+
+  return Promise.all([when(iframes[0], 'load'), when(iframes[1], 'load')])
+    .then(function() { return iframes; });
+}
+
+// This test verifies that navigation does occur; it is intended to validate
+// the utility functions.
+promise_test(function(t) {
+  return init(document, t)
+    .then(function(iframes) {
+      var subjectNavigation = when(iframes[0].contentWindow, 'beforeunload');
+      var controlNavigation = when(iframes[1].contentWindow, 'beforeunload');
+
+      iframes[0].src = '/common/blank.html?2';
+      iframes[1].src = '/common/blank.html?3';
+
+      return Promise.all([subjectNavigation, controlNavigation]);
+    });
+}, 'different path name');
+
+promise_test(function(t) {
+  return init(document, t)
+    .then(function(iframes) {
+      var subjectNavigation = when(iframes[0].contentWindow, 'beforeunload');
+      var controlNavigation = when(iframes[1].contentWindow, 'beforeunload');
+
+      iframes[0].src = location.href;
+      iframes[1].src = '/common/blank.html?4';
+
+      return Promise.race([
+        subjectNavigation.then(function() {
+          assert_unreached('Should not navigate');
+        }),
+        controlNavigation
+      ]);
+    });
+}, 'same path name, no document fragment');
+
+promise_test(function(t) {
+  return init(document, t)
+    .then(function(iframes) {
+      var subjectNavigation = when(iframes[0].contentWindow, 'beforeunload');
+      var controlNavigation = when(iframes[1].contentWindow, 'beforeunload');
+
+      iframes[0].src = location.href + '#something-else';
+      iframes[1].src = '/common/blank.html?5';
+
+      return Promise.race([
+        subjectNavigation.then(function() {
+          assert_unreached('Should not navigate');
+        }),
+        controlNavigation
+      ]);
+    });
+}, 'same path name, different document fragment');
+
+promise_test(function(t) {
+  var intermediate = document.createElement('iframe');
+
+  document.body.appendChild(intermediate);
+
+  t.add_cleanup(function() {
+    intermediate.parentNode.removeChild(intermediate);
+  });
+  intermediate.contentDocument.open();
+  intermediate.contentDocument.write('<body></body>');
+  intermediate.contentDocument.close();
+
+  return init(intermediate.contentDocument, t)
+    .then(function(iframes) {
+      var subjectNavigation = when(iframes[0].contentWindow, 'beforeunload');
+      var controlNavigation = when(iframes[1].contentWindow, 'beforeunload');
+
+      iframes[0].src = location.href;
+      iframes[1].src = '/common/blank.html?6';
+
+      return Promise.race([
+        subjectNavigation.then(function() {
+          assert_unreached('Should not navigate');
+        }),
+        controlNavigation
+      ]);
+    });
+}, 'same path name, no document fragement (intermediary browsing context)');
+</script>
+</body>
diff --git a/tests/wpt/web-platform-tests/interfaces/feature-policy.idl b/tests/wpt/web-platform-tests/interfaces/feature-policy.idl
index 34d92778624..de2f0464683 100644
--- a/tests/wpt/web-platform-tests/interfaces/feature-policy.idl
+++ b/tests/wpt/web-platform-tests/interfaces/feature-policy.idl
@@ -1,8 +1,27 @@
 // GENERATED CONTENT - DO NOT EDIT
-// Content of this file was automatically extracted from the
-// "Feature Policy" spec.
-// See: https://wicg.github.io/feature-policy/
+// Content was automatically extracted by Reffy into reffy-reports
+// (https://github.com/tidoust/reffy-reports)
+// Source: Feature Policy (https://wicg.github.io/feature-policy/)
+
+[NoInterfaceObject]
+interface Policy {
+  boolean allowsFeature(DOMString feature, optional DOMString origin);
+  sequence<DOMString> allowedFeatures();
+  sequence<DOMString> getAllowlistForFeature(DOMString feature);
+};
+
+partial interface Document {
+    [SameObject] readonly attribute Policy policy;
+};
 
 partial interface HTMLIFrameElement {
-    [CEReactions] attribute DOMString allow;
+    [SameObject] readonly attribute Policy policy;
+};
+interface FeaturePolicyViolationReportBody : ReportBody {
+  readonly attribute DOMString featureId;
+  readonly attribute DOMString message;
+  readonly attribute DOMString? sourceFile;
+  readonly attribute long? lineNumber;
+  readonly attribute long? columnNumber;
+  readonly attribute DOMString disposition;
 };
diff --git a/tests/wpt/web-platform-tests/interfaces/reporting.idl b/tests/wpt/web-platform-tests/interfaces/reporting.idl
new file mode 100644
index 00000000000..e9800365c4c
--- /dev/null
+++ b/tests/wpt/web-platform-tests/interfaces/reporting.idl
@@ -0,0 +1,56 @@
+// GENERATED CONTENT - DO NOT EDIT
+// Content was automatically extracted by Reffy into reffy-reports
+// (https://github.com/tidoust/reffy-reports)
+// Source: Reporting API 1 (https://w3c.github.io/reporting/)
+
+interface ReportBody {
+};
+
+interface Report {
+  readonly attribute DOMString type;
+  readonly attribute DOMString url;
+  readonly attribute ReportBody? body;
+};
+
+[Constructor(ReportingObserverCallback callback, optional ReportingObserverOptions options)]
+interface ReportingObserver {
+  void observe();
+  void disconnect();
+  ReportList takeRecords();
+};
+
+callback ReportingObserverCallback = void (sequence<Report> reports, ReportingObserver observer);
+
+dictionary ReportingObserverOptions {
+  sequence<DOMString> types;
+  boolean buffered = false;
+};
+
+typedef sequence<Report> ReportList;
+
+interface DeprecationReportBody : ReportBody {
+  readonly attribute DOMString id;
+  readonly attribute Date? anticipatedRemoval;
+  readonly attribute DOMString message;
+  readonly attribute DOMString? sourceFile;
+  readonly attribute unsigned long? lineNumber;
+  readonly attribute unsigned long? columnNumber;
+};
+
+interface InterventionReportBody : ReportBody {
+  readonly attribute DOMString id;
+  readonly attribute DOMString message;
+  readonly attribute DOMString? sourceFile;
+  readonly attribute unsigned long? lineNumber;
+  readonly attribute unsigned long? columnNumber;
+};
+
+interface CrashReportBody : ReportBody {
+  readonly attribute DOMString crashId;
+  readonly attribute DOMString? reason;
+};
+
+dictionary GenerateTestReportParameters {
+  required DOMString message;
+  DOMString group;
+};
diff --git a/tests/wpt/web-platform-tests/interfaces/web-animations.idl b/tests/wpt/web-platform-tests/interfaces/web-animations.idl
index 2e66d6fd5a2..7dce1002e66 100644
--- a/tests/wpt/web-platform-tests/interfaces/web-animations.idl
+++ b/tests/wpt/web-platform-tests/interfaces/web-animations.idl
@@ -98,22 +98,22 @@ interface KeyframeEffect : AnimationEffect {
 };
 
 dictionary BaseComputedKeyframe {
-     double?             offset = null;
-     double              computedOffset;
-     DOMString           easing = "linear";
-     CompositeOperation? composite = null;
+     double?                  offset = null;
+     double                   computedOffset;
+     DOMString                easing = "linear";
+     CompositeOperationOrAuto composite = "auto";
 };
 
 dictionary BasePropertyIndexedKeyframe {
     (double? or sequence<double?>)                         offset = [];
     (DOMString or sequence<DOMString>)                     easing = [];
-    (CompositeOperation? or sequence<CompositeOperation?>) composite = [];
+    (CompositeOperationOrAuto or sequence<CompositeOperationOrAuto>) composite = [];
 };
 
 dictionary BaseKeyframe {
-    double?             offset = null;
-    DOMString           easing = "linear";
-    CompositeOperation? composite = null;
+    double?                  offset = null;
+    DOMString                easing = "linear";
+    CompositeOperationOrAuto composite = "auto";
 };
 
 dictionary KeyframeEffectOptions : EffectTiming {
@@ -125,6 +125,8 @@ enum IterationCompositeOperation {"replace", "accumulate"};
 
 enum CompositeOperation {"replace", "add", "accumulate"};
 
+enum CompositeOperationOrAuto {"replace", "add", "accumulate", "auto"};
+
 interface mixin Animatable {
     Animation           animate (object? keyframes,
                                  optional (unrestricted double or KeyframeAnimationOptions) options);
diff --git a/tests/wpt/web-platform-tests/interfaces/webgl1.idl b/tests/wpt/web-platform-tests/interfaces/webgl1.idl
index fce2cdf0328..bab7d421da0 100644
--- a/tests/wpt/web-platform-tests/interfaces/webgl1.idl
+++ b/tests/wpt/web-platform-tests/interfaces/webgl1.idl
@@ -1,7 +1,7 @@
 // GENERATED CONTENT - DO NOT EDIT
-// Content of this file was automatically extracted from the
-// "WebGL Specification" spec.
-// See: https://www.khronos.org/registry/webgl/specs/latest/1.0/
+// Content was automatically extracted by Reffy into reffy-reports
+// (https://github.com/tidoust/reffy-reports)
+// Source: WebGL Specification (https://www.khronos.org/registry/webgl/specs/latest/1.0/)
 
 typedef unsigned long  GLenum;
 typedef boolean        GLboolean;
@@ -34,36 +34,46 @@ dictionary WebGLContextAttributes {
     GLboolean failIfMajorPerformanceCaveat = false;
 };
 
+[Exposed=(Window,Worker)]
 interface WebGLObject {
 };
 
+[Exposed=(Window,Worker)]
 interface WebGLBuffer : WebGLObject {
 };
 
+[Exposed=(Window,Worker)]
 interface WebGLFramebuffer : WebGLObject {
 };
 
+[Exposed=(Window,Worker)]
 interface WebGLProgram : WebGLObject {
 };
 
+[Exposed=(Window,Worker)]
 interface WebGLRenderbuffer : WebGLObject {
 };
 
+[Exposed=(Window,Worker)]
 interface WebGLShader : WebGLObject {
 };
 
+[Exposed=(Window,Worker)]
 interface WebGLTexture : WebGLObject {
 };
 
+[Exposed=(Window,Worker)]
 interface WebGLUniformLocation {
 };
 
+[Exposed=(Window,Worker)]
 interface WebGLActiveInfo {
     readonly attribute GLint size;
     readonly attribute GLenum type;
     readonly attribute DOMString name;
 };
 
+[Exposed=(Window,Worker)]
 interface WebGLShaderPrecisionFormat {
     readonly attribute GLint rangeMin;
     readonly attribute GLint rangeMax;
@@ -500,7 +510,7 @@ interface mixin WebGLRenderingContextBase
     const GLenum UNPACK_COLORSPACE_CONVERSION_WEBGL = 0x9243;
     const GLenum BROWSER_DEFAULT_WEBGL          = 0x9244;
 
-    readonly attribute HTMLCanvasElement canvas;
+    [Exposed=Window] readonly attribute HTMLCanvasElement canvas;
     readonly attribute GLsizei drawingBufferWidth;
     readonly attribute GLsizei drawingBufferHeight;
 
@@ -708,12 +718,15 @@ interface mixin WebGLRenderingContextBase
     void viewport(GLint x, GLint y, GLsizei width, GLsizei height);
 };
 
+[Exposed=(Window,Worker)]
 interface WebGLRenderingContext
 {
 };
 WebGLRenderingContext includes WebGLRenderingContextBase;
 
-[Constructor(DOMString type, optional WebGLContextEventInit eventInit)]
+[Exposed=(Window,Worker),
+ Constructor(DOMString type,
+ optional WebGLContextEventInit eventInit)]
 interface WebGLContextEvent : Event {
     readonly attribute DOMString statusMessage;
 };
diff --git a/tests/wpt/web-platform-tests/interfaces/webgl2.idl b/tests/wpt/web-platform-tests/interfaces/webgl2.idl
index b8f5b23bf65..11d0d8c2a3b 100644
--- a/tests/wpt/web-platform-tests/interfaces/webgl2.idl
+++ b/tests/wpt/web-platform-tests/interfaces/webgl2.idl
@@ -1,23 +1,28 @@
 // GENERATED CONTENT - DO NOT EDIT
-// Content of this file was automatically extracted from the
-// "WebGL 2.0 Specification" spec.
-// See: https://www.khronos.org/registry/webgl/specs/latest/2.0/
+// Content was automatically extracted by Reffy into reffy-reports
+// (https://github.com/tidoust/reffy-reports)
+// Source: WebGL 2.0 Specification (https://www.khronos.org/registry/webgl/specs/latest/2.0/)
 
 typedef long long GLint64;
 typedef unsigned long long GLuint64;
 
+[Exposed=(Window,Worker)]
 interface WebGLQuery : WebGLObject {
 };
 
+[Exposed=(Window,Worker)]
 interface WebGLSampler : WebGLObject {
 };
 
+[Exposed=(Window,Worker)]
 interface WebGLSync : WebGLObject {
 };
 
+[Exposed=(Window,Worker)]
 interface WebGLTransformFeedback : WebGLObject {
 };
 
+[Exposed=(Window,Worker)]
 interface WebGLVertexArrayObject : WebGLObject {
 };
 
@@ -567,6 +572,7 @@ interface mixin WebGL2RenderingContextBase
   void bindVertexArray(WebGLVertexArrayObject? array);
 };
 
+[Exposed=(Window,Worker)]
 interface WebGL2RenderingContext
 {
 };
diff --git a/tests/wpt/web-platform-tests/notifications/idlharness.https.any.js b/tests/wpt/web-platform-tests/notifications/idlharness.https.any.js
index e2907f31837..0b9a71ba85a 100644
--- a/tests/wpt/web-platform-tests/notifications/idlharness.https.any.js
+++ b/tests/wpt/web-platform-tests/notifications/idlharness.https.any.js
@@ -10,18 +10,22 @@ idl_test(
   ['notifications'],
   ['service-workers', 'html', 'dom'],
   idl_array => {
-    idl_array.add_objects({
-      Notification: ['notification'],
-    });
     if (self.ServiceWorkerGlobalScope) {
       idl_array.add_objects({
-        NotificationEvent: ['notificationEvent'],
         ServiceWorkerGlobalScope: ['self'],
       });
-    }
-    self.notification = new Notification("Running idlharness.");
-    if (self.ServiceWorkerGlobalScope) {
-      self.notificationEvent = new NotificationEvent("type", { notification: notification });
+      // NotificationEvent could be tested here, but the constructor requires
+      // a Notification instance which cannot be created in a service worker,
+      // see below.
+    } else {
+      // While the Notification interface is exposed in service workers, the
+      // constructor (https://notifications.spec.whatwg.org/#dom-notification-notification)
+      // is defined to throw a TypeError. Therefore, we only add the object in
+      // the other scopes.
+      idl_array.add_objects({
+        Notification: ['notification'],
+      });
+      self.notification = new Notification('title');
     }
   }
 );
diff --git a/tests/wpt/web-platform-tests/reporting/META.yml b/tests/wpt/web-platform-tests/reporting/META.yml
new file mode 100644
index 00000000000..980823f59f7
--- /dev/null
+++ b/tests/wpt/web-platform-tests/reporting/META.yml
@@ -0,0 +1,5 @@
+spec: https://w3c.github.io/reporting/
+suggested_reviewers:
+  - dcreager
+  - igrigorik
+  - paulmeyer90
diff --git a/tests/wpt/web-platform-tests/reporting/idlharness.window.js b/tests/wpt/web-platform-tests/reporting/idlharness.window.js
new file mode 100644
index 00000000000..17cef818359
--- /dev/null
+++ b/tests/wpt/web-platform-tests/reporting/idlharness.window.js
@@ -0,0 +1,14 @@
+// META: script=/resources/WebIDLParser.js
+// META: script=/resources/idlharness.js
+
+'use strict';
+
+idl_test(
+  ['reporting'],
+  [],
+  idl_array => {
+    idl_array.add_objects({
+      // TODO: objects
+    });
+  }
+);
diff --git a/tests/wpt/web-platform-tests/resources/chromium/webxr-test.js b/tests/wpt/web-platform-tests/resources/chromium/webxr-test.js
index d760e7c76d3..10ed703e01b 100644
--- a/tests/wpt/web-platform-tests/resources/chromium/webxr-test.js
+++ b/tests/wpt/web-platform-tests/resources/chromium/webxr-test.js
@@ -47,25 +47,29 @@ class MockVRService {
     let device = new MockDevice(fakeDeviceInit, this);
     this.devices_.push(device);
 
+    if (this.client_) {
+      this.client_.onDeviceChanged();
+    }
+
     return device;
   }
 
   // VRService implementation.
+  requestDevice() {
+    return Promise.resolve(
+        {device: this.devices_[0] ? this.devices_[0].getDevicePtr() : null});
+  }
+
   setClient(client) {
     this.client_ = client;
-    for (let i = 0; i < this.devices_.length; i++) {
-      this.devices_[i].notifyClientOfDisplay();
-    }
-
-    return Promise.resolve();
   }
 }
 
-// Implements both XRDeviceImpl and VRMagicWindowProvider. Maintains a mock for
+// Implements both XRDevice and VRMagicWindowProvider. Maintains a mock for
 // XRPresentationProvider.
 class MockDevice {
   constructor(fakeDeviceInit, service) {
-    this.displayClient_ = new device.mojom.VRDisplayClientPtr();
+    this.sessionClient_ = new device.mojom.XRSessionClientPtr();
     this.presentation_provider_ = new MockXRPresentationProvider();
 
     this.pose_ = null;
@@ -80,23 +84,13 @@ class MockDevice {
     } else {
       this.displayInfo_ = this.getNonImmersiveDisplayInfo();
     }
-
-    if (service.client_) {
-      this.notifyClientOfDisplay();
-    }
   }
 
   // Functions for setup.
-  // This function calls to the backend to add this device to the list.
-  notifyClientOfDisplay() {
+  getDevicePtr() {
     let devicePtr = new device.mojom.XRDevicePtr();
-    let deviceRequest = mojo.makeRequest(devicePtr);
-    let deviceBinding =
-        new mojo.Binding(device.mojom.XRDevice, this, deviceRequest);
-
-    let clientRequest = mojo.makeRequest(this.displayClient_);
-    this.service_.client_.onDisplayConnected(
-        devicePtr, clientRequest, this.displayInfo_);
+    new mojo.Binding(device.mojom.XRDevice, this, mojo.makeRequest(devicePtr));
+    return devicePtr;
   }
 
   // Test methods.
@@ -120,7 +114,7 @@ class MockDevice {
       }
 
       if (changed) {
-        this.displayClient_.onChanged(this.displayInfo_);
+        this.sessionClient_.onChanged(this.displayInfo_);
       }
     }
   }
@@ -279,8 +273,7 @@ class MockDevice {
     // do not have any use for this data at present.
   }
 
-  // XRDeviceImpl implementation.
-
+  // XRDevice implementation.
   requestSession(sessionOptions, was_activation) {
     return this.supportsSession(sessionOptions).then((result) => {
       // The JavaScript bindings convert c_style_names to camelCase names.
@@ -310,11 +303,15 @@ class MockDevice {
             device.mojom.XREnviromentIntegrationProvider, this,
             enviromentProviderRequest);
 
+        let clientRequest = mojo.makeRequest(this.sessionClient_);
+
         return Promise.resolve({
           session: {
             submitFrameSink: submit_frame_sink,
             dataProvider: dataProviderPtr,
-            enviromentProvider: enviromentProviderPtr
+            enviromentProvider: enviromentProviderPtr,
+            clientRequest: clientRequest,
+            displayInfo: this.displayInfo_
           }
         });
       } else {
@@ -326,7 +323,7 @@ class MockDevice {
   supportsSession(options) {
     return Promise.resolve({
       supportsSession:
-          !options.exclusive || this.displayInfo_.capabilities.canPresent
+          !options.immersive || this.displayInfo_.capabilities.canPresent
     });
   };
 }
diff --git a/tests/wpt/web-platform-tests/resources/testdriver.js b/tests/wpt/web-platform-tests/resources/testdriver.js
index c9231d9e313..42ec824d015 100644
--- a/tests/wpt/web-platform-tests/resources/testdriver.js
+++ b/tests/wpt/web-platform-tests/resources/testdriver.js
@@ -67,7 +67,8 @@
             button.innerHTML = "This test requires user interaction.<br />" +
                 "Please click here to allow " + intent + ".";
             button.id = "wpt-test-driver-bless-" + (idCounter += 1);
-            document.body.appendChild(button);
+            const elem = document.body || document.documentElement;
+            elem.appendChild(button);
 
             return new Promise(function(resolve, reject) {
                     button.addEventListener("click", resolve);
diff --git a/tests/wpt/web-platform-tests/service-workers/service-worker/active.https.html b/tests/wpt/web-platform-tests/service-workers/service-worker/active.https.html
index deee6a50ea0..350a34b802f 100644
--- a/tests/wpt/web-platform-tests/service-workers/service-worker/active.https.html
+++ b/tests/wpt/web-platform-tests/service-workers/service-worker/active.https.html
@@ -5,51 +5,46 @@
 <script src="resources/test-helpers.sub.js"></script>
 <body>
 <script>
+
+const SCRIPT = 'resources/empty-worker.js';
+const SCOPE = 'resources/blank.html';
+
 // "active" is set
-async_test(function(t) {
-    var step = t.step_func.bind(t);
-    var url = 'resources/empty-worker.js';
-    var scope = 'resources/blank.html';
-    var frame;
-    var registration;
+promise_test(async t => {
 
-    service_worker_unregister(t, scope)
-      .then(step(function() { return with_iframe(scope); }))
-      .then(step(function(f) {
-          frame = f;
-          return navigator.serviceWorker.register(url, {scope: scope});
-        }))
-      .then(step(function(r) {
-          registration = r;
-          return wait_for_state(t, r.installing, 'activating');
-        }))
-      .then(step(function() {
-          var container = frame.contentWindow.navigator.serviceWorker;
-          assert_equals(
-            container.controller,
-            null,
-            'On activating state a document should not have a controller');
-          assert_equals(
-            registration.active.scriptURL,
-            normalizeURL(url),
-            'On activating state a document should have an active worker ');
-          assert_equals(
-            registration.waiting,
-            null,
-            'On activating state a document should not have a waiting worker');
-          assert_equals(
-            registration.installing,
-            null,
-            'On activating state a document should not have an installing ' +
-                'worker');
+  t.add_cleanup(async() => {
+    if (frame)
+      frame.remove();
+    if (registration)
+      await registration.unregister();
+  });
 
-          // FIXME: Add a test for a frame created after installation.
-          // Should the existing frame ("frame") block activation?
-        }))
-      .then(step(function() {
-          frame.remove();
-          return service_worker_unregister_and_done(t, scope);
-        }))
-      .catch(unreached_rejection(t));
-  }, 'active is set');
+  await service_worker_unregister(t, SCOPE);
+  const frame = await with_iframe(SCOPE);
+  const registration =
+      await navigator.serviceWorker.register(SCRIPT, {scope: SCOPE});
+  await wait_for_state(t, registration.installing, 'activating');
+  const container = frame.contentWindow.navigator.serviceWorker;
+  assert_equals(container.controller, null, 'controller');
+  assert_equals(registration.active.state, 'activating',
+                'registration.active');
+  assert_equals(registration.waiting, null, 'registration.waiting');
+  assert_equals(registration.installing, null, 'registration.installing');
+
+  // FIXME: Add a test for a frame created after installation.
+  // Should the existing frame ("frame") block activation?
+}, 'active is set');
+
+// Tests that the ServiceWorker objects returned from active attribute getter
+// that represent the same service worker are the same objects.
+promise_test(async t => {
+  const registration1 =
+      await service_worker_unregister_and_register(t, SCRIPT, SCOPE);
+  const registration2 = await navigator.serviceWorker.getRegistration(SCOPE);
+  assert_equals(registration1.active, registration2.active,
+                'ServiceWorkerRegistration.active should return the same ' +
+                'object');
+  await registration1.unregister();
+}, 'The ServiceWorker objects returned from active attribute getter that ' +
+   'represent the same service worker are the same objects');
 </script>
diff --git a/tests/wpt/web-platform-tests/service-workers/service-worker/installing.https.html b/tests/wpt/web-platform-tests/service-workers/service-worker/installing.https.html
index 57d87811192..0f257b6aba4 100644
--- a/tests/wpt/web-platform-tests/service-workers/service-worker/installing.https.html
+++ b/tests/wpt/web-platform-tests/service-workers/service-worker/installing.https.html
@@ -5,33 +5,44 @@
 <script src="resources/test-helpers.sub.js"></script>
 <body>
 <script>
+
+const SCRIPT = 'resources/empty-worker.js';
+const SCOPE = 'resources/blank.html';
+
 // "installing" is set
-async_test(function(t) {
-    var step = t.step_func.bind(t);
-    var url = 'resources/empty-worker.js';
-    var scope = 'resources/blank.html';
-    var frame;
+promise_test(async t => {
 
-    service_worker_unregister(t, scope)
-    .then(step(function() { return with_iframe(scope); }))
-    .then(step(function(f) {
-        frame = f;
-        return navigator.serviceWorker.register(url, {scope: scope});
-    }))
-    .then(step(function(registration) {
-        var container = frame.contentWindow.navigator.serviceWorker;
-        assert_equals(container.controller, null);
-        assert_equals(registration.active, null);
-        assert_equals(registration.waiting, null);
-        assert_equals(registration.installing.scriptURL, normalizeURL(url));
+  t.add_cleanup(async() => {
+    if (frame)
+      frame.remove();
+    if (registration)
+      await registration.unregister();
+  });
 
-        // FIXME: Add a test for a frame created after installation.
-        // Should the existing frame ("frame") block activation?
-    }))
-    .then(step(function() {
-        frame.remove();
-        return service_worker_unregister_and_done(t, scope);
-    }))
-    .catch(unreached_rejection(t));
+  await service_worker_unregister(t, SCOPE);
+  const frame = await with_iframe(SCOPE);
+  const registration =
+      await navigator.serviceWorker.register(SCRIPT, {scope: SCOPE});
+  const container = frame.contentWindow.navigator.serviceWorker;
+  assert_equals(container.controller, null, 'controller');
+  assert_equals(registration.active, null, 'registration.active');
+  assert_equals(registration.waiting, null, 'registration.waiting');
+  assert_equals(registration.installing.scriptURL, normalizeURL(SCRIPT),
+                'registration.installing.scriptURL');
+  // FIXME: Add a test for a frame created after installation.
+  // Should the existing frame ("frame") block activation?
 }, 'installing is set');
+
+// Tests that The ServiceWorker objects returned from installing attribute getter
+// that represent the same service worker are the same objects.
+promise_test(async t => {
+  const registration1 =
+      await service_worker_unregister_and_register(t, SCRIPT, SCOPE);
+  const registration2 = await navigator.serviceWorker.getRegistration(SCOPE);
+  assert_equals(registration1.installing, registration2.installing,
+                'ServiceWorkerRegistration.installing should return the ' +
+                'same object');
+  await registration1.unregister();
+}, 'The ServiceWorker objects returned from installing attribute getter that ' +
+   'represent the same service worker are the same objects');
 </script>
diff --git a/tests/wpt/web-platform-tests/service-workers/service-worker/navigation-preload/navigationPreload.https.html b/tests/wpt/web-platform-tests/service-workers/service-worker/navigation-preload/navigationPreload.https.html
new file mode 100644
index 00000000000..392e5c14dc8
--- /dev/null
+++ b/tests/wpt/web-platform-tests/service-workers/service-worker/navigation-preload/navigationPreload.https.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>ServiceWorker: navigator.serviceWorker.navigationPreload</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="../resources/test-helpers.sub.js"></script>
+<script src="resources/helpers.js"></script>
+<script>
+promise_test(async t => {
+  const SCRIPT = '../resources/empty-worker.js';
+  const SCOPE = '../resources/navigationpreload';
+  const registration =
+      await service_worker_unregister_and_register(t, SCRIPT, SCOPE);
+  const navigationPreload = registration.navigationPreload;
+  assert_true(navigationPreload instanceof NavigationPreloadManager,
+              'ServiceWorkerRegistration.navigationPreload');
+  await registration.unregister();
+}, "The navigationPreload attribute must return service worker " +
+    "registration's NavigationPreloadManager object.");
+</script>
diff --git a/tests/wpt/web-platform-tests/service-workers/service-worker/serviceworkerobject-scripturl.https.html b/tests/wpt/web-platform-tests/service-workers/service-worker/serviceworkerobject-scripturl.https.html
index 58f25f3a442..6004985a346 100644
--- a/tests/wpt/web-platform-tests/service-workers/service-worker/serviceworkerobject-scripturl.https.html
+++ b/tests/wpt/web-platform-tests/service-workers/service-worker/serviceworkerobject-scripturl.https.html
@@ -7,25 +7,20 @@
 'use strict';
 
 function url_test(name, url) {
-  var scope = 'resources/scope/' + name;
-  var expectedURL = normalizeURL(url);
+  const scope = 'resources/scope/' + name;
+  const expectedURL = normalizeURL(url);
 
-  promise_test(function(t) {
-      return service_worker_unregister_and_register(t, url, scope)
-        .then(function(registration) {
-            var worker = registration.installing;
-
-            t.add_cleanup(function() {
-                registration.unregister();
-              });
-
-            assert_equals(worker.scriptURL, expectedURL,
-                          'Returned ServiceWorker object should have scriptURL');
-          });
-    }, 'Verify the scriptURL property: ' + name);
+  promise_test(async t => {
+    const registration =
+        await service_worker_unregister_and_register(t, url, scope);
+    const worker = registration.installing;
+    assert_equals(worker.scriptURL, expectedURL, 'scriptURL');
+    await registration.unregister();
+  }, 'Verify the scriptURL property: ' + name);
 }
 
 url_test('relative', 'resources/empty-worker.js');
 url_test('with-fragment', 'resources/empty-worker.js#ref');
+url_test('with-query', 'resources/empty-worker.js?ref');
 url_test('absolute', normalizeURL('./resources/empty-worker.js'));
 </script>
diff --git a/tests/wpt/web-platform-tests/service-workers/service-worker/waiting.https.html b/tests/wpt/web-platform-tests/service-workers/service-worker/waiting.https.html
index 2b0dbc9485b..499e581eb35 100644
--- a/tests/wpt/web-platform-tests/service-workers/service-worker/waiting.https.html
+++ b/tests/wpt/web-platform-tests/service-workers/service-worker/waiting.https.html
@@ -5,36 +5,43 @@
 <script src="resources/test-helpers.sub.js"></script>
 <body>
 <script>
-promise_test(t => {
-    var script = 'resources/empty-worker.js';
-    var scope = 'resources/blank.html';
-    var frame;
-    var registration;
 
-    return service_worker_unregister(t, scope)
-      .then(() => { return with_iframe(scope); })
-      .then(f => {
-          frame = f;
-          return navigator.serviceWorker.register(script, {scope: scope});
-        })
-      .then(r => {
-          registration = r;
-          add_result_callback(() => { registration.unregister(); });
-          return wait_for_state(t, r.installing, 'installed');
-        })
-      .then(() => {
-          const controller =
-            frame.contentWindow.navigator.serviceWorker.controller;
-          assert_equals(controller, null, '.controller');
+const SCRIPT = 'resources/empty-worker.js';
+const SCOPE = 'resources/blank.html';
 
-          assert_equals(registration.active, null, '.active');
-          assert_equals(registration.waiting.state, 'installed', '.waiting');
-          assert_equals(registration.installing, null, '.installing');
-        })
-      .then(() => {
-          frame.remove();
-          return registration.unregister();
-        });
-  }, 'waiting is set after installation');
+promise_test(async t => {
+
+  t.add_cleanup(async() => {
+    if (frame)
+      frame.remove();
+    if (registration)
+      await registration.unregister();
+  });
+
+  await service_worker_unregister(t, SCOPE);
+  const frame = await with_iframe(SCOPE);
+  const registration =
+      await navigator.serviceWorker.register(SCRIPT, {scope: SCOPE});
+  await wait_for_state(t, registration.installing, 'installed');
+  const controller = frame.contentWindow.navigator.serviceWorker.controller;
+  assert_equals(controller, null, 'controller');
+  assert_equals(registration.active, null, 'registration.active');
+  assert_equals(registration.waiting.state, 'installed',
+                'registration.waiting');
+  assert_equals(registration.installing, null, 'registration.installing');
+}, 'waiting is set after installation');
+
+// Tests that the ServiceWorker objects returned from waiting attribute getter
+// that represent the same service worker are the same objects.
+promise_test(async t => {
+  const registration1 =
+      await service_worker_unregister_and_register(t, SCRIPT, SCOPE);
+  const registration2 = await navigator.serviceWorker.getRegistration(SCOPE);
+  assert_equals(registration1.waiting, registration2.waiting,
+                'ServiceWorkerRegistration.waiting should return the same ' +
+                'object');
+  await registration1.unregister();
+}, 'The ServiceWorker objects returned from waiting attribute getter that ' +
+   'represent the same service worker are the same objects');
 </script>
 </body>
diff --git a/tests/wpt/web-platform-tests/svg/render/reftests/blending-001.svg b/tests/wpt/web-platform-tests/svg/render/reftests/blending-001.svg
index 2278019cc73..f8fcf9fae49 100644
--- a/tests/wpt/web-platform-tests/svg/render/reftests/blending-001.svg
+++ b/tests/wpt/web-platform-tests/svg/render/reftests/blending-001.svg
@@ -18,6 +18,10 @@
       mix-blend-mode: screen;
     }
 
+    #edgecover > rect {
+      mix-blend-mode: normal;
+    }
+
     g {
       isolation: isolate;
     }
@@ -32,7 +36,7 @@
     </g>
 
     <!-- Stroke to prevent aliasing from effecting results. -->
-    <g style="mix-blend-mode:normal;fill:none;stroke:black;stroke-width:2px">
+    <g style="fill:none;stroke:black;stroke-width:2px" id="edgecover">
       <rect x="120" y="80"  width="160" height="160"/>
       <rect x="200" y="80"  width="160" height="160"/>
       <rect x="160" y="160" width="160" height="160"/>
diff --git a/tests/wpt/web-platform-tests/svg/render/reftests/blending-002.svg b/tests/wpt/web-platform-tests/svg/render/reftests/blending-002.svg
index 01e180f23a5..d74333c96fd 100644
--- a/tests/wpt/web-platform-tests/svg/render/reftests/blending-002.svg
+++ b/tests/wpt/web-platform-tests/svg/render/reftests/blending-002.svg
@@ -18,21 +18,23 @@
       mix-blend-mode: screen;
     }
 
-    g {
-      isolation: isolate;
+    #edgecover > rect {
+      mix-blend-mode: normal;
     }
   </style>
 
   <g id="test-body-content">
 
-    <rect x="120" y="80"  width="160" height="160" fill="red"/>
-    <g>
-      <rect x="200" y="80"  width="160" height="160" fill="lime"/>
-      <rect x="160" y="160" width="160" height="160" fill="blue"/>
+    <g style="isolation: isolate">
+      <rect x="120" y="80"  width="160" height="160" fill="red"/>
+      <g style="isolation: isolate">
+        <rect x="200" y="80"  width="160" height="160" fill="lime"/>
+        <rect x="160" y="160" width="160" height="160" fill="blue"/>
+      </g>
     </g>
 
     <!-- Stroke to prevent aliasing from effecting results. -->
-    <g style="mix-blend-mode:normal;fill:none;stroke:black;stroke-width:2px">
+    <g style="fill:none;stroke:black;stroke-width:2px" id="edgecover">
       <rect x="120" y="80"  width="160" height="160"/>
       <rect x="200" y="80"  width="160" height="160"/>
       <rect x="160" y="160" width="160" height="160"/>
diff --git a/tests/wpt/web-platform-tests/tools/localpaths.py b/tests/wpt/web-platform-tests/tools/localpaths.py
index 6758107a922..f6e24b486d5 100644
--- a/tests/wpt/web-platform-tests/tools/localpaths.py
+++ b/tests/wpt/web-platform-tests/tools/localpaths.py
@@ -22,6 +22,7 @@ sys.path.insert(0, os.path.join(here, "third_party", "h2"))
 sys.path.insert(0, os.path.join(here, "third_party", "hpack"))
 sys.path.insert(0, os.path.join(here, "third_party", "hyperframe"))
 sys.path.insert(0, os.path.join(here, "third_party", "certifi"))
+sys.path.insert(0, os.path.join(here, "third_party", "hyper"))
 sys.path.insert(0, os.path.join(here, "webdriver"))
 sys.path.insert(0, os.path.join(here, "wptrunner"))
 
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hpack/hpack/hpack.py b/tests/wpt/web-platform-tests/tools/third_party/hpack/hpack/hpack.py
index 57e8c7f6078..f8e808bec9e 100644
--- a/tests/wpt/web-platform-tests/tools/third_party/hpack/hpack/hpack.py
+++ b/tests/wpt/web-platform-tests/tools/third_party/hpack/hpack/hpack.py
@@ -230,7 +230,6 @@ class Encoder(object):
         # are already in the header table we can represent them using the
         # indexed representation: the same is true if they are in the static
         # table. Otherwise, a literal representation will be used.
-        log.debug("HPACK encoding %s", headers)
         header_block = []
 
         # Turn the headers into a list of tuples if possible. This is the
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/__init__.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/__init__.py
new file mode 100644
index 00000000000..afa88035298
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/__init__.py
@@ -0,0 +1,36 @@
+# -*- coding: utf-8 -*-
+"""
+hyper
+~~~~~~
+
+A module for providing an abstraction layer over the differences between
+HTTP/1.1 and HTTP/2.
+"""
+import logging
+
+from .common.connection import HTTPConnection
+from .http20.connection import HTTP20Connection
+from .http20.response import HTTP20Response, HTTP20Push
+from .http11.connection import HTTP11Connection
+from .http11.response import HTTP11Response
+
+# Throw import errors on Python <2.7 and 3.0-3.2.
+import sys as _sys
+if _sys.version_info < (2, 7) or (3, 0) <= _sys.version_info < (3, 3):
+    raise ImportError(
+        "hyper only supports Python 2.7 and Python 3.3 or higher."
+    )
+
+__all__ = [
+    HTTPConnection,
+    HTTP20Response,
+    HTTP20Push,
+    HTTP20Connection,
+    HTTP11Connection,
+    HTTP11Response,
+]
+
+# Set default logging handler.
+logging.getLogger(__name__).addHandler(logging.NullHandler())
+
+__version__ = '0.7.0'
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/certs.pem b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/certs.pem
new file mode 100644
index 00000000000..72a750f94fa
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/certs.pem
@@ -0,0 +1,5116 @@
+
+# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA
+# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA
+# Label: "GlobalSign Root CA"
+# Serial: 4835703278459707669005204
+# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a
+# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c
+# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
+MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
+aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
+jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
+xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
+1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
+snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
+U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
+AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
+yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
+38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
+AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
+DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
+HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
+-----END CERTIFICATE-----
+
+# Issuer: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R2
+# Subject: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R2
+# Label: "GlobalSign Root CA - R2"
+# Serial: 4835703278459682885658125
+# MD5 Fingerprint: 94:14:77:7e:3e:5e:fd:8f:30:bd:41:b0:cf:e7:d0:30
+# SHA1 Fingerprint: 75:e0:ab:b6:13:85:12:27:1c:04:f8:5f:dd:de:38:e4:b7:24:2e:fe
+# SHA256 Fingerprint: ca:42:dd:41:74:5f:d0:b8:1e:b9:02:36:2c:f9:d8:bf:71:9d:a1:bd:1b:1e:fc:94:6f:5b:4c:99:f4:2c:1b:9e
+-----BEGIN CERTIFICATE-----
+MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1
+MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL
+v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8
+eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq
+tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd
+C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa
+zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB
+mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH
+V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n
+bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG
+3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs
+J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO
+291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS
+ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd
+AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7
+TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==
+-----END CERTIFICATE-----
+
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 1999 VeriSign, Inc. - For authorized use only
+# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 1999 VeriSign, Inc. - For authorized use only
+# Label: "Verisign Class 3 Public Primary Certification Authority - G3"
+# Serial: 206684696279472310254277870180966723415
+# MD5 Fingerprint: cd:68:b6:a7:c7:c4:ce:75:e0:1d:4f:57:44:61:92:09
+# SHA1 Fingerprint: 13:2d:0d:45:53:4b:69:97:cd:b2:d5:c3:39:e2:55:76:60:9b:5c:c6
+# SHA256 Fingerprint: eb:04:cf:5e:b1:f3:9a:fa:76:2f:2b:b1:20:f2:96:cb:a5:20:c1:b9:7d:b1:58:95:65:b8:1c:b9:a1:7b:72:44
+-----BEGIN CERTIFICATE-----
+MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw
+CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl
+cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu
+LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT
+aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD
+VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT
+aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ
+bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu
+IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b
+N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t
+KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu
+kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm
+CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ
+Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu
+imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te
+2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe
+DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC
+/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p
+F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt
+TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ==
+-----END CERTIFICATE-----
+
+# Issuer: CN=Entrust.net Certification Authority (2048) O=Entrust.net OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/(c) 1999 Entrust.net Limited
+# Subject: CN=Entrust.net Certification Authority (2048) O=Entrust.net OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/(c) 1999 Entrust.net Limited
+# Label: "Entrust.net Premium 2048 Secure Server CA"
+# Serial: 946069240
+# MD5 Fingerprint: ee:29:31:bc:32:7e:9a:e6:e8:b5:f7:51:b4:34:71:90
+# SHA1 Fingerprint: 50:30:06:09:1d:97:d4:f5:ae:39:f7:cb:e7:92:7d:7d:65:2d:34:31
+# SHA256 Fingerprint: 6d:c4:71:72:e0:1c:bc:b0:bf:62:58:0d:89:5f:e2:b8:ac:9a:d4:f8:73:80:1e:0c:10:b9:c8:37:d2:1e:b1:77
+-----BEGIN CERTIFICATE-----
+MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
+RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp
+bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5
+IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3
+MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3
+LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp
+YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG
+A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq
+K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe
+sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX
+MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT
+XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/
+HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH
+4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub
+j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo
+U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf
+zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b
+u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+
+bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er
+fF6adulZkMV8gzURZVE=
+-----END CERTIFICATE-----
+
+# Issuer: CN=Baltimore CyberTrust Root O=Baltimore OU=CyberTrust
+# Subject: CN=Baltimore CyberTrust Root O=Baltimore OU=CyberTrust
+# Label: "Baltimore CyberTrust Root"
+# Serial: 33554617
+# MD5 Fingerprint: ac:b6:94:a5:9c:17:e0:d7:91:52:9b:b1:97:06:a6:e4
+# SHA1 Fingerprint: d4:de:20:d0:5e:66:fc:53:fe:1a:50:88:2c:78:db:28:52:ca:e4:74
+# SHA256 Fingerprint: 16:af:57:a9:f6:76:b0:ab:12:60:95:aa:5e:ba:de:f2:2a:b3:11:19:d6:44:ac:95:cd:4b:93:db:f3:f2:6a:eb
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ
+RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD
+VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX
+DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y
+ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy
+VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr
+mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr
+IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK
+mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu
+XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy
+dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye
+jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1
+BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3
+DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92
+9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx
+jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0
+Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz
+ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS
+R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp
+-----END CERTIFICATE-----
+
+# Issuer: CN=AddTrust Class 1 CA Root O=AddTrust AB OU=AddTrust TTP Network
+# Subject: CN=AddTrust Class 1 CA Root O=AddTrust AB OU=AddTrust TTP Network
+# Label: "AddTrust Low-Value Services Root"
+# Serial: 1
+# MD5 Fingerprint: 1e:42:95:02:33:92:6b:b9:5f:c0:7f:da:d6:b2:4b:fc
+# SHA1 Fingerprint: cc:ab:0e:a0:4c:23:01:d6:69:7b:dd:37:9f:cd:12:eb:24:e3:94:9d
+# SHA256 Fingerprint: 8c:72:09:27:9a:c0:4e:27:5e:16:d0:7f:d3:b7:75:e8:01:54:b5:96:80:46:e3:1f:52:dd:25:76:63:24:e9:a7
+-----BEGIN CERTIFICATE-----
+MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
+b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw
+MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML
+QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD
+VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul
+CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n
+tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl
+dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch
+PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC
++Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O
+BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl
+MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk
+ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB
+IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X
+7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz
+43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY
+eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl
+pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA
+WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk=
+-----END CERTIFICATE-----
+
+# Issuer: CN=AddTrust External CA Root O=AddTrust AB OU=AddTrust External TTP Network
+# Subject: CN=AddTrust External CA Root O=AddTrust AB OU=AddTrust External TTP Network
+# Label: "AddTrust External Root"
+# Serial: 1
+# MD5 Fingerprint: 1d:35:54:04:85:78:b0:3f:42:42:4d:bf:20:73:0a:3f
+# SHA1 Fingerprint: 02:fa:f3:e2:91:43:54:68:60:78:57:69:4d:f5:e4:5b:68:85:18:68
+# SHA256 Fingerprint: 68:7f:a4:51:38:22:78:ff:f0:c8:b1:1f:8d:43:d5:76:67:1c:6e:b2:bc:ea:b4:13:fb:83:d9:65:d0:6d:2f:f2
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
+IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
+MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
+FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
+bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
+H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
+uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
+mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
+a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
+E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
+WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
+VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
+Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
+cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
+IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
+AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
+YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
+6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
+Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
+c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
+mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
+-----END CERTIFICATE-----
+
+# Issuer: CN=AddTrust Public CA Root O=AddTrust AB OU=AddTrust TTP Network
+# Subject: CN=AddTrust Public CA Root O=AddTrust AB OU=AddTrust TTP Network
+# Label: "AddTrust Public Services Root"
+# Serial: 1
+# MD5 Fingerprint: c1:62:3e:23:c5:82:73:9c:03:59:4b:2b:e9:77:49:7f
+# SHA1 Fingerprint: 2a:b6:28:48:5e:78:fb:f3:ad:9e:79:10:dd:6b:df:99:72:2c:96:e5
+# SHA256 Fingerprint: 07:91:ca:07:49:b2:07:82:aa:d3:c7:d7:bd:0c:df:c9:48:58:35:84:3e:b2:d7:99:60:09:ce:43:ab:6c:69:27
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
+b3JrMSAwHgYDVQQDExdBZGRUcnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAx
+MDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtB
+ZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIDAeBgNV
+BAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV
+6tsfSlbunyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nX
+GCwwfQ56HmIexkvA/X1id9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnP
+dzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSGAa2Il+tmzV7R/9x98oTaunet3IAIx6eH
+1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAwHM+A+WD+eeSI8t0A65RF
+62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0GA1UdDgQW
+BBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUw
+AwEB/zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDEL
+MAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRU
+cnVzdCBUVFAgTmV0d29yazEgMB4GA1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJv
+b3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4JNojVhaTdt02KLmuG7jD8WS6
+IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL+YPoRNWyQSW/
+iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao
+GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh
+4SINhwBk/ox9Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQm
+XiLsks3/QppEIW1cxeMiHV9HEufOX1362KqxMy3ZdvJOOjMMK7MtkAY=
+-----END CERTIFICATE-----
+
+# Issuer: CN=AddTrust Qualified CA Root O=AddTrust AB OU=AddTrust TTP Network
+# Subject: CN=AddTrust Qualified CA Root O=AddTrust AB OU=AddTrust TTP Network
+# Label: "AddTrust Qualified Certificates Root"
+# Serial: 1
+# MD5 Fingerprint: 27:ec:39:47:cd:da:5a:af:e2:9a:01:65:21:a9:4c:bb
+# SHA1 Fingerprint: 4d:23:78:ec:91:95:39:b5:00:7f:75:8f:03:3b:21:1e:c5:4d:8b:cf
+# SHA256 Fingerprint: 80:95:21:08:05:db:4b:bc:35:5e:44:28:d8:fd:6e:c2:cd:e3:ab:5f:b9:7a:99:42:98:8e:b8:f4:dc:d0:60:16
+-----BEGIN CERTIFICATE-----
+MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEU
+MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3
+b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1
+MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYTAlNFMRQwEgYDVQQK
+EwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIzAh
+BgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwq
+xBb/4Oxx64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G
+87B4pfYOQnrjfxvM0PC3KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i
+2O+tCBGaKZnhqkRFmhJePp1tUvznoD1oL/BLcHwTOK28FSXx1s6rosAx1i+f4P8U
+WfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GRwVY18BTcZTYJbqukB8c1
+0cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HUMIHRMB0G
+A1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0T
+AQH/BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6Fr
+pGkwZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQL
+ExRBZGRUcnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlm
+aWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2VhlRO6aQTv
+hsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxGGuoYQ992zPlm
+hpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X
+dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3
+P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9Y
+iQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5no
+xqE=
+-----END CERTIFICATE-----
+
+# Issuer: CN=Entrust Root Certification Authority O=Entrust, Inc. OU=www.entrust.net/CPS is incorporated by reference/(c) 2006 Entrust, Inc.
+# Subject: CN=Entrust Root Certification Authority O=Entrust, Inc. OU=www.entrust.net/CPS is incorporated by reference/(c) 2006 Entrust, Inc.
+# Label: "Entrust Root Certification Authority"
+# Serial: 1164660820
+# MD5 Fingerprint: d6:a5:c3:ed:5d:dd:3e:00:c1:3d:87:92:1f:1d:3f:e4
+# SHA1 Fingerprint: b3:1e:b1:b7:40:e3:6c:84:02:da:dc:37:d4:4d:f5:d4:67:49:52:f9
+# SHA256 Fingerprint: 73:c1:76:43:4f:1b:c6:d5:ad:f4:5b:0e:76:e7:27:28:7c:8d:e5:76:16:c1:e6:e6:14:1a:2b:2c:bc:7d:8e:4c
+-----BEGIN CERTIFICATE-----
+MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC
+VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
+Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
+KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl
+cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw
+NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw
+NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy
+ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV
+BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo
+Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4
+4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9
+KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI
+rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi
+94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB
+sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi
+gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo
+kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE
+vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA
+A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t
+O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua
+AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP
+9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/
+eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m
+0vdXcDazv/wor3ElhVsT/h5/WrQ8
+-----END CERTIFICATE-----
+
+# Issuer: O=RSA Security Inc OU=RSA Security 2048 V3
+# Subject: O=RSA Security Inc OU=RSA Security 2048 V3
+# Label: "RSA Security 2048 v3"
+# Serial: 13297492616345471454730593562152402946
+# MD5 Fingerprint: 77:0d:19:b1:21:fd:00:42:9c:3e:0c:a5:dd:0b:02:8e
+# SHA1 Fingerprint: 25:01:90:19:cf:fb:d9:99:1c:b7:68:25:74:8d:94:5f:30:93:95:42
+# SHA256 Fingerprint: af:8b:67:62:a1:e5:28:22:81:61:a9:5d:5c:55:9e:e2:66:27:8f:75:d7:9e:83:01:89:a5:03:50:6a:bd:6b:4c
+-----BEGIN CERTIFICATE-----
+MIIDYTCCAkmgAwIBAgIQCgEBAQAAAnwAAAAKAAAAAjANBgkqhkiG9w0BAQUFADA6
+MRkwFwYDVQQKExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0EgU2VjdXJp
+dHkgMjA0OCBWMzAeFw0wMTAyMjIyMDM5MjNaFw0yNjAyMjIyMDM5MjNaMDoxGTAX
+BgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAbBgNVBAsTFFJTQSBTZWN1cml0eSAy
+MDQ4IFYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt49VcdKA3Xtp
+eafwGFAyPGJn9gqVB93mG/Oe2dJBVGutn3y+Gc37RqtBaB4Y6lXIL5F4iSj7Jylg
+/9+PjDvJSZu1pJTOAeo+tWN7fyb9Gd3AIb2E0S1PRsNO3Ng3OTsor8udGuorryGl
+wSMiuLgbWhOHV4PR8CDn6E8jQrAApX2J6elhc5SYcSa8LWrg903w8bYqODGBDSnh
+AMFRD0xS+ARaqn1y07iHKrtjEAMqs6FPDVpeRrc9DvV07Jmf+T0kgYim3WBU6JU2
+PcYJk5qjEoAAVZkZR73QpXzDuvsf9/UP+Ky5tfQ3mBMY3oVbtwyCO4dvlTlYMNpu
+AWgXIszACwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAfBgNVHSMEGDAWgBQHw1EwpKrpRa41JPr/JCwz0LGdjDAdBgNVHQ4EFgQUB8NR
+MKSq6UWuNST6/yQsM9CxnYwwDQYJKoZIhvcNAQEFBQADggEBAF8+hnZuuDU8TjYc
+HnmYv/3VEhF5Ug7uMYm83X/50cYVIeiKAVQNOvtUudZj1LGqlk2iQk3UUx+LEN5/
+Zb5gEydxiKRz44Rj0aRV4VCT5hsOedBnvEbIvz8XDZXmxpBp3ue0L96VfdASPz0+
+f00/FGj1EVDVwfSQpQgdMWD/YIwjVAqv/qFuxdF6Kmh4zx6CCiC0H63lhbJqaHVO
+rSU3lIW+vaHU6rcMSzyd6BIA8F+sDeGscGNz9395nzIlQnQFgCi/vcEkllgVsRch
+6YlL2weIZ/QVrXA+L02FO8K32/6YaCOJ4XQP3vTFhGMpG8zLB8kApKnXwiJPZ9d3
+7CAFYd4=
+-----END CERTIFICATE-----
+
+# Issuer: CN=GeoTrust Global CA O=GeoTrust Inc.
+# Subject: CN=GeoTrust Global CA O=GeoTrust Inc.
+# Label: "GeoTrust Global CA"
+# Serial: 144470
+# MD5 Fingerprint: f7:75:ab:29:fb:51:4e:b7:77:5e:ff:05:3c:99:8e:f5
+# SHA1 Fingerprint: de:28:f4:a4:ff:e5:b9:2f:a3:c5:03:d1:a3:49:a7:f9:96:2a:82:12
+# SHA256 Fingerprint: ff:85:6a:2d:25:1d:cd:88:d3:66:56:f4:50:12:67:98:cf:ab:aa:de:40:79:9c:72:2d:e4:d2:b5:db:36:a7:3a
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
+YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
+R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
+9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
+fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
+iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
+1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
+MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
+ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
+uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
+Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
+tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
+PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
+hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
+5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
+-----END CERTIFICATE-----
+
+# Issuer: CN=GeoTrust Global CA 2 O=GeoTrust Inc.
+# Subject: CN=GeoTrust Global CA 2 O=GeoTrust Inc.
+# Label: "GeoTrust Global CA 2"
+# Serial: 1
+# MD5 Fingerprint: 0e:40:a7:6c:de:03:5d:8f:d1:0f:e4:d1:8d:f9:6c:a9
+# SHA1 Fingerprint: a9:e9:78:08:14:37:58:88:f2:05:19:b0:6d:2b:0d:2b:60:16:90:7d
+# SHA256 Fingerprint: ca:2d:82:a0:86:77:07:2f:8a:b6:76:4f:f0:35:67:6c:fe:3e:5e:32:5e:01:21:72:df:3f:92:09:6d:b7:9b:85
+-----BEGIN CERTIFICATE-----
+MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFs
+IENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMTkwMzA0MDUwMDAwWjBEMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg
+R2xvYmFsIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvPE1A
+PRDfO1MA4Wf+lGAVPoWI8YkNkMgoI5kF6CsgncbzYEbYwbLVjDHZ3CB5JIG/NTL8
+Y2nbsSpr7iFY8gjpeMtvy/wWUsiRxP89c96xPqfCfWbB9X5SJBri1WeR0IIQ13hL
+TytCOb1kLUCgsBDTOEhGiKEMuzozKmKY+wCdE1l/bztyqu6mD4b5BWHqZ38MN5aL
+5mkWRxHCJ1kDs6ZgwiFAVvqgx306E+PsV8ez1q6diYD3Aecs9pYrEw15LNnA5IZ7
+S4wMcoKK+xfNAGw6EzywhIdLFnopsk/bHdQL82Y3vdj2V7teJHq4PIu5+pIaGoSe
+2HSPqht/XvT+RSIhAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FHE4NvICMVNHK266ZUapEBVYIAUJMB8GA1UdIwQYMBaAFHE4NvICMVNHK266ZUap
+EBVYIAUJMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAA/e1K6td
+EPx7srJerJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv
+/NgdRN3ggX+d6YvhZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywN
+A0ZF66D0f0hExghAzN4bcLUprbqLOzRldRtxIR0sFAqwlpW41uryZfspuk/qkZN0
+abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkCx1YAzUm5s2x7UwQa4qjJqhIF
+I8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqFH4z1Ir+rzoPz
+4iIprn2DQKi6bA==
+-----END CERTIFICATE-----
+
+# Issuer: CN=GeoTrust Universal CA O=GeoTrust Inc.
+# Subject: CN=GeoTrust Universal CA O=GeoTrust Inc.
+# Label: "GeoTrust Universal CA"
+# Serial: 1
+# MD5 Fingerprint: 92:65:58:8b:a2:1a:31:72:73:68:5c:b4:a5:7a:07:48
+# SHA1 Fingerprint: e6:21:f3:35:43:79:05:9a:4b:68:30:9d:8a:2f:74:22:15:87:ec:79
+# SHA256 Fingerprint: a0:45:9b:9f:63:b2:25:59:f5:fa:5d:4c:6d:b3:f9:f7:2f:f1:93:42:03:35:78:f0:73:bf:1d:1b:46:cb:b9:12
+-----BEGIN CERTIFICATE-----
+MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy
+c2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE
+BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0
+IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV
+VaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8
+cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT
+QjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh
+F7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v
+c7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w
+mZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd
+VHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX
+teGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ
+f9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe
+Bi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+
+nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB
+/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY
+MBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG
+9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc
+aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX
+IwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn
+ANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z
+uzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN
+Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja
+QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW
+koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9
+ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt
+DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm
+bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw=
+-----END CERTIFICATE-----
+
+# Issuer: CN=GeoTrust Universal CA 2 O=GeoTrust Inc.
+# Subject: CN=GeoTrust Universal CA 2 O=GeoTrust Inc.
+# Label: "GeoTrust Universal CA 2"
+# Serial: 1
+# MD5 Fingerprint: 34:fc:b8:d0:36:db:9e:14:b3:c2:f2:db:8f:e4:94:c7
+# SHA1 Fingerprint: 37:9a:19:7b:41:85:45:35:0c:a6:03:69:f3:3c:2e:af:47:4f:20:79
+# SHA256 Fingerprint: a0:23:4f:3b:c8:52:7c:a5:62:8e:ec:81:ad:5d:69:89:5d:a5:68:0d:c9:1d:1c:b8:47:7f:33:f8:78:b9:5b:0b
+-----BEGIN CERTIFICATE-----
+MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEW
+MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVy
+c2FsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYD
+VQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1
+c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0DE81
+WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUG
+FF+3Qs17j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdq
+XbboW0W63MOhBW9Wjo8QJqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxL
+se4YuU6W3Nx2/zu+z18DwPw76L5GG//aQMJS9/7jOvdqdzXQ2o3rXhhqMcceujwb
+KNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2WP0+GfPtDCapkzj4T8Fd
+IgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP20gaXT73
+y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRt
+hAAnZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgoc
+QIgfksILAAX/8sgCSqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4
+Lt1ZrtmhN79UNdxzMk+MBB4zsslG8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAfBgNV
+HSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8EBAMCAYYwDQYJ
+KoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z
+dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQ
+L1EuxBRa3ugZ4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgr
+Fg5fNuH8KrUwJM/gYwx7WBr+mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSo
+ag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpqA1Ihn0CoZ1Dy81of398j9tx4TuaY
+T1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbz
+GDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m
+1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJV
+OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH
+6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwX
+QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS
+-----END CERTIFICATE-----
+
+# Issuer: CN=Visa eCommerce Root O=VISA OU=Visa International Service Association
+# Subject: CN=Visa eCommerce Root O=VISA OU=Visa International Service Association
+# Label: "Visa eCommerce Root"
+# Serial: 25952180776285836048024890241505565794
+# MD5 Fingerprint: fc:11:b8:d8:08:93:30:00:6d:23:f9:7e:eb:52:1e:02
+# SHA1 Fingerprint: 70:17:9b:86:8c:00:a4:fa:60:91:52:22:3f:9f:3e:32:bd:e0:05:62
+# SHA256 Fingerprint: 69:fa:c9:bd:55:fb:0a:c7:8d:53:bb:ee:5c:f1:d5:97:98:9f:d0:aa:ab:20:a2:51:51:bd:f1:73:3e:e7:d1:22
+-----BEGIN CERTIFICATE-----
+MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr
+MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl
+cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv
+bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw
+CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h
+dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l
+cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h
+2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E
+lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV
+ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq
+299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t
+vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL
+dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF
+AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR
+zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3
+LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd
+7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw
+++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt
+398znM/jra6O1I7mT1GvFpLgXPYHDw==
+-----END CERTIFICATE-----
+
+# Issuer: CN=Certum CA O=Unizeto Sp. z o.o.
+# Subject: CN=Certum CA O=Unizeto Sp. z o.o.
+# Label: "Certum Root CA"
+# Serial: 65568
+# MD5 Fingerprint: 2c:8f:9f:66:1d:18:90:b1:47:26:9d:8e:86:82:8c:a9
+# SHA1 Fingerprint: 62:52:dc:40:f7:11:43:a2:2f:de:9e:f7:34:8e:06:42:51:b1:81:18
+# SHA256 Fingerprint: d8:e0:fe:bc:1d:b2:e3:8d:00:94:0f:37:d2:7d:41:34:4d:99:3e:73:4b:99:d5:65:6d:97:78:d4:d8:14:36:24
+-----BEGIN CERTIFICATE-----
+MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM
+MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD
+QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM
+MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD
+QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E
+jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo
+ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI
+ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu
+Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg
+AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7
+HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA
+uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa
+TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg
+xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q
+CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x
+O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs
+6GAqm4VKQPNriiTsBhYscw==
+-----END CERTIFICATE-----
+
+# Issuer: CN=AAA Certificate Services O=Comodo CA Limited
+# Subject: CN=AAA Certificate Services O=Comodo CA Limited
+# Label: "Comodo AAA Services root"
+# Serial: 1
+# MD5 Fingerprint: 49:79:04:b0:eb:87:19:ac:47:b0:bc:11:51:9b:74:d0
+# SHA1 Fingerprint: d1:eb:23:a4:6d:17:d6:8f:d9:25:64:c2:f1:f1:60:17:64:d8:e3:49
+# SHA256 Fingerprint: d7:a7:a0:fb:5d:7e:27:31:d7:71:e9:48:4e:bc:de:f7:1d:5f:0c:3e:0a:29:48:78:2b:c8:3e:e0:ea:69:9e:f4
+-----BEGIN CERTIFICATE-----
+MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
+YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
+MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
+BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
+GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
+BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
+3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
+YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
+rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
+ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
+oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
+MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
+QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
+b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
+AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
+GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
+Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
+G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
+l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
+smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
+-----END CERTIFICATE-----
+
+# Issuer: CN=Secure Certificate Services O=Comodo CA Limited
+# Subject: CN=Secure Certificate Services O=Comodo CA Limited
+# Label: "Comodo Secure Services root"
+# Serial: 1
+# MD5 Fingerprint: d3:d9:bd:ae:9f:ac:67:24:b3:c8:1b:52:e1:b9:a9:bd
+# SHA1 Fingerprint: 4a:65:d5:f4:1d:ef:39:b8:b8:90:4a:4a:d3:64:81:33:cf:c7:a1:d1
+# SHA256 Fingerprint: bd:81:ce:3b:4f:65:91:d1:1a:67:b5:fc:7a:47:fd:ef:25:52:1b:f9:aa:4e:18:b9:e3:df:2e:34:a7:80:3b:e8
+-----BEGIN CERTIFICATE-----
+MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRp
+ZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVow
+fjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAiBgNV
+BAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPM
+cm3ye5drswfxdySRXyWP9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3S
+HpR7LZQdqnXXs5jLrLxkU0C8j6ysNstcrbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996
+CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rCoznl2yY4rYsK7hljxxwk
+3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3Vp6ea5EQz
+6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNV
+HQ4EFgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1Ud
+EwEB/wQFMAMBAf8wgYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2Rv
+Y2EuY29tL1NlY3VyZUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRw
+Oi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmww
+DQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm4J4oqF7Tt/Q0
+5qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj
+Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtI
+gKvcnDe4IRRLDXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJ
+aD61JlfutuC23bkpgHl9j6PwpCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDl
+izeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1HRR3B7Hzs/Sk=
+-----END CERTIFICATE-----
+
+# Issuer: CN=Trusted Certificate Services O=Comodo CA Limited
+# Subject: CN=Trusted Certificate Services O=Comodo CA Limited
+# Label: "Comodo Trusted Services root"
+# Serial: 1
+# MD5 Fingerprint: 91:1b:3f:6e:cd:9e:ab:ee:07:fe:1f:71:d2:b3:61:27
+# SHA1 Fingerprint: e1:9f:e3:0e:8b:84:60:9e:80:9b:17:0d:72:a8:c5:ba:6e:14:09:bd
+# SHA256 Fingerprint: 3f:06:e5:56:81:d4:96:f5:be:16:9e:b5:38:9f:9f:2b:8f:f6:1e:17:08:df:68:81:72:48:49:cd:5d:27:cb:69
+-----BEGIN CERTIFICATE-----
+MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEb
+MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
+GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0
+aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEwMDAwMDBaFw0yODEyMzEyMzU5NTla
+MH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
+BgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUwIwYD
+VQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWW
+fnJSoBVC21ndZHoa0Lh73TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMt
+TGo87IvDktJTdyR0nAducPy9C1t2ul/y/9c3S0pgePfw+spwtOpZqqPOSC+pw7IL
+fhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6juljatEPmsbS9Is6FARW
+1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsSivnkBbA7
+kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0G
+A1UdDgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21v
+ZG9jYS5jb20vVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRo
+dHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMu
+Y3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8NtwuleGFTQQuS9/
+HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32
+pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxIS
+jBc/lDb+XbDABHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+
+xqFx7D+gIIxmOom0jtTYsU0lR+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/Atyjcn
+dBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O9y5Xt5hwXsjEeLBi
+-----END CERTIFICATE-----
+
+# Issuer: CN=QuoVadis Root Certification Authority O=QuoVadis Limited OU=Root Certification Authority
+# Subject: CN=QuoVadis Root Certification Authority O=QuoVadis Limited OU=Root Certification Authority
+# Label: "QuoVadis Root CA"
+# Serial: 985026699
+# MD5 Fingerprint: 27:de:36:fe:72:b7:00:03:00:9d:f4:f0:1e:6c:04:24
+# SHA1 Fingerprint: de:3f:40:bd:50:93:d3:9b:6c:60:f6:da:bc:07:62:01:00:89:76:c9
+# SHA256 Fingerprint: a4:5e:de:3b:bb:f0:9c:8a:e1:5c:72:ef:c0:72:68:d6:93:a2:1c:99:6f:d5:1e:67:ca:07:94:60:fd:6d:88:73
+-----BEGIN CERTIFICATE-----
+MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC
+TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz
+MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw
+IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR
+dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp
+li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D
+rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ
+WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug
+F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU
+xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC
+Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv
+dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw
+ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl
+IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh
+c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy
+ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh
+Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI
+KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T
+KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq
+y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p
+dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD
+VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL
+MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk
+fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8
+7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R
+cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y
+mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW
+xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK
+SnQ2+Q==
+-----END CERTIFICATE-----
+
+# Issuer: CN=QuoVadis Root CA 2 O=QuoVadis Limited
+# Subject: CN=QuoVadis Root CA 2 O=QuoVadis Limited
+# Label: "QuoVadis Root CA 2"
+# Serial: 1289
+# MD5 Fingerprint: 5e:39:7b:dd:f8:ba:ec:82:e9:ac:62:ba:0c:54:00:2b
+# SHA1 Fingerprint: ca:3a:fb:cf:12:40:36:4b:44:b2:16:20:88:80:48:39:19:93:7c:f7
+# SHA256 Fingerprint: 85:a0:dd:7d:d7:20:ad:b7:ff:05:f8:3d:54:2b:20:9d:c7:ff:45:28:f7:d6:77:b1:83:89:fe:a5:e5:c4:9e:86
+-----BEGIN CERTIFICATE-----
+MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x
+GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv
+b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV
+BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W
+YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa
+GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg
+Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J
+WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB
+rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp
++ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1
+ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i
+Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz
+PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og
+/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH
+oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI
+yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud
+EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2
+A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL
+MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT
+ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f
+BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn
+g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl
+fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K
+WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha
+B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc
+hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR
+TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD
+mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z
+ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y
+4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza
+8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u
+-----END CERTIFICATE-----
+
+# Issuer: CN=QuoVadis Root CA 3 O=QuoVadis Limited
+# Subject: CN=QuoVadis Root CA 3 O=QuoVadis Limited
+# Label: "QuoVadis Root CA 3"
+# Serial: 1478
+# MD5 Fingerprint: 31:85:3c:62:94:97:63:b9:aa:fd:89:4e:af:6f:e0:cf
+# SHA1 Fingerprint: 1f:49:14:f7:d8:74:95:1d:dd:ae:02:c0:be:fd:3a:2d:82:75:51:85
+# SHA256 Fingerprint: 18:f1:fc:7f:20:5d:f8:ad:dd:eb:7f:e0:07:dd:57:e3:af:37:5a:9c:4d:8d:73:54:6b:f4:f1:fe:d1:e1:8d:35
+-----BEGIN CERTIFICATE-----
+MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x
+GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv
+b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV
+BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W
+YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM
+V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB
+4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr
+H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd
+8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv
+vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT
+mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe
+btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc
+T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt
+WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ
+c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A
+4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD
+VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG
+CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0
+aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0
+aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu
+dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw
+czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G
+A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC
+TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg
+Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0
+7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem
+d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd
++LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B
+4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN
+t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x
+DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57
+k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s
+zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j
+Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT
+mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK
+4SVhM7JZG+Ju1zdXtg2pEto=
+-----END CERTIFICATE-----
+
+# Issuer: O=SECOM Trust.net OU=Security Communication RootCA1
+# Subject: O=SECOM Trust.net OU=Security Communication RootCA1
+# Label: "Security Communication Root CA"
+# Serial: 0
+# MD5 Fingerprint: f1:bc:63:6a:54:e0:b5:27:f5:cd:e7:1a:e3:4d:6e:4a
+# SHA1 Fingerprint: 36:b1:2b:49:f9:81:9e:d7:4c:9e:bc:38:0f:c6:56:8f:5d:ac:b2:f7
+# SHA256 Fingerprint: e7:5e:72:ed:9f:56:0e:ec:6e:b4:80:00:73:a4:3f:c3:ad:19:19:5a:39:22:82:01:78:95:97:4a:99:02:6b:6c
+-----BEGIN CERTIFICATE-----
+MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY
+MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t
+dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5
+WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD
+VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8
+9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ
+DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9
+Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N
+QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ
+xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G
+A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T
+AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG
+kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr
+Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5
+Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU
+JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot
+RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw==
+-----END CERTIFICATE-----
+
+# Issuer: CN=Sonera Class2 CA O=Sonera
+# Subject: CN=Sonera Class2 CA O=Sonera
+# Label: "Sonera Class 2 Root CA"
+# Serial: 29
+# MD5 Fingerprint: a3:ec:75:0f:2e:88:df:fa:48:01:4e:0b:5c:48:6f:fb
+# SHA1 Fingerprint: 37:f7:6d:e6:07:7c:90:c5:b1:3e:93:1a:b7:41:10:b4:f2:e4:9a:27
+# SHA256 Fingerprint: 79:08:b4:03:14:c1:38:10:0b:51:8d:07:35:80:7f:fb:fc:f8:51:8a:00:95:33:71:05:ba:38:6b:15:3d:d9:27
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP
+MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx
+MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV
+BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o
+Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt
+5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s
+3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej
+vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu
+8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw
+DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG
+MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil
+zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/
+3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD
+FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6
+Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2
+ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M
+-----END CERTIFICATE-----
+
+# Issuer: CN=UTN-USERFirst-Hardware O=The USERTRUST Network OU=http://www.usertrust.com
+# Subject: CN=UTN-USERFirst-Hardware O=The USERTRUST Network OU=http://www.usertrust.com
+# Label: "UTN USERFirst Hardware Root CA"
+# Serial: 91374294542884704022267039221184531197
+# MD5 Fingerprint: 4c:56:41:e5:0d:bb:2b:e8:ca:a3:ed:18:08:ad:43:39
+# SHA1 Fingerprint: 04:83:ed:33:99:ac:36:08:05:87:22:ed:bc:5e:46:00:e3:be:f9:d7
+# SHA256 Fingerprint: 6e:a5:47:41:d0:04:66:7e:ed:1b:48:16:63:4a:a3:a7:9e:6e:4b:96:95:0f:82:79:da:fc:8d:9b:d8:81:21:37
+-----BEGIN CERTIFICATE-----
+MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB
+lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
+Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
+dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
+SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG
+A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe
+MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v
+d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh
+cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn
+0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ
+M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a
+MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd
+oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI
+DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy
+oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0
+dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy
+bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF
+BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM
+//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli
+CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE
+CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t
+3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS
+KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA==
+-----END CERTIFICATE-----
+
+# Issuer: CN=Chambers of Commerce Root O=AC Camerfirma SA CIF A82743287 OU=http://www.chambersign.org
+# Subject: CN=Chambers of Commerce Root O=AC Camerfirma SA CIF A82743287 OU=http://www.chambersign.org
+# Label: "Camerfirma Chambers of Commerce Root"
+# Serial: 0
+# MD5 Fingerprint: b0:01:ee:14:d9:af:29:18:94:76:8e:f1:69:33:2a:84
+# SHA1 Fingerprint: 6e:3a:55:a4:19:0c:19:5c:93:84:3c:c0:db:72:2e:31:30:61:f0:b1
+# SHA256 Fingerprint: 0c:25:8a:12:a5:67:4a:ef:25:f2:8b:a7:dc:fa:ec:ee:a3:48:e5:41:e6:f5:cc:4e:e6:3b:71:b3:61:60:6a:c3
+-----BEGIN CERTIFICATE-----
+MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn
+MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL
+ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg
+b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa
+MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB
+ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw
+IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B
+AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb
+unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d
+BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq
+7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3
+0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX
+roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG
+A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j
+aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p
+26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA
+BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud
+EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN
+BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz
+aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB
+AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd
+p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi
+1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc
+XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0
+eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu
+tGWaIZDgqtCYvDi1czyL+Nw=
+-----END CERTIFICATE-----
+
+# Issuer: CN=Global Chambersign Root O=AC Camerfirma SA CIF A82743287 OU=http://www.chambersign.org
+# Subject: CN=Global Chambersign Root O=AC Camerfirma SA CIF A82743287 OU=http://www.chambersign.org
+# Label: "Camerfirma Global Chambersign Root"
+# Serial: 0
+# MD5 Fingerprint: c5:e6:7b:bf:06:d0:4f:43:ed:c4:7a:65:8a:fb:6b:19
+# SHA1 Fingerprint: 33:9b:6b:14:50:24:9b:55:7a:01:87:72:84:d9:e0:2f:c3:d2:d8:e9
+# SHA256 Fingerprint: ef:3c:b4:17:fc:8e:bf:6f:97:87:6c:9e:4e:ce:39:de:1e:a5:fe:64:91:41:d1:02:8b:7d:11:c0:b2:29:8c:ed
+-----BEGIN CERTIFICATE-----
+MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn
+MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL
+ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo
+YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9
+MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy
+NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G
+A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA
+A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0
+Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s
+QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV
+eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795
+B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh
+z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T
+AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i
+ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w
+TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH
+MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD
+VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE
+VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh
+bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B
+AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM
+bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi
+ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG
+VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c
+ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/
+AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A==
+-----END CERTIFICATE-----
+
+# Issuer: CN=XRamp Global Certification Authority O=XRamp Security Services Inc OU=www.xrampsecurity.com
+# Subject: CN=XRamp Global Certification Authority O=XRamp Security Services Inc OU=www.xrampsecurity.com
+# Label: "XRamp Global CA Root"
+# Serial: 107108908803651509692980124233745014957
+# MD5 Fingerprint: a1:0b:44:b3:ca:10:d8:00:6e:9d:0f:d8:0f:92:0a:d1
+# SHA1 Fingerprint: b8:01:86:d1:eb:9c:86:a5:41:04:cf:30:54:f3:4c:52:b7:e5:58:c6
+# SHA256 Fingerprint: ce:cd:dc:90:50:99:d8:da:df:c5:b1:d2:09:b7:37:cb:e2:c1:8c:fb:2c:10:c0:ff:0b:cf:0d:32:86:fc:1a:a2
+-----BEGIN CERTIFICATE-----
+MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB
+gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk
+MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY
+UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx
+NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3
+dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy
+dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6
+38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP
+KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q
+DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4
+qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa
+JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi
+PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P
+BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs
+jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0
+eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD
+ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR
+vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt
+qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa
+IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy
+i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ
+O+7ETPTsJ3xCwnR8gooJybQDJbw=
+-----END CERTIFICATE-----
+
+# Issuer: O=The Go Daddy Group, Inc. OU=Go Daddy Class 2 Certification Authority
+# Subject: O=The Go Daddy Group, Inc. OU=Go Daddy Class 2 Certification Authority
+# Label: "Go Daddy Class 2 CA"
+# Serial: 0
+# MD5 Fingerprint: 91:de:06:25:ab:da:fd:32:17:0c:bb:25:17:2a:84:67
+# SHA1 Fingerprint: 27:96:ba:e6:3f:18:01:e2:77:26:1b:a0:d7:77:70:02:8f:20:ee:e4
+# SHA256 Fingerprint: c3:84:6b:f2:4b:9e:93:ca:64:27:4c:0e:c6:7c:1e:cc:5e:02:4f:fc:ac:d2:d7:40:19:35:0e:81:fe:54:6a:e4
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh
+MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE
+YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3
+MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo
+ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg
+MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN
+ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA
+PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w
+wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi
+EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY
+avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+
+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE
+sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h
+/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5
+IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy
+OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P
+TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
+HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER
+dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf
+ReYNnyicsbkqWletNw+vHX/bvZ8=
+-----END CERTIFICATE-----
+
+# Issuer: O=Starfield Technologies, Inc. OU=Starfield Class 2 Certification Authority
+# Subject: O=Starfield Technologies, Inc. OU=Starfield Class 2 Certification Authority
+# Label: "Starfield Class 2 CA"
+# Serial: 0
+# MD5 Fingerprint: 32:4a:4b:bb:c8:63:69:9b:be:74:9a:c6:dd:1d:46:24
+# SHA1 Fingerprint: ad:7e:1c:28:b0:64:ef:8f:60:03:40:20:14:c3:d0:e3:37:0e:b5:8a
+# SHA256 Fingerprint: 14:65:fa:20:53:97:b8:76:fa:a6:f0:a9:95:8e:55:90:e4:0f:cc:7f:aa:4f:b7:c2:c8:67:75:21:fb:5f:b6:58
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl
+MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp
+U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw
+NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE
+ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp
+ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3
+DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf
+8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN
++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0
+X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa
+K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA
+1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G
+A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR
+zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0
+YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD
+bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w
+DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3
+L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D
+eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp
+VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY
+WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q=
+-----END CERTIFICATE-----
+
+# Issuer: CN=StartCom Certification Authority O=StartCom Ltd. OU=Secure Digital Certificate Signing
+# Subject: CN=StartCom Certification Authority O=StartCom Ltd. OU=Secure Digital Certificate Signing
+# Label: "StartCom Certification Authority"
+# Serial: 1
+# MD5 Fingerprint: 22:4d:8f:8a:fc:f7:35:c2:bb:57:34:90:7b:8b:22:16
+# SHA1 Fingerprint: 3e:2b:f7:f2:03:1b:96:f3:8c:e6:c4:d8:a8:5d:3e:2d:58:47:6a:0f
+# SHA256 Fingerprint: c7:66:a9:be:f2:d4:07:1c:86:3a:31:aa:49:20:e8:13:b2:d1:98:60:8c:b7:b7:cf:e2:11:43:b8:36:df:09:ea
+-----BEGIN CERTIFICATE-----
+MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
+MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
+Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9
+MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
+U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
+cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk
+pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf
+OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C
+Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT
+Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi
+HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM
+Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w
++2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+
+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3
+Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B
+26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID
+AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE
+FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j
+ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js
+LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM
+BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0
+Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy
+dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh
+cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh
+YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg
+dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp
+bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ
+YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT
+TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ
+9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8
+jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW
+FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz
+ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1
+ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L
+EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu
+L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq
+yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC
+O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V
+um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh
+NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14=
+-----END CERTIFICATE-----
+
+# Issuer: O=Government Root Certification Authority
+# Subject: O=Government Root Certification Authority
+# Label: "Taiwan GRCA"
+# Serial: 42023070807708724159991140556527066870
+# MD5 Fingerprint: 37:85:44:53:32:45:1f:20:f0:f3:95:e1:25:c4:43:4e
+# SHA1 Fingerprint: f4:8b:11:bf:de:ab:be:94:54:20:71:e6:41:de:6b:be:88:2b:40:b9
+# SHA256 Fingerprint: 76:00:29:5e:ef:e8:5b:9e:1f:d6:24:db:76:06:2a:aa:ae:59:81:8a:54:d2:77:4c:d4:c0:b2:c0:11:31:e1:b3
+-----BEGIN CERTIFICATE-----
+MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/
+MQswCQYDVQQGEwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5MB4XDTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1ow
+PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp
+Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qNw8XR
+IePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1q
+gQdW8or5BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKy
+yhwOeYHWtXBiCAEuTk8O1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAts
+F/tnyMKtsc2AtJfcdgEWFelq16TheEfOhtX7MfP6Mb40qij7cEwdScevLJ1tZqa2
+jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wovJ5pGfaENda1UhhXcSTvx
+ls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7Q3hub/FC
+VGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHK
+YS1tB6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoH
+EgKXTiCQ8P8NHuJBO9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThN
+Xo+EHWbNxWCWtFJaBYmOlXqYwZE8lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1Ud
+DgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNVHRMEBTADAQH/MDkGBGcqBwAE
+MTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg209yewDL7MTqK
+UWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ
+TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyf
+qzvS/3WXy6TjZwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaK
+ZEk9GhiHkASfQlK3T8v+R0F2Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFE
+JPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlUD7gsL0u8qV1bYH+Mh6XgUmMqvtg7
+hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6QzDxARvBMB1uUO07+1
+EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+HbkZ6Mm
+nD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WX
+udpVBrkk7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44Vbnz
+ssQwmSNOXfJIoRIM3BKQCZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDe
+LMDDav7v3Aun+kbfYNucpllQdSNpc5Oy+fwC00fmcc4QAu4njIT/rEUNE1yDMuAl
+pYYsfPQS
+-----END CERTIFICATE-----
+
+# Issuer: CN=Swisscom Root CA 1 O=Swisscom OU=Digital Certificate Services
+# Subject: CN=Swisscom Root CA 1 O=Swisscom OU=Digital Certificate Services
+# Label: "Swisscom Root CA 1"
+# Serial: 122348795730808398873664200247279986742
+# MD5 Fingerprint: f8:38:7c:77:88:df:2c:16:68:2e:c2:e2:52:4b:b8:f9
+# SHA1 Fingerprint: 5f:3a:fc:0a:8b:64:f6:86:67:34:74:df:7e:a9:a2:fe:f9:fa:7a:51
+# SHA256 Fingerprint: 21:db:20:12:36:60:bb:2e:d4:18:20:5d:a1:1e:e7:a8:5a:65:e2:bc:6e:55:b5:af:7e:78:99:c8:a2:66:d9:2e
+-----BEGIN CERTIFICATE-----
+MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBk
+MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0
+YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg
+Q0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4MTgyMjA2MjBaMGQxCzAJBgNVBAYT
+AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp
+Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAxMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LmwqAzZuz8h+BvVM5OAFmUgdbI9
+m2BtRsiMMW8Xw/qabFbtPMWRV8PNq5ZJkCoZSx6jbVfd8StiKHVFXqrWW/oLJdih
+FvkcxC7mlSpnzNApbjyFNDhhSbEAn9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/
+TilftKaNXXsLmREDA/7n29uj/x2lzZAeAR81sH8A25Bvxn570e56eqeqDFdvpG3F
+EzuwpdntMhy0XmeLVNxzh+XTF3xmUHJd1BpYwdnP2IkCb6dJtDZd0KTeByy2dbco
+kdaXvij1mB7qWybJvbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn7uHbHaBu
+HYwadzVcFh4rUx80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNF
+vJbNcA78yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo
+19AOeCMgkckkKmUpWyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjC
+L3UcPX7ape8eYIVpQtPM+GP+HkM5haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoIlmJW
+bjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNYMUJDLXT5xp6mig/p/r+D5kNX
+JLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw
+FDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYBAf8CAQcwHwYDVR0j
+BBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0OBBYEFAMlL95vggE6XCzc
+K6FptWfUjNP9MA0GCSqGSIb3DQEBBQUAA4ICAQA1EMvspgQNDQ/NwNurqPKIlwzf
+ky9NfEBWMXrrpA9gzXrzvsMnjgM+pN0S734edAY8PzHyHHuRMSG08NBsl9Tpl7Ik
+Vh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzneAXQMbFamIp1TpBcahQq4FJHgmDmHtqB
+sfsUC1rxn9KVuj7QG9YVHaO+htXbD8BJZLsuUBlL0iT43R4HVtA4oJVwIHaM190e
+3p9xxCPvgxNcoyQVTSlAPGrEqdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtlvrsR
+ls/bxig5OgjOR1tTWsWZ/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ip
+mXeascClOS5cfGniLLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HH
+b6D0jqTsNFFbjCYDcKF31QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksf
+rK/7DZBaZmBwXarNeNQk7shBoJMBkpxqnvy5JMWzFYJ+vq6VK+uxwNrjAWALXmms
+hFZhvnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCyx/yP2FS1k2Kdzs9Z+z0Y
+zirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMWNY6E0F/6
+MBr1mmz0DlP5OlvRHA==
+-----END CERTIFICATE-----
+
+# Issuer: CN=DigiCert Assured ID Root CA O=DigiCert Inc OU=www.digicert.com
+# Subject: CN=DigiCert Assured ID Root CA O=DigiCert Inc OU=www.digicert.com
+# Label: "DigiCert Assured ID Root CA"
+# Serial: 17154717934120587862167794914071425081
+# MD5 Fingerprint: 87:ce:0b:7b:2a:0e:49:00:e1:58:71:9b:37:a8:93:72
+# SHA1 Fingerprint: 05:63:b8:63:0d:62:d7:5a:bb:c8:ab:1e:4b:df:b5:a8:99:b2:4d:43
+# SHA256 Fingerprint: 3e:90:99:b5:01:5e:8f:48:6c:00:bc:ea:9d:11:1e:e7:21:fa:ba:35:5a:89:bc:f1:df:69:56:1e:3d:c6:32:5c
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
+b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
+cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c
+JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP
+mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+
+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4
+VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/
+AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB
+AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
+BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun
+pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC
+dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf
+fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm
+NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx
+H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
+-----END CERTIFICATE-----
+
+# Issuer: CN=DigiCert Global Root CA O=DigiCert Inc OU=www.digicert.com
+# Subject: CN=DigiCert Global Root CA O=DigiCert Inc OU=www.digicert.com
+# Label: "DigiCert Global Root CA"
+# Serial: 10944719598952040374951832963794454346
+# MD5 Fingerprint: 79:e4:a9:84:0d:7d:3a:96:d7:c0:4f:e2:43:4c:89:2e
+# SHA1 Fingerprint: a8:98:5d:3a:65:e5:e5:c4:b2:d7:d6:6d:40:c6:dd:2f:b1:9c:54:36
+# SHA256 Fingerprint: 43:48:a0:e9:44:4c:78:cb:26:5e:05:8d:5e:89:44:b4:d8:4f:96:62:bd:26:db:25:7f:89:34:a4:43:c7:01:61
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
+CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
+nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
+43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
+T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
+gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
+BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
+TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
+DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
+hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
+06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
+PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
+YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
+-----END CERTIFICATE-----
+
+# Issuer: CN=DigiCert High Assurance EV Root CA O=DigiCert Inc OU=www.digicert.com
+# Subject: CN=DigiCert High Assurance EV Root CA O=DigiCert Inc OU=www.digicert.com
+# Label: "DigiCert High Assurance EV Root CA"
+# Serial: 3553400076410547919724730734378100087
+# MD5 Fingerprint: d4:74:de:57:5c:39:b2:d3:9c:85:83:c5:c0:65:49:8a
+# SHA1 Fingerprint: 5f:b7:ee:06:33:e2:59:db:ad:0c:4c:9a:e6:d3:8f:1a:61:c7:dc:25
+# SHA256 Fingerprint: 74:31:e5:f4:c3:c1:ce:46:90:77:4f:0b:61:e0:54:40:88:3b:a9:a0:1e:d0:0b:a6:ab:d7:80:6e:d3:b1:18:cf
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
+ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
+MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
+LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
+RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
+PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
+xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
+Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
+hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
+EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
+MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
+FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
+nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
+eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
+hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
+Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
+vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
++OkuE6N36B9K
+-----END CERTIFICATE-----
+
+# Issuer: CN=Class 2 Primary CA O=Certplus
+# Subject: CN=Class 2 Primary CA O=Certplus
+# Label: "Certplus Class 2 Primary CA"
+# Serial: 177770208045934040241468760488327595043
+# MD5 Fingerprint: 88:2c:8c:52:b8:a2:3c:f3:f7:bb:03:ea:ae:ac:42:0b
+# SHA1 Fingerprint: 74:20:74:41:72:9c:dd:92:ec:79:31:d8:23:10:8d:c2:81:92:e2:bb
+# SHA256 Fingerprint: 0f:99:3c:8a:ef:97:ba:af:56:87:14:0e:d5:9a:d1:82:1b:b4:af:ac:f0:aa:9a:58:b5:d5:7a:33:8a:3a:fb:cb
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw
+PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz
+cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9
+MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz
+IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ
+ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR
+VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL
+kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd
+EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas
+H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0
+HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud
+DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4
+QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu
+Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/
+AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8
+yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR
+FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA
+ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB
+kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7
+l7+ijrRU
+-----END CERTIFICATE-----
+
+# Issuer: CN=DST Root CA X3 O=Digital Signature Trust Co.
+# Subject: CN=DST Root CA X3 O=Digital Signature Trust Co.
+# Label: "DST Root CA X3"
+# Serial: 91299735575339953335919266965803778155
+# MD5 Fingerprint: 41:03:52:dc:0f:f7:50:1b:16:f0:02:8e:ba:6f:45:c5
+# SHA1 Fingerprint: da:c9:02:4f:54:d8:f6:df:94:93:5f:b1:73:26:38:ca:6a:d7:7c:13
+# SHA256 Fingerprint: 06:87:26:03:31:a7:24:03:d9:09:f1:05:e6:9b:cf:0d:32:e1:bd:24:93:ff:c6:d9:20:6d:11:bc:d6:77:07:39
+-----BEGIN CERTIFICATE-----
+MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
+rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
+OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
+xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
+7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
+aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
+SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
+ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
+AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
+R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
+JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
+Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
+-----END CERTIFICATE-----
+
+# Issuer: CN=DST ACES CA X6 O=Digital Signature Trust OU=DST ACES
+# Subject: CN=DST ACES CA X6 O=Digital Signature Trust OU=DST ACES
+# Label: "DST ACES CA X6"
+# Serial: 17771143917277623872238992636097467865
+# MD5 Fingerprint: 21:d8:4c:82:2b:99:09:33:a2:eb:14:24:8d:8e:5f:e8
+# SHA1 Fingerprint: 40:54:da:6f:1c:3f:40:74:ac:ed:0f:ec:cd:db:79:d1:53:fb:90:1d
+# SHA256 Fingerprint: 76:7c:95:5a:76:41:2c:89:af:68:8e:90:a1:c7:0f:55:6c:fd:6b:60:25:db:ea:10:41:6d:7e:b6:83:1f:8c:40
+-----BEGIN CERTIFICATE-----
+MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBb
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3Qx
+ETAPBgNVBAsTCERTVCBBQ0VTMRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0w
+MzExMjAyMTE5NThaFw0xNzExMjAyMTE5NThaMFsxCzAJBgNVBAYTAlVTMSAwHgYD
+VQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UECxMIRFNUIEFDRVMx
+FzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPu
+ktKe1jzIDZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7
+gLFViYsx+tC3dr5BPTCapCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZH
+fAjIgrrep4c9oW24MFbCswKBXy314powGCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4a
+ahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPyMjwmR/onJALJfh1biEIT
+ajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rk
+c3QuY29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjto
+dHRwOi8vd3d3LnRydXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMt
+aW5kZXguaHRtbDAdBgNVHQ4EFgQUCXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZI
+hvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V25FYrnJmQ6AgwbN99Pe7lv7Uk
+QIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6tFr8hlxCBPeP/
+h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq
+nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpR
+rscL9yuwNwXsvFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf2
+9w4LTJxoeHtxMcfrHuBnQfO3oKfN5XozNmr6mis=
+-----END CERTIFICATE-----
+
+# Issuer: CN=SwissSign Gold CA - G2 O=SwissSign AG
+# Subject: CN=SwissSign Gold CA - G2 O=SwissSign AG
+# Label: "SwissSign Gold CA - G2"
+# Serial: 13492815561806991280
+# MD5 Fingerprint: 24:77:d9:a8:91:d1:3b:fa:88:2d:c2:ff:f8:cd:33:93
+# SHA1 Fingerprint: d8:c5:38:8a:b7:30:1b:1b:6e:d4:7a:e6:45:25:3a:6f:9f:1a:27:61
+# SHA256 Fingerprint: 62:dd:0b:e9:b9:f5:0a:16:3e:a0:f8:e7:5c:05:3b:1e:ca:57:ea:55:c8:68:8f:64:7c:68:81:f2:c8:35:7b:95
+-----BEGIN CERTIFICATE-----
+MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln
+biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF
+MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT
+d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8
+76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+
+bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c
+6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE
+emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd
+MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt
+MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y
+MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y
+FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi
+aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM
+gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB
+qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7
+lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn
+8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov
+L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6
+45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO
+UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5
+O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC
+bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv
+GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a
+77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC
+hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3
+92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp
+Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w
+ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt
+Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
+-----END CERTIFICATE-----
+
+# Issuer: CN=SwissSign Silver CA - G2 O=SwissSign AG
+# Subject: CN=SwissSign Silver CA - G2 O=SwissSign AG
+# Label: "SwissSign Silver CA - G2"
+# Serial: 5700383053117599563
+# MD5 Fingerprint: e0:06:a1:c9:7d:cf:c9:fc:0d:c0:56:75:96:d8:62:13
+# SHA1 Fingerprint: 9b:aa:e5:9f:56:ee:21:cb:43:5a:be:25:93:df:a7:f0:40:d1:1d:cb
+# SHA256 Fingerprint: be:6c:4d:a2:bb:b9:ba:59:b6:f3:93:97:68:37:42:46:c3:c0:05:99:3f:a9:8f:02:0d:1d:ed:be:d4:8a:81:d5
+-----BEGIN CERTIFICATE-----
+MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE
+BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu
+IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow
+RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY
+U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv
+Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br
+YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF
+nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH
+6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt
+eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/
+c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ
+MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH
+HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf
+jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6
+5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB
+rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
+F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c
+wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0
+cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB
+AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp
+WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9
+xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ
+2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ
+IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8
+aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X
+em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR
+dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/
+OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+
+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy
+tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
+-----END CERTIFICATE-----
+
+# Issuer: CN=GeoTrust Primary Certification Authority O=GeoTrust Inc.
+# Subject: CN=GeoTrust Primary Certification Authority O=GeoTrust Inc.
+# Label: "GeoTrust Primary Certification Authority"
+# Serial: 32798226551256963324313806436981982369
+# MD5 Fingerprint: 02:26:c3:01:5e:08:30:37:43:a9:d0:7d:cf:37:e6:bf
+# SHA1 Fingerprint: 32:3c:11:8e:1b:f7:b8:b6:52:54:e2:e2:10:0d:d6:02:90:37:f0:96
+# SHA256 Fingerprint: 37:d5:10:06:c5:12:ea:ab:62:64:21:f1:ec:8c:92:01:3f:c5:f8:2a:e9:8e:e5:33:eb:46:19:b8:de:b4:d0:6c
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY
+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo
+R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx
+MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
+Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9
+AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA
+ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0
+7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W
+kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI
+mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ
+KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1
+6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl
+4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K
+oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj
+UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU
+AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk=
+-----END CERTIFICATE-----
+
+# Issuer: CN=thawte Primary Root CA O=thawte, Inc. OU=Certification Services Division/(c) 2006 thawte, Inc. - For authorized use only
+# Subject: CN=thawte Primary Root CA O=thawte, Inc. OU=Certification Services Division/(c) 2006 thawte, Inc. - For authorized use only
+# Label: "thawte Primary Root CA"
+# Serial: 69529181992039203566298953787712940909
+# MD5 Fingerprint: 8c:ca:dc:0b:22:ce:f5:be:72:ac:41:1a:11:a8:d8:12
+# SHA1 Fingerprint: 91:c6:d6:ee:3e:8a:c8:63:84:e5:48:c2:99:29:5c:75:6c:81:7b:81
+# SHA256 Fingerprint: 8d:72:2f:81:a9:c1:13:c0:79:1d:f1:36:a2:96:6d:b2:6c:95:0a:97:1d:b4:6b:41:99:f4:ea:54:b7:8b:fb:9f
+-----BEGIN CERTIFICATE-----
+MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB
+qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
+Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
+MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
+BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw
+NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j
+LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG
+A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
+IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs
+W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta
+3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk
+6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6
+Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J
+NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP
+r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU
+DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz
+YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
+xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2
+/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/
+LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7
+jVaMaA==
+-----END CERTIFICATE-----
+
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 2006 VeriSign, Inc. - For authorized use only
+# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 2006 VeriSign, Inc. - For authorized use only
+# Label: "VeriSign Class 3 Public Primary Certification Authority - G5"
+# Serial: 33037644167568058970164719475676101450
+# MD5 Fingerprint: cb:17:e4:31:67:3e:e2:09:fe:45:57:93:f3:0a:fa:1c
+# SHA1 Fingerprint: 4e:b6:d5:78:49:9b:1c:cf:5f:58:1e:ad:56:be:3d:9b:67:44:a5:e5
+# SHA256 Fingerprint: 9a:cf:ab:7e:43:c8:d8:80:d0:6b:26:2a:94:de:ee:e4:b4:65:99:89:c3:d0:ca:f1:9b:af:64:05:e4:1a:b7:df
+-----BEGIN CERTIFICATE-----
+MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB
+yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
+ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL
+MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
+ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln
+biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
+U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
+aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1
+nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex
+t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz
+SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG
+BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+
+rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/
+NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
+BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH
+BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
+aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv
+MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE
+p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y
+5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK
+WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
+4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
+hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
+-----END CERTIFICATE-----
+
+# Issuer: CN=SecureTrust CA O=SecureTrust Corporation
+# Subject: CN=SecureTrust CA O=SecureTrust Corporation
+# Label: "SecureTrust CA"
+# Serial: 17199774589125277788362757014266862032
+# MD5 Fingerprint: dc:32:c3:a7:6d:25:57:c7:68:09:9d:ea:2d:a9:a2:d1
+# SHA1 Fingerprint: 87:82:c6:c3:04:35:3b:cf:d2:96:92:d2:59:3e:7d:44:d9:34:ff:11
+# SHA256 Fingerprint: f1:c1:b5:0a:e5:a2:0d:d8:03:0e:c9:f6:bc:24:82:3d:d3:67:b5:25:57:59:b4:e7:1b:61:fc:e9:f7:37:5d:73
+-----BEGIN CERTIFICATE-----
+MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x
+FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz
+MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv
+cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz
+Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO
+0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao
+wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj
+7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS
+8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT
+BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg
+JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC
+NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3
+6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/
+3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm
+D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS
+CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR
+3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE=
+-----END CERTIFICATE-----
+
+# Issuer: CN=Secure Global CA O=SecureTrust Corporation
+# Subject: CN=Secure Global CA O=SecureTrust Corporation
+# Label: "Secure Global CA"
+# Serial: 9751836167731051554232119481456978597
+# MD5 Fingerprint: cf:f4:27:0d:d4:ed:dc:65:16:49:6d:3d:da:bf:6e:de
+# SHA1 Fingerprint: 3a:44:73:5a:e5:81:90:1f:24:86:61:46:1e:3b:9c:c4:5f:f5:3a:1b
+# SHA256 Fingerprint: 42:00:f5:04:3a:c8:59:0e:bb:52:7d:20:9e:d1:50:30:29:fb:cb:d4:1c:a1:b5:06:ec:27:f1:5a:de:7d:ac:69
+-----BEGIN CERTIFICATE-----
+MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK
+MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x
+GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx
+MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg
+Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ
+iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa
+/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ
+jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI
+HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7
+sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w
+gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF
+MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw
+KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG
+AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L
+URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO
+H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm
+I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY
+iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc
+f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW
+-----END CERTIFICATE-----
+
+# Issuer: CN=COMODO Certification Authority O=COMODO CA Limited
+# Subject: CN=COMODO Certification Authority O=COMODO CA Limited
+# Label: "COMODO Certification Authority"
+# Serial: 104350513648249232941998508985834464573
+# MD5 Fingerprint: 5c:48:dc:f7:42:72:ec:56:94:6d:1c:cc:71:35:80:75
+# SHA1 Fingerprint: 66:31:bf:9e:f7:4f:9e:b6:c9:d5:a6:0c:ba:6a:be:d1:f7:bd:ef:7b
+# SHA256 Fingerprint: 0c:2c:d6:3d:f7:80:6f:a3:99:ed:e8:09:11:6b:57:5b:f8:79:89:f0:65:18:f9:80:8c:86:05:03:17:8b:af:66
+-----BEGIN CERTIFICATE-----
+MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB
+gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
+BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw
+MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
+YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
+RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3
+UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI
+2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8
+Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp
++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+
+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O
+nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW
+/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g
+PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u
+QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY
+SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv
+IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/
+RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4
+zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
+BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB
+ZQ==
+-----END CERTIFICATE-----
+
+# Issuer: CN=Network Solutions Certificate Authority O=Network Solutions L.L.C.
+# Subject: CN=Network Solutions Certificate Authority O=Network Solutions L.L.C.
+# Label: "Network Solutions Certificate Authority"
+# Serial: 116697915152937497490437556386812487904
+# MD5 Fingerprint: d3:f3:a6:16:c0:fa:6b:1d:59:b1:2d:96:4d:0e:11:2e
+# SHA1 Fingerprint: 74:f8:a3:c3:ef:e7:b3:90:06:4b:83:90:3c:21:64:60:20:e5:df:ce
+# SHA256 Fingerprint: 15:f0:ba:00:a3:ac:7a:f3:ac:88:4c:07:2b:10:11:a0:77:bd:77:c0:97:f4:01:64:b2:f8:59:8a:bd:83:86:0c
+-----BEGIN CERTIFICATE-----
+MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi
+MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu
+MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp
+dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV
+UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO
+ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz
+c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP
+OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl
+mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF
+BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4
+qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw
+gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB
+BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu
+bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp
+dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8
+6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/
+h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH
+/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv
+wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN
+pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey
+-----END CERTIFICATE-----
+
+# Issuer: CN=WellsSecure Public Root Certificate Authority O=Wells Fargo WellsSecure OU=Wells Fargo Bank NA
+# Subject: CN=WellsSecure Public Root Certificate Authority O=Wells Fargo WellsSecure OU=Wells Fargo Bank NA
+# Label: "WellsSecure Public Root Certificate Authority"
+# Serial: 1
+# MD5 Fingerprint: 15:ac:a5:c2:92:2d:79:bc:e8:7f:cb:67:ed:02:cf:36
+# SHA1 Fingerprint: e7:b4:f6:9d:61:ec:90:69:db:7e:90:a7:40:1a:3c:f4:7d:4f:e8:ee
+# SHA256 Fingerprint: a7:12:72:ae:aa:a3:cf:e8:72:7f:7f:b3:9f:0f:b3:d1:e5:42:6e:90:60:b0:6e:e6:f1:3e:9a:3c:58:33:cd:43
+-----BEGIN CERTIFICATE-----
+MIIEvTCCA6WgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCVVMx
+IDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxs
+cyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9v
+dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMjEzMTcwNzU0WhcNMjIxMjE0
+MDAwNzU0WjCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdl
+bGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQD
+DC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDub7S9eeKPCCGeOARBJe+r
+WxxTkqxtnt3CxC5FlAM1iGd0V+PfjLindo8796jE2yljDpFoNoqXjopxaAkH5OjU
+Dk/41itMpBb570OYj7OeUt9tkTmPOL13i0Nj67eT/DBMHAGTthP796EfvyXhdDcs
+HqRePGj4S78NuR4uNuip5Kf4D8uCdXw1LSLWwr8L87T8bJVhHlfXBIEyg1J55oNj
+z7fLY4sR4r1e6/aN7ZVyKLSsEmLpSjPmgzKuBXWVvYSV2ypcm44uDLiBK0HmOFaf
+SZtsdvqKXfcBeYF8wYNABf5x/Qw/zE5gCQ5lRxAvAcAFP4/4s0HvWkJ+We/Slwxl
+AgMBAAGjggE0MIIBMDAPBgNVHRMBAf8EBTADAQH/MDkGA1UdHwQyMDAwLqAsoCqG
+KGh0dHA6Ly9jcmwucGtpLndlbGxzZmFyZ28uY29tL3dzcHJjYS5jcmwwDgYDVR0P
+AQH/BAQDAgHGMB0GA1UdDgQWBBQmlRkQ2eihl5H/3BnZtQQ+0nMKajCBsgYDVR0j
+BIGqMIGngBQmlRkQ2eihl5H/3BnZtQQ+0nMKaqGBi6SBiDCBhTELMAkGA1UEBhMC
+VVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNX
+ZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMg
+Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQEwDQYJKoZIhvcNAQEFBQADggEB
+ALkVsUSRzCPIK0134/iaeycNzXK7mQDKfGYZUMbVmO2rvwNa5U3lHshPcZeG1eMd
+/ZDJPHV3V3p9+N701NX3leZ0bh08rnyd2wIDBSxxSyU+B+NemvVmFymIGjifz6pB
+A4SXa5M4esowRBskRDPQ5NHcKDj0E0M1NSljqHyita04pO2t/caaH/+Xc/77szWn
+k4bGdpEA5qxRFsQnMlzbc9qlk1eOPm01JghZ1edE13YgY+esE2fDbbFwRnzVlhE9
+iW9dqKHrjQrawx0zbKPqZxmamX9LPYNRKh3KL4YMon4QLSvUFpULB6ouFJJJtylv
+2G0xffX8oRAHh84vWdw+WNs=
+-----END CERTIFICATE-----
+
+# Issuer: CN=COMODO ECC Certification Authority O=COMODO CA Limited
+# Subject: CN=COMODO ECC Certification Authority O=COMODO CA Limited
+# Label: "COMODO ECC Certification Authority"
+# Serial: 41578283867086692638256921589707938090
+# MD5 Fingerprint: 7c:62:ff:74:9d:31:53:5e:68:4a:d5:78:aa:1e:bf:23
+# SHA1 Fingerprint: 9f:74:4e:9f:2b:4d:ba:ec:0f:31:2c:50:b6:56:3b:8e:2d:93:c3:11
+# SHA256 Fingerprint: 17:93:92:7a:06:14:54:97:89:ad:ce:2f:8f:34:f7:f0:b6:6d:0f:3a:e3:a3:b8:4d:21:ec:15:db:ba:4f:ad:c7
+-----BEGIN CERTIFICATE-----
+MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL
+MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
+BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT
+IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw
+MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy
+ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N
+T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR
+FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J
+cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW
+BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
+BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm
+fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv
+GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
+-----END CERTIFICATE-----
+
+# Issuer: CN=IGC/A O=PM/SGDN OU=DCSSI
+# Subject: CN=IGC/A O=PM/SGDN OU=DCSSI
+# Label: "IGC/A"
+# Serial: 245102874772
+# MD5 Fingerprint: 0c:7f:dd:6a:f4:2a:b9:c8:9b:bd:20:7e:a9:db:5c:37
+# SHA1 Fingerprint: 60:d6:89:74:b5:c2:65:9e:8a:0f:c1:88:7c:88:d2:46:69:1b:18:2c
+# SHA256 Fingerprint: b9:be:a7:86:0a:96:2e:a3:61:1d:ab:97:ab:6d:a3:e2:1c:10:68:b9:7d:55:57:5e:d0:e1:12:79:c1:1c:89:32
+-----BEGIN CERTIFICATE-----
+MIIEAjCCAuqgAwIBAgIFORFFEJQwDQYJKoZIhvcNAQEFBQAwgYUxCzAJBgNVBAYT
+AkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAMBgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQ
+TS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEOMAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG
+9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZyMB4XDTAyMTIxMzE0MjkyM1oXDTIw
+MTAxNzE0MjkyMlowgYUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAM
+BgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQTS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEO
+MAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2
+LmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh/R0GLFMzvABIaI
+s9z4iPf930Pfeo2aSVz2TqrMHLmh6yeJ8kbpO0px1R2OLc/mratjUMdUC24SyZA2
+xtgv2pGqaMVy/hcKshd+ebUyiHDKcMCWSo7kVc0dJ5S/znIq7Fz5cyD+vfcuiWe4
+u0dzEvfRNWk68gq5rv9GQkaiv6GFGvm/5P9JhfejcIYyHF2fYPepraX/z9E0+X1b
+F8bc1g4oa8Ld8fUzaJ1O/Id8NhLWo4DoQw1VYZTqZDdH6nfK0LJYBcNdfrGoRpAx
+Vs5wKpayMLh35nnAvSk7/ZR3TL0gzUEl4C7HG7vupARB0l2tEmqKm0f7yd1GQOGd
+PDPQtQIDAQABo3cwdTAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBRjAVBgNV
+HSAEDjAMMAoGCCqBegF5AQEBMB0GA1UdDgQWBBSjBS8YYFDCiQrdKyFP/45OqDAx
+NjAfBgNVHSMEGDAWgBSjBS8YYFDCiQrdKyFP/45OqDAxNjANBgkqhkiG9w0BAQUF
+AAOCAQEABdwm2Pp3FURo/C9mOnTgXeQp/wYHE4RKq89toB9RlPhJy3Q2FLwV3duJ
+L92PoF189RLrn544pEfMs5bZvpwlqwN+Mw+VgQ39FuCIvjfwbF3QMZsyK10XZZOY
+YLxuj7GoPB7ZHPOpJkL5ZB3C55L29B5aqhlSXa/oovdgoPaN8In1buAKBQGVyYsg
+Crpa/JosPL3Dt8ldeCUFP1YUmwza+zpI/pdpXsoQhvdOlgQITeywvl3cO45Pwf2a
+NjSaTFR+FwNIlQgRHAdvhQh+XU3Endv7rs6y0bO4g2wdsrN58dhwmX7wEwLOXt1R
+0982gaEbeC9xs/FZTEYYKKuF0mBWWg==
+-----END CERTIFICATE-----
+
+# Issuer: O=SECOM Trust Systems CO.,LTD. OU=Security Communication EV RootCA1
+# Subject: O=SECOM Trust Systems CO.,LTD. OU=Security Communication EV RootCA1
+# Label: "Security Communication EV RootCA1"
+# Serial: 0
+# MD5 Fingerprint: 22:2d:a6:01:ea:7c:0a:f7:f0:6c:56:43:3f:77:76:d3
+# SHA1 Fingerprint: fe:b8:c4:32:dc:f9:76:9a:ce:ae:3d:d8:90:8f:fd:28:86:65:64:7d
+# SHA256 Fingerprint: a2:2d:ba:68:1e:97:37:6e:2d:39:7d:72:8a:ae:3a:9b:62:96:b9:fd:ba:60:bc:2e:11:f6:47:f2:c6:75:fb:37
+-----BEGIN CERTIFICATE-----
+MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDEl
+MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMh
+U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIz
+MloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09N
+IFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNlY3VyaXR5IENvbW11
+bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSE
+RMqm4miO/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gO
+zXppFodEtZDkBp2uoQSXWHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5
+bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4zZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDF
+MxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4bepJz11sS6/vmsJWXMY1
+VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK9U2vP9eC
+OKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HW
+tWS3irO4G8za+6xmiEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZ
+q51ihPZRwSzJIxXYKLerJRO1RuGGAv8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDb
+EJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnWmHyojf6GPgcWkuF75x3sM3Z+
+Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEWT1MKZPlO9L9O
+VL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490
+-----END CERTIFICATE-----
+
+# Issuer: CN=OISTE WISeKey Global Root GA CA O=WISeKey OU=Copyright (c) 2005/OISTE Foundation Endorsed
+# Subject: CN=OISTE WISeKey Global Root GA CA O=WISeKey OU=Copyright (c) 2005/OISTE Foundation Endorsed
+# Label: "OISTE WISeKey Global Root GA CA"
+# Serial: 86718877871133159090080555911823548314
+# MD5 Fingerprint: bc:6c:51:33:a7:e9:d3:66:63:54:15:72:1b:21:92:93
+# SHA1 Fingerprint: 59:22:a1:e1:5a:ea:16:35:21:f8:98:39:6a:46:46:b0:44:1b:0f:a9
+# SHA256 Fingerprint: 41:c9:23:86:6a:b4:ca:d6:b7:ad:57:80:81:58:2e:02:07:97:a6:cb:df:4f:ff:78:ce:83:96:b3:89:37:d7:f5
+-----BEGIN CERTIFICATE-----
+MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCB
+ijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHly
+aWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl
+ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQSBDQTAeFw0w
+NTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYDVQQGEwJDSDEQMA4G
+A1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIwIAYD
+VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBX
+SVNlS2V5IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAy0+zAJs9Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxR
+VVuuk+g3/ytr6dTqvirdqFEr12bDYVxgAsj1znJ7O7jyTmUIms2kahnBAbtzptf2
+w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbDd50kc3vkDIzh2TbhmYsF
+mQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ/yxViJGg
+4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t9
+4B3RLoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYw
+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQw
+EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOx
+SPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vImMMkQyh2I+3QZH4VFvbBsUfk2
+ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4+vg1YFkCExh8
+vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa
+hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZi
+Fj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ
+/L7fCg0=
+-----END CERTIFICATE-----
+
+# Issuer: CN=Microsec e-Szigno Root CA O=Microsec Ltd. OU=e-Szigno CA
+# Subject: CN=Microsec e-Szigno Root CA O=Microsec Ltd. OU=e-Szigno CA
+# Label: "Microsec e-Szigno Root CA"
+# Serial: 272122594155480254301341951808045322001
+# MD5 Fingerprint: f0:96:b6:2f:c5:10:d5:67:8e:83:25:32:e8:5e:2e:e5
+# SHA1 Fingerprint: 23:88:c9:d3:71:cc:9e:96:3d:ff:7d:3c:a7:ce:fc:d6:25:ec:19:0d
+# SHA256 Fingerprint: 32:7a:3d:76:1a:ba:de:a0:34:eb:99:84:06:27:5c:b1:a4:77:6e:fd:ae:2f:df:6d:01:68:ea:1c:4f:55:67:d0
+-----BEGIN CERTIFICATE-----
+MIIHqDCCBpCgAwIBAgIRAMy4579OKRr9otxmpRwsDxEwDQYJKoZIhvcNAQEFBQAw
+cjELMAkGA1UEBhMCSFUxETAPBgNVBAcTCEJ1ZGFwZXN0MRYwFAYDVQQKEw1NaWNy
+b3NlYyBMdGQuMRQwEgYDVQQLEwtlLVN6aWdubyBDQTEiMCAGA1UEAxMZTWljcm9z
+ZWMgZS1Temlnbm8gUm9vdCBDQTAeFw0wNTA0MDYxMjI4NDRaFw0xNzA0MDYxMjI4
+NDRaMHIxCzAJBgNVBAYTAkhVMREwDwYDVQQHEwhCdWRhcGVzdDEWMBQGA1UEChMN
+TWljcm9zZWMgTHRkLjEUMBIGA1UECxMLZS1Temlnbm8gQ0ExIjAgBgNVBAMTGU1p
+Y3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDtyADVgXvNOABHzNuEwSFpLHSQDCHZU4ftPkNEU6+r+ICbPHiN1I2u
+uO/TEdyB5s87lozWbxXGd36hL+BfkrYn13aaHUM86tnsL+4582pnS4uCzyL4ZVX+
+LMsvfUh6PXX5qqAnu3jCBspRwn5mS6/NoqdNAoI/gqyFxuEPkEeZlApxcpMqyabA
+vjxWTHOSJ/FrtfX9/DAFYJLG65Z+AZHCabEeHXtTRbjcQR/Ji3HWVBTji1R4P770
+Yjtb9aPs1ZJ04nQw7wHb4dSrmZsqa/i9phyGI0Jf7Enemotb9HI6QMVJPqW+jqpx
+62z69Rrkav17fVVA71hu5tnVvCSrwe+3AgMBAAGjggQ3MIIEMzBnBggrBgEFBQcB
+AQRbMFkwKAYIKwYBBQUHMAGGHGh0dHBzOi8vcmNhLmUtc3ppZ25vLmh1L29jc3Aw
+LQYIKwYBBQUHMAKGIWh0dHA6Ly93d3cuZS1zemlnbm8uaHUvUm9vdENBLmNydDAP
+BgNVHRMBAf8EBTADAQH/MIIBcwYDVR0gBIIBajCCAWYwggFiBgwrBgEEAYGoGAIB
+AQEwggFQMCgGCCsGAQUFBwIBFhxodHRwOi8vd3d3LmUtc3ppZ25vLmh1L1NaU1ov
+MIIBIgYIKwYBBQUHAgIwggEUHoIBEABBACAAdABhAG4A+gBzAO0AdAB2AOEAbgB5
+ACAA6QByAHQAZQBsAG0AZQB6AOkAcwDpAGgAZQB6ACAA6QBzACAAZQBsAGYAbwBn
+AGEAZADhAHMA4QBoAG8AegAgAGEAIABTAHoAbwBsAGcA4QBsAHQAYQB0APMAIABT
+AHoAbwBsAGcA4QBsAHQAYQB0AOEAcwBpACAAUwB6AGEAYgDhAGwAeQB6AGEAdABh
+ACAAcwB6AGUAcgBpAG4AdAAgAGsAZQBsAGwAIABlAGwAagDhAHIAbgBpADoAIABo
+AHQAdABwADoALwAvAHcAdwB3AC4AZQAtAHMAegBpAGcAbgBvAC4AaAB1AC8AUwBa
+AFMAWgAvMIHIBgNVHR8EgcAwgb0wgbqggbeggbSGIWh0dHA6Ly93d3cuZS1zemln
+bm8uaHUvUm9vdENBLmNybIaBjmxkYXA6Ly9sZGFwLmUtc3ppZ25vLmh1L0NOPU1p
+Y3Jvc2VjJTIwZS1Temlnbm8lMjBSb290JTIwQ0EsT1U9ZS1Temlnbm8lMjBDQSxP
+PU1pY3Jvc2VjJTIwTHRkLixMPUJ1ZGFwZXN0LEM9SFU/Y2VydGlmaWNhdGVSZXZv
+Y2F0aW9uTGlzdDtiaW5hcnkwDgYDVR0PAQH/BAQDAgEGMIGWBgNVHREEgY4wgYuB
+EGluZm9AZS1zemlnbm8uaHWkdzB1MSMwIQYDVQQDDBpNaWNyb3NlYyBlLVN6aWdu
+w7MgUm9vdCBDQTEWMBQGA1UECwwNZS1TemlnbsOzIEhTWjEWMBQGA1UEChMNTWlj
+cm9zZWMgS2Z0LjERMA8GA1UEBxMIQnVkYXBlc3QxCzAJBgNVBAYTAkhVMIGsBgNV
+HSMEgaQwgaGAFMegSXUWYYTbMUuE0vE3QJDvTtz3oXakdDByMQswCQYDVQQGEwJI
+VTERMA8GA1UEBxMIQnVkYXBlc3QxFjAUBgNVBAoTDU1pY3Jvc2VjIEx0ZC4xFDAS
+BgNVBAsTC2UtU3ppZ25vIENBMSIwIAYDVQQDExlNaWNyb3NlYyBlLVN6aWdubyBS
+b290IENBghEAzLjnv04pGv2i3GalHCwPETAdBgNVHQ4EFgQUx6BJdRZhhNsxS4TS
+8TdAkO9O3PcwDQYJKoZIhvcNAQEFBQADggEBANMTnGZjWS7KXHAM/IO8VbH0jgds
+ZifOwTsgqRy7RlRw7lrMoHfqaEQn6/Ip3Xep1fvj1KcExJW4C+FEaGAHQzAxQmHl
+7tnlJNUb3+FKG6qfx1/4ehHqE5MAyopYse7tDk2016g2JnzgOsHVV4Lxdbb9iV/a
+86g4nzUGCM4ilb7N1fy+W955a9x6qWVmvrElWl/tftOsRm1M9DKHtCAE4Gx4sHfR
+hUZLphK3dehKyVZs15KrnfVJONJPU+NVkBHbmJbGSfI+9J8b4PeI3CVimUTYc78/
+MPMMNz7UwiiAc7EBt51alhQBS6kRnSlqLtBdgcDPsiBDxwPgN05dCtxZICU=
+-----END CERTIFICATE-----
+
+# Issuer: CN=Certigna O=Dhimyotis
+# Subject: CN=Certigna O=Dhimyotis
+# Label: "Certigna"
+# Serial: 18364802974209362175
+# MD5 Fingerprint: ab:57:a6:5b:7d:42:82:19:b5:d8:58:26:28:5e:fd:ff
+# SHA1 Fingerprint: b1:2e:13:63:45:86:a4:6f:1a:b2:60:68:37:58:2d:c4:ac:fd:94:97
+# SHA256 Fingerprint: e3:b6:a2:db:2e:d7:ce:48:84:2f:7a:c5:32:41:c7:b7:1d:54:14:4b:fb:40:c1:1f:3f:1d:0b:42:f5:ee:a1:2d
+-----BEGIN CERTIFICATE-----
+MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV
+BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X
+DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ
+BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4
+QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny
+gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw
+zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q
+130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2
+JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw
+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw
+ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT
+AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj
+AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG
+9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h
+bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc
+fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu
+HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w
+t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw
+WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==
+-----END CERTIFICATE-----
+
+# Issuer: CN=Deutsche Telekom Root CA 2 O=Deutsche Telekom AG OU=T-TeleSec Trust Center
+# Subject: CN=Deutsche Telekom Root CA 2 O=Deutsche Telekom AG OU=T-TeleSec Trust Center
+# Label: "Deutsche Telekom Root CA 2"
+# Serial: 38
+# MD5 Fingerprint: 74:01:4a:91:b1:08:c4:58:ce:47:cd:f0:dd:11:53:08
+# SHA1 Fingerprint: 85:a4:08:c0:9c:19:3e:5d:51:58:7d:cd:d6:13:30:fd:8c:de:37:bf
+# SHA256 Fingerprint: b6:19:1a:50:d0:c3:97:7f:7d:a9:9b:cd:aa:c8:6a:22:7d:ae:b9:67:9e:c7:0b:a3:b0:c9:d9:22:71:c1:70:d3
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc
+MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj
+IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB
+IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE
+RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl
+U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290
+IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU
+ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC
+QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr
+rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S
+NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc
+QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH
+txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP
+BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
+AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp
+tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa
+IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl
+6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+
+xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU
+Cm26OWMohpLzGITY+9HPBVZkVw==
+-----END CERTIFICATE-----
+
+# Issuer: CN=Cybertrust Global Root O=Cybertrust, Inc
+# Subject: CN=Cybertrust Global Root O=Cybertrust, Inc
+# Label: "Cybertrust Global Root"
+# Serial: 4835703278459682877484360
+# MD5 Fingerprint: 72:e4:4a:87:e3:69:40:80:77:ea:bc:e3:f4:ff:f0:e1
+# SHA1 Fingerprint: 5f:43:e5:b1:bf:f8:78:8c:ac:1c:c7:ca:4a:9a:c6:22:2b:cc:34:c6
+# SHA256 Fingerprint: 96:0a:df:00:63:e9:63:56:75:0c:29:65:dd:0a:08:67:da:0b:9c:bd:6e:77:71:4a:ea:fb:23:49:ab:39:3d:a3
+-----BEGIN CERTIFICATE-----
+MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG
+A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh
+bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE
+ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS
+b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5
+7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS
+J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y
+HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP
+t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz
+FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY
+XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
+MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw
+hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js
+MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA
+A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj
+Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx
+XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o
+omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc
+A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW
+WL1WMRJOEcgh4LMRkWXbtKaIOM5V
+-----END CERTIFICATE-----
+
+# Issuer: O=Chunghwa Telecom Co., Ltd. OU=ePKI Root Certification Authority
+# Subject: O=Chunghwa Telecom Co., Ltd. OU=ePKI Root Certification Authority
+# Label: "ePKI Root Certification Authority"
+# Serial: 28956088682735189655030529057352760477
+# MD5 Fingerprint: 1b:2e:00:ca:26:06:90:3d:ad:fe:6f:15:68:d3:6b:b3
+# SHA1 Fingerprint: 67:65:0d:f1:7e:8e:7e:5b:82:40:a4:f4:56:4b:cf:e2:3d:69:c6:f0
+# SHA256 Fingerprint: c0:a6:f4:dc:63:a2:4b:fd:cf:54:ef:2a:6a:08:2a:0a:72:de:35:80:3e:2f:f5:ff:52:7a:e5:d8:72:06:df:d5
+-----BEGIN CERTIFICATE-----
+MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe
+MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0
+ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
+Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw
+IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL
+SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH
+SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh
+ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X
+DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1
+TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ
+fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA
+sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU
+WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS
+nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH
+dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip
+NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC
+AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF
+MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH
+ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB
+uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl
+PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP
+JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/
+gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2
+j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6
+5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB
+o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS
+/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z
+Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE
+W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D
+hNQ+IIX3Sj0rnP0qCglN6oH4EZw=
+-----END CERTIFICATE-----
+
+# Issuer: CN=TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 O=Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK OU=Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE/Kamu Sertifikasyon Merkezi
+# Subject: CN=TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 O=Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK OU=Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE/Kamu Sertifikasyon Merkezi
+# Label: "T\xc3\x9c\x42\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1 - S\xC3\xBCr\xC3\xBCm 3"
+# Serial: 17
+# MD5 Fingerprint: ed:41:f5:8c:50:c5:2b:9c:73:e6:ee:6c:eb:c2:a8:26
+# SHA1 Fingerprint: 1b:4b:39:61:26:27:6b:64:91:a2:68:6d:d7:02:43:21:2d:1f:1d:96
+# SHA256 Fingerprint: e4:c7:34:30:d7:a5:b5:09:25:df:43:37:0a:0d:21:6e:9a:79:b9:d6:db:83:73:a0:c6:9e:b1:cc:31:c7:c5:2a
+-----BEGIN CERTIFICATE-----
+MIIFFzCCA/+gAwIBAgIBETANBgkqhkiG9w0BAQUFADCCASsxCzAJBgNVBAYTAlRS
+MRgwFgYDVQQHDA9HZWJ6ZSAtIEtvY2FlbGkxRzBFBgNVBAoMPlTDvHJraXllIEJp
+bGltc2VsIHZlIFRla25vbG9qaWsgQXJhxZ90xLFybWEgS3VydW11IC0gVMOcQsSw
+VEFLMUgwRgYDVQQLDD9VbHVzYWwgRWxla3Ryb25payB2ZSBLcmlwdG9sb2ppIEFy
+YcWfdMSxcm1hIEVuc3RpdMO8c8O8IC0gVUVLQUUxIzAhBgNVBAsMGkthbXUgU2Vy
+dGlmaWthc3lvbiBNZXJrZXppMUowSAYDVQQDDEFUw5xCxLBUQUsgVUVLQUUgS8O2
+ayBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSAtIFPDvHLDvG0gMzAe
+Fw0wNzA4MjQxMTM3MDdaFw0xNzA4MjExMTM3MDdaMIIBKzELMAkGA1UEBhMCVFIx
+GDAWBgNVBAcMD0dlYnplIC0gS29jYWVsaTFHMEUGA1UECgw+VMO8cmtpeWUgQmls
+aW1zZWwgdmUgVGVrbm9sb2ppayBBcmHFn3TEsXJtYSBLdXJ1bXUgLSBUw5xCxLBU
+QUsxSDBGBgNVBAsMP1VsdXNhbCBFbGVrdHJvbmlrIHZlIEtyaXB0b2xvamkgQXJh
+xZ90xLFybWEgRW5zdGl0w7xzw7wgLSBVRUtBRTEjMCEGA1UECwwaS2FtdSBTZXJ0
+aWZpa2FzeW9uIE1lcmtlemkxSjBIBgNVBAMMQVTDnELEsFRBSyBVRUtBRSBLw7Zr
+IFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIC0gU8O8csO8bSAzMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAim1L/xCIOsP2fpTo6iBkcK4h
+gb46ezzb8R1Sf1n68yJMlaCQvEhOEav7t7WNeoMojCZG2E6VQIdhn8WebYGHV2yK
+O7Rm6sxA/OOqbLLLAdsyv9Lrhc+hDVXDWzhXcLh1xnnRFDDtG1hba+818qEhTsXO
+fJlfbLm4IpNQp81McGq+agV/E5wrHur+R84EpW+sky58K5+eeROR6Oqeyjh1jmKw
+lZMq5d/pXpduIF9fhHpEORlAHLpVK/swsoHvhOPc7Jg4OQOFCKlUAwUp8MmPi+oL
+hmUZEdPpCSPeaJMDyTYcIW7OjGbxmTDY17PDHfiBLqi9ggtm/oLL4eAagsNAgQID
+AQABo0IwQDAdBgNVHQ4EFgQUvYiHyY/2pAoLquvF/pEjnatKijIwDgYDVR0PAQH/
+BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAB18+kmP
+NOm3JpIWmgV050vQbTlswyb2zrgxvMTfvCr4N5EY3ATIZJkrGG2AA1nJrvhY0D7t
+wyOfaTyGOBye79oneNGEN3GKPEs5z35FBtYt2IpNeBLWrcLTy9LQQfMmNkqblWwM
+7uXRQydmwYj3erMgbOqwaSvHIOgMA8RBBZniP+Rr+KCGgceExh/VS4ESshYhLBOh
+gLJeDEoTniDYYkCrkOpkSi+sDQESeUWoL4cZaMjihccwsnX5OD+ywJO0a+IDRM5n
+oN+J1q2MdqMTw5RhK2vZbMEHCiIHhWyFJEapvj+LeISCfiQMnf2BN+MlqO02TpUs
+yZyQ2uypQjyttgI=
+-----END CERTIFICATE-----
+
+# Issuer: CN=Buypass Class 2 CA 1 O=Buypass AS-983163327
+# Subject: CN=Buypass Class 2 CA 1 O=Buypass AS-983163327
+# Label: "Buypass Class 2 CA 1"
+# Serial: 1
+# MD5 Fingerprint: b8:08:9a:f0:03:cc:1b:0d:c8:6c:0b:76:a1:75:64:23
+# SHA1 Fingerprint: a0:a1:ab:90:c9:fc:84:7b:3b:12:61:e8:97:7d:5f:d3:22:61:d3:cc
+# SHA256 Fingerprint: 0f:4e:9c:dd:26:4b:02:55:50:d1:70:80:63:40:21:4f:e9:44:34:c9:b0:2f:69:7e:c7:10:fc:5f:ea:fb:5e:38
+-----BEGIN CERTIFICATE-----
+MIIDUzCCAjugAwIBAgIBATANBgkqhkiG9w0BAQUFADBLMQswCQYDVQQGEwJOTzEd
+MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMMFEJ1eXBhc3Mg
+Q2xhc3MgMiBDQSAxMB4XDTA2MTAxMzEwMjUwOVoXDTE2MTAxMzEwMjUwOVowSzEL
+MAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MR0wGwYD
+VQQDDBRCdXlwYXNzIENsYXNzIDIgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAIs8B0XY9t/mx8q6jUPFR42wWsE425KEHK8T1A9vNkYgxC7McXA0
+ojTTNy7Y3Tp3L8DrKehc0rWpkTSHIln+zNvnma+WwajHQN2lFYxuyHyXA8vmIPLX
+l18xoS830r7uvqmtqEyeIWZDO6i88wmjONVZJMHCR3axiFyCO7srpgTXjAePzdVB
+HfCuuCkslFJgNJQ72uA40Z0zPhX0kzLFANq1KWYOOngPIVJfAuWSeyXTkh4vFZ2B
+5J2O6O+JzhRMVB0cgRJNcKi+EAUXfh/RuFdV7c27UsKwHnjCTTZoy1YmwVLBvXb3
+WNVyfh9EdrsAiR0WnVE1703CVu9r4Iw7DekCAwEAAaNCMEAwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUP42aWYv8e3uco684sDntkHGA1sgwDgYDVR0PAQH/BAQD
+AgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAVGn4TirnoB6NLJzKyQJHyIdFkhb5jatLP
+gcIV1Xp+DCmsNx4cfHZSldq1fyOhKXdlyTKdqC5Wq2B2zha0jX94wNWZUYN/Xtm+
+DKhQ7SLHrQVMdvvt7h5HZPb3J31cKA9FxVxiXqaakZG3Uxcu3K1gnZZkOb1naLKu
+BctN518fV4bVIJwo+28TOPX2EZL2fZleHwzoq0QkKXJAPTZSr4xYkHPB7GEseaHs
+h7U/2k3ZIQAw3pDaDtMaSKk+hQsUi4y8QZ5q9w5wwDX3OaJdZtB7WZ+oRxKaJyOk
+LY4ng5IgodcVf/EuGO70SH8vf/GhGLWhC5SgYiAynB321O+/TIho
+-----END CERTIFICATE-----
+
+# Issuer: CN=EBG Elektronik Sertifika Hizmet Sağlayıcısı O=EBG Bilişim Teknolojileri ve Hizmetleri A.Ş.
+# Subject: CN=EBG Elektronik Sertifika Hizmet Sağlayıcısı O=EBG Bilişim Teknolojileri ve Hizmetleri A.Ş.
+# Label: "EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1"
+# Serial: 5525761995591021570
+# MD5 Fingerprint: 2c:20:26:9d:cb:1a:4a:00:85:b5:b7:5a:ae:c2:01:37
+# SHA1 Fingerprint: 8c:96:ba:eb:dd:2b:07:07:48:ee:30:32:66:a0:f3:98:6e:7c:ae:58
+# SHA256 Fingerprint: 35:ae:5b:dd:d8:f7:ae:63:5c:ff:ba:56:82:a8:f0:0b:95:f4:84:62:c7:10:8e:e9:a0:e5:29:2b:07:4a:af:b2
+-----BEGIN CERTIFICATE-----
+MIIF5zCCA8+gAwIBAgIITK9zQhyOdAIwDQYJKoZIhvcNAQEFBQAwgYAxODA2BgNV
+BAMML0VCRyBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx
+c8SxMTcwNQYDVQQKDC5FQkcgQmlsacWfaW0gVGVrbm9sb2ppbGVyaSB2ZSBIaXpt
+ZXRsZXJpIEEuxZ4uMQswCQYDVQQGEwJUUjAeFw0wNjA4MTcwMDIxMDlaFw0xNjA4
+MTQwMDMxMDlaMIGAMTgwNgYDVQQDDC9FQkcgRWxla3Ryb25payBTZXJ0aWZpa2Eg
+SGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTE3MDUGA1UECgwuRUJHIEJpbGnFn2ltIFRl
+a25vbG9qaWxlcmkgdmUgSGl6bWV0bGVyaSBBLsWeLjELMAkGA1UEBhMCVFIwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDuoIRh0DpqZhAy2DE4f6en5f2h
+4fuXd7hxlugTlkaDT7byX3JWbhNgpQGR4lvFzVcfd2NR/y8927k/qqk153nQ9dAk
+tiHq6yOU/im/+4mRDGSaBUorzAzu8T2bgmmkTPiab+ci2hC6X5L8GCcKqKpE+i4s
+tPtGmggDg3KriORqcsnlZR9uKg+ds+g75AxuetpX/dfreYteIAbTdgtsApWjluTL
+dlHRKJ2hGvxEok3MenaoDT2/F08iiFD9rrbskFBKW5+VQarKD7JK/oCZTqNGFav4
+c0JqwmZ2sQomFd2TkuzbqV9UIlKRcF0T6kjsbgNs2d1s/OsNA/+mgxKb8amTD8Um
+TDGyY5lhcucqZJnSuOl14nypqZoaqsNW2xCaPINStnuWt6yHd6i58mcLlEOzrz5z
++kI2sSXFCjEmN1ZnuqMLfdb3ic1nobc6HmZP9qBVFCVMLDMNpkGMvQQxahByCp0O
+Lna9XvNRiYuoP1Vzv9s6xiQFlpJIqkuNKgPlV5EQ9GooFW5Hd4RcUXSfGenmHmMW
+OeMRFeNYGkS9y8RsZteEBt8w9DeiQyJ50hBs37vmExH8nYQKE3vwO9D8owrXieqW
+fo1IhR5kX9tUoqzVegJ5a9KK8GfaZXINFHDk6Y54jzJ0fFfy1tb0Nokb+Clsi7n2
+l9GkLqq+CxnCRelwXQIDAJ3Zo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIBBjAdBgNVHQ4EFgQU587GT/wWZ5b6SqMHwQSny2re2kcwHwYDVR0jBBgw
+FoAU587GT/wWZ5b6SqMHwQSny2re2kcwDQYJKoZIhvcNAQEFBQADggIBAJuYml2+
+8ygjdsZs93/mQJ7ANtyVDR2tFcU22NU57/IeIl6zgrRdu0waypIN30ckHrMk2pGI
+6YNw3ZPX6bqz3xZaPt7gyPvT/Wwp+BVGoGgmzJNSroIBk5DKd8pNSe/iWtkqvTDO
+TLKBtjDOWU/aWR1qeqRFsIImgYZ29fUQALjuswnoT4cCB64kXPBfrAowzIpAoHME
+wfuJJPaaHFy3PApnNgUIMbOv2AFoKuB4j3TeuFGkjGwgPaL7s9QJ/XvCgKqTbCmY
+Iai7FvOpEl90tYeY8pUm3zTvilORiF0alKM/fCL414i6poyWqD1SNGKfAB5UVUJn
+xk1Gj7sURT0KlhaOEKGXmdXTMIXM3rRyt7yKPBgpaP3ccQfuJDlq+u2lrDgv+R4Q
+DgZxGhBM/nV+/x5XOULK1+EVoVZVWRvRo68R2E7DpSvvkL/A7IITW43WciyTTo9q
+Kd+FPNMN4KIYEsxVL0e3p5sC/kH2iExt2qkBR4NkJ2IQgtYSe14DHzSpyZH+r11t
+hie3I6p1GMog57AP14kOpmciY/SDQSsGS7tY1dHXt7kQY9iJSrSq3RZj9W6+YKH4
+7ejWkE8axsWgKdOnIaj1Wjz3x0miIZpKlVIglnKaZsv30oZDfCK+lvm9AahH3eU7
+QPl1K5srRmSGjR70j/sHd9DqSaIcjVIUpgqT
+-----END CERTIFICATE-----
+
+# Issuer: O=certSIGN OU=certSIGN ROOT CA
+# Subject: O=certSIGN OU=certSIGN ROOT CA
+# Label: "certSIGN ROOT CA"
+# Serial: 35210227249154
+# MD5 Fingerprint: 18:98:c0:d6:e9:3a:fc:f9:b0:f5:0c:f7:4b:01:44:17
+# SHA1 Fingerprint: fa:b7:ee:36:97:26:62:fb:2d:b0:2a:f6:bf:03:fd:e8:7c:4b:2f:9b
+# SHA256 Fingerprint: ea:a9:62:c4:fa:4a:6b:af:eb:e4:15:19:6d:35:1c:cd:88:8d:4f:53:f3:fa:8a:e6:d7:c4:66:a9:4e:60:42:bb
+-----BEGIN CERTIFICATE-----
+MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT
+AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD
+QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP
+MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do
+0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ
+UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d
+RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ
+OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv
+JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C
+AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O
+BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ
+LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY
+MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ
+44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I
+Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw
+i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN
+9u6wWk5JRFRYX0KD
+-----END CERTIFICATE-----
+
+# Issuer: CN=CNNIC ROOT O=CNNIC
+# Subject: CN=CNNIC ROOT O=CNNIC
+# Label: "CNNIC ROOT"
+# Serial: 1228079105
+# MD5 Fingerprint: 21:bc:82:ab:49:c4:13:3b:4b:b2:2b:5c:6b:90:9c:19
+# SHA1 Fingerprint: 8b:af:4c:9b:1d:f0:2a:92:f7:da:12:8e:b9:1b:ac:f4:98:60:4b:6f
+# SHA256 Fingerprint: e2:83:93:77:3d:a8:45:a6:79:f2:08:0c:c7:fb:44:a3:b7:a1:c3:79:2c:b7:eb:77:29:fd:cb:6a:8d:99:ae:a7
+-----BEGIN CERTIFICATE-----
+MIIDVTCCAj2gAwIBAgIESTMAATANBgkqhkiG9w0BAQUFADAyMQswCQYDVQQGEwJD
+TjEOMAwGA1UEChMFQ05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwHhcNMDcwNDE2
+MDcwOTE0WhcNMjcwNDE2MDcwOTE0WjAyMQswCQYDVQQGEwJDTjEOMAwGA1UEChMF
+Q05OSUMxEzARBgNVBAMTCkNOTklDIFJPT1QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDTNfc/c3et6FtzF8LRb+1VvG7q6KR5smzDo+/hn7E7SIX1mlwh
+IhAsxYLO2uOabjfhhyzcuQxauohV3/2q2x8x6gHx3zkBwRP9SFIhxFXf2tizVHa6
+dLG3fdfA6PZZxU3Iva0fFNrfWEQlMhkqx35+jq44sDB7R3IJMfAw28Mbdim7aXZO
+V/kbZKKTVrdvmW7bCgScEeOAH8tjlBAKqeFkgjH5jCftppkA9nCTGPihNIaj3XrC
+GHn2emU1z5DrvTOTn1OrczvmmzQgLx3vqR1jGqCA2wMv+SYahtKNu6m+UjqHZ0gN
+v7Sg2Ca+I19zN38m5pIEo3/PIKe38zrKy5nLAgMBAAGjczBxMBEGCWCGSAGG+EIB
+AQQEAwIABzAfBgNVHSMEGDAWgBRl8jGtKvf33VKWCscCwQ7vptU7ETAPBgNVHRMB
+Af8EBTADAQH/MAsGA1UdDwQEAwIB/jAdBgNVHQ4EFgQUZfIxrSr3991SlgrHAsEO
+76bVOxEwDQYJKoZIhvcNAQEFBQADggEBAEs17szkrr/Dbq2flTtLP1se31cpolnK
+OOK5Gv+e5m4y3R6u6jW39ZORTtpC4cMXYFDy0VwmuYK36m3knITnA3kXr5g9lNvH
+ugDnuL8BV8F3RTIMO/G0HAiw/VGgod2aHRM2mm23xzy54cXZF/qD1T0VoDy7Hgvi
+yJA/qIYM/PmLXoXLT1tLYhFHxUV8BS9BsZ4QaRuZluBVeftOhpm4lNqGOGqTo+fL
+buXf6iFViZx9fX+Y9QCJ7uOEwFyWtcVG6kbghVW2G8kS1sHNzYDzAgE8yGnLRUhj
+2JTQ7IUOO04RZfSCjKY9ri4ilAnIXOo8gV0WKgOXFlUJ24pBgp5mmxE=
+-----END CERTIFICATE-----
+
+# Issuer: O=Japanese Government OU=ApplicationCA
+# Subject: O=Japanese Government OU=ApplicationCA
+# Label: "ApplicationCA - Japanese Government"
+# Serial: 49
+# MD5 Fingerprint: 7e:23:4e:5b:a7:a5:b4:25:e9:00:07:74:11:62:ae:d6
+# SHA1 Fingerprint: 7f:8a:b0:cf:d0:51:87:6a:66:f3:36:0f:47:c8:8d:8c:d3:35:fc:74
+# SHA256 Fingerprint: 2d:47:43:7d:e1:79:51:21:5a:12:f3:c5:8e:51:c7:29:a5:80:26:ef:1f:cc:0a:5f:b3:d9:dc:01:2f:60:0d:19
+-----BEGIN CERTIFICATE-----
+MIIDoDCCAoigAwIBAgIBMTANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJKUDEc
+MBoGA1UEChMTSmFwYW5lc2UgR292ZXJubWVudDEWMBQGA1UECxMNQXBwbGljYXRp
+b25DQTAeFw0wNzEyMTIxNTAwMDBaFw0xNzEyMTIxNTAwMDBaMEMxCzAJBgNVBAYT
+AkpQMRwwGgYDVQQKExNKYXBhbmVzZSBHb3Zlcm5tZW50MRYwFAYDVQQLEw1BcHBs
+aWNhdGlvbkNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp23gdE6H
+j6UG3mii24aZS2QNcfAKBZuOquHMLtJqO8F6tJdhjYq+xpqcBrSGUeQ3DnR4fl+K
+f5Sk10cI/VBaVuRorChzoHvpfxiSQE8tnfWuREhzNgaeZCw7NCPbXCbkcXmP1G55
+IrmTwcrNwVbtiGrXoDkhBFcsovW8R0FPXjQilbUfKW1eSvNNcr5BViCH/OlQR9cw
+FO5cjFW6WY2H/CPek9AEjP3vbb3QesmlOmpyM8ZKDQUXKi17safY1vC+9D/qDiht
+QWEjdnjDuGWk81quzMKq2edY3rZ+nYVunyoKb58DKTCXKB28t89UKU5RMfkntigm
+/qJj5kEW8DOYRwIDAQABo4GeMIGbMB0GA1UdDgQWBBRUWssmP3HMlEYNllPqa0jQ
+k/5CdTAOBgNVHQ8BAf8EBAMCAQYwWQYDVR0RBFIwUKROMEwxCzAJBgNVBAYTAkpQ
+MRgwFgYDVQQKDA/ml6XmnKzlm73mlL/lupwxIzAhBgNVBAsMGuOCouODl+ODquOC
+seODvOOCt+ODp+ODs0NBMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
+ggEBADlqRHZ3ODrso2dGD/mLBqj7apAxzn7s2tGJfHrrLgy9mTLnsCTWw//1sogJ
+hyzjVOGjprIIC8CFqMjSnHH2HZ9g/DgzE+Ge3Atf2hZQKXsvcJEPmbo0NI2VdMV+
+eKlmXb3KIXdCEKxmJj3ekav9FfBv7WxfEPjzFvYDio+nEhEMy/0/ecGc/WLuo89U
+DNErXxc+4z6/wCs+CZv+iKZ+tJIX/COUgb1up8WMwusRRdv4QcmWdupwX3kSa+Sj
+B1oF7ydJzyGfikwJcGapJsErEU4z0g781mzSDjJkaP+tBXhfAx2o45CsJOAPQKdL
+rosot4LKGAfmt1t06SAZf7IbiVQ=
+-----END CERTIFICATE-----
+
+# Issuer: CN=GeoTrust Primary Certification Authority - G3 O=GeoTrust Inc. OU=(c) 2008 GeoTrust Inc. - For authorized use only
+# Subject: CN=GeoTrust Primary Certification Authority - G3 O=GeoTrust Inc. OU=(c) 2008 GeoTrust Inc. - For authorized use only
+# Label: "GeoTrust Primary Certification Authority - G3"
+# Serial: 28809105769928564313984085209975885599
+# MD5 Fingerprint: b5:e8:34:36:c9:10:44:58:48:70:6d:2e:83:d4:b8:05
+# SHA1 Fingerprint: 03:9e:ed:b8:0b:e7:a0:3c:69:53:89:3b:20:d2:d9:32:3a:4c:2a:fd
+# SHA256 Fingerprint: b4:78:b8:12:25:0d:f8:78:63:5c:2a:a7:ec:7d:15:5e:aa:62:5e:e8:29:16:e2:cd:29:43:61:88:6c:d1:fb:d4
+-----BEGIN CERTIFICATE-----
+MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB
+mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT
+MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ
+BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg
+MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0
+BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz
++uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm
+hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn
+5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W
+JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL
+DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC
+huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB
+AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB
+zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN
+kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD
+AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH
+SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G
+spki4cErx5z481+oghLrGREt
+-----END CERTIFICATE-----
+
+# Issuer: CN=thawte Primary Root CA - G2 O=thawte, Inc. OU=(c) 2007 thawte, Inc. - For authorized use only
+# Subject: CN=thawte Primary Root CA - G2 O=thawte, Inc. OU=(c) 2007 thawte, Inc. - For authorized use only
+# Label: "thawte Primary Root CA - G2"
+# Serial: 71758320672825410020661621085256472406
+# MD5 Fingerprint: 74:9d:ea:60:24:c4:fd:22:53:3e:cc:3a:72:d9:29:4f
+# SHA1 Fingerprint: aa:db:bc:22:23:8f:c4:01:a1:27:bb:38:dd:f4:1d:db:08:9e:f0:12
+# SHA256 Fingerprint: a4:31:0d:50:af:18:a6:44:71:90:37:2a:86:af:af:8b:95:1f:fb:43:1d:83:7f:1e:56:88:b4:59:71:ed:15:57
+-----BEGIN CERTIFICATE-----
+MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL
+MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp
+IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi
+BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw
+MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh
+d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig
+YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v
+dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/
+BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6
+papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K
+DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3
+KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox
+XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg==
+-----END CERTIFICATE-----
+
+# Issuer: CN=thawte Primary Root CA - G3 O=thawte, Inc. OU=Certification Services Division/(c) 2008 thawte, Inc. - For authorized use only
+# Subject: CN=thawte Primary Root CA - G3 O=thawte, Inc. OU=Certification Services Division/(c) 2008 thawte, Inc. - For authorized use only
+# Label: "thawte Primary Root CA - G3"
+# Serial: 127614157056681299805556476275995414779
+# MD5 Fingerprint: fb:1b:5d:43:8a:94:cd:44:c6:76:f2:43:4b:47:e7:31
+# SHA1 Fingerprint: f1:8b:53:8d:1b:e9:03:b6:a6:f0:56:43:5b:17:15:89:ca:f3:6b:f2
+# SHA256 Fingerprint: 4b:03:f4:58:07:ad:70:f2:1b:fc:2c:ae:71:c9:fd:e4:60:4c:06:4c:f5:ff:b6:86:ba:e5:db:aa:d7:fd:d3:4c
+-----BEGIN CERTIFICATE-----
+MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB
+rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
+Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
+MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV
+BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa
+Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl
+LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u
+MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl
+ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm
+gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8
+YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf
+b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9
+9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S
+zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk
+OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV
+HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA
+2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW
+oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu
+t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c
+KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM
+m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu
+MdRAGmI0Nj81Aa6sY6A=
+-----END CERTIFICATE-----
+
+# Issuer: CN=GeoTrust Primary Certification Authority - G2 O=GeoTrust Inc. OU=(c) 2007 GeoTrust Inc. - For authorized use only
+# Subject: CN=GeoTrust Primary Certification Authority - G2 O=GeoTrust Inc. OU=(c) 2007 GeoTrust Inc. - For authorized use only
+# Label: "GeoTrust Primary Certification Authority - G2"
+# Serial: 80682863203381065782177908751794619243
+# MD5 Fingerprint: 01:5e:d8:6b:bd:6f:3d:8e:a1:31:f8:12:e0:98:73:6a
+# SHA1 Fingerprint: 8d:17:84:d5:37:f3:03:7d:ec:70:fe:57:8b:51:9a:99:e6:10:d7:b0
+# SHA256 Fingerprint: 5e:db:7a:c4:3b:82:a0:6a:87:61:e8:d7:be:49:79:eb:f2:61:1f:7d:d7:9b:f9:1c:1c:6b:56:6a:21:9e:d7:66
+-----BEGIN CERTIFICATE-----
+MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL
+MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj
+KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2
+MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV
+BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw
+NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV
+BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH
+MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL
+So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal
+tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG
+CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT
+qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz
+rD6ogRLQy7rQkgu2npaqBA+K
+-----END CERTIFICATE-----
+
+# Issuer: CN=VeriSign Universal Root Certification Authority O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 2008 VeriSign, Inc. - For authorized use only
+# Subject: CN=VeriSign Universal Root Certification Authority O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 2008 VeriSign, Inc. - For authorized use only
+# Label: "VeriSign Universal Root Certification Authority"
+# Serial: 85209574734084581917763752644031726877
+# MD5 Fingerprint: 8e:ad:b5:01:aa:4d:81:e4:8c:1d:d1:e1:14:00:95:19
+# SHA1 Fingerprint: 36:79:ca:35:66:87:72:30:4d:30:a5:fb:87:3b:0f:a7:7b:b7:0d:54
+# SHA256 Fingerprint: 23:99:56:11:27:a5:71:25:de:8c:ef:ea:61:0d:df:2f:a0:78:b5:c8:06:7f:4e:82:82:90:bf:b8:60:e8:4b:3c
+-----BEGIN CERTIFICATE-----
+MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB
+vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W
+ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
+Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJVUzEX
+MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0
+IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9y
+IGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNh
+bCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF
+9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWH
+H26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+H
+LL729fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN
+/BMReYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT
+rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFsw
+WTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgs
+exkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud
+DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4
+sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+
+seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz
+4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+
+BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHR
+lRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO3
+7M2CYfE45k+XmCpajQ==
+-----END CERTIFICATE-----
+
+# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 2007 VeriSign, Inc. - For authorized use only
+# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4 O=VeriSign, Inc. OU=VeriSign Trust Network/(c) 2007 VeriSign, Inc. - For authorized use only
+# Label: "VeriSign Class 3 Public Primary Certification Authority - G4"
+# Serial: 63143484348153506665311985501458640051
+# MD5 Fingerprint: 3a:52:e1:e7:fd:6f:3a:e3:6f:f3:6f:99:1b:f9:22:41
+# SHA1 Fingerprint: 22:d5:d8:df:8f:02:31:d1:8d:f7:9d:b7:cf:8a:2d:64:c9:3f:6c:3a
+# SHA256 Fingerprint: 69:dd:d7:ea:90:bb:57:c9:3e:13:5d:c8:5e:a6:fc:d5:48:0b:60:32:39:bd:c4:54:fc:75:8b:2a:26:cf:7f:79
+-----BEGIN CERTIFICATE-----
+MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL
+MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
+ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln
+biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp
+U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y
+aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG
+A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp
+U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg
+SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln
+biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm
+GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve
+fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ
+aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj
+aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW
+kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC
+4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga
+FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA==
+-----END CERTIFICATE-----
+
+# Issuer: CN=NetLock Arany (Class Gold) Főtanúsítvány O=NetLock Kft. OU=Tanúsítványkiadók (Certification Services)
+# Subject: CN=NetLock Arany (Class Gold) Főtanúsítvány O=NetLock Kft. OU=Tanúsítványkiadók (Certification Services)
+# Label: "NetLock Arany (Class Gold) Főtanúsítvány"
+# Serial: 80544274841616
+# MD5 Fingerprint: c5:a1:b7:ff:73:dd:d6:d7:34:32:18:df:fc:3c:ad:88
+# SHA1 Fingerprint: 06:08:3f:59:3f:15:a1:04:a0:69:a4:6b:a9:03:d0:06:b7:97:09:91
+# SHA256 Fingerprint: 6c:61:da:c3:a2:de:f0:31:50:6b:e0:36:d2:a6:fe:40:19:94:fb:d1:3d:f9:c8:d4:66:59:92:74:c4:46:ec:98
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG
+EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3
+MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl
+cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR
+dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB
+pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM
+b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm
+aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz
+IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT
+lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz
+AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5
+VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG
+ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2
+BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG
+AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M
+U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh
+bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C
++C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC
+bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F
+uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2
+XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=
+-----END CERTIFICATE-----
+
+# Issuer: CN=Staat der Nederlanden Root CA - G2 O=Staat der Nederlanden
+# Subject: CN=Staat der Nederlanden Root CA - G2 O=Staat der Nederlanden
+# Label: "Staat der Nederlanden Root CA - G2"
+# Serial: 10000012
+# MD5 Fingerprint: 7c:a5:0f:f8:5b:9a:7d:6d:30:ae:54:5a:e3:42:a2:8a
+# SHA1 Fingerprint: 59:af:82:79:91:86:c7:b4:75:07:cb:cf:03:57:46:eb:04:dd:b7:16
+# SHA256 Fingerprint: 66:8c:83:94:7d:a6:3b:72:4b:ec:e1:74:3c:31:a0:e6:ae:d0:db:8e:c5:b3:1b:e3:77:bb:78:4f:91:b6:71:6f
+-----BEGIN CERTIFICATE-----
+MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO
+TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh
+dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oX
+DTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl
+ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv
+b3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ5291
+qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8Sp
+uOUfiUtnvWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPU
+Z5uW6M7XxgpT0GtJlvOjCwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvE
+pMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiile7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp
+5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCROME4HYYEhLoaJXhena/M
+UGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpICT0ugpTN
+GmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy
+5V6548r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv
+6q012iDTiIJh8BIitrzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEK
+eN5KzlW/HdXZt1bv8Hb/C3m1r737qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6
+B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMBAAGjgZcwgZQwDwYDVR0TAQH/
+BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcCARYxaHR0cDov
+L3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV
+HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqG
+SIb3DQEBCwUAA4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLyS
+CZa59sCrI2AGeYwRTlHSeYAz+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen
+5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwjf/ST7ZwaUb7dRUG/kSS0H4zpX897
+IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaNkqbG9AclVMwWVxJK
+gnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfkCpYL
++63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxL
+vJxxcypFURmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkm
+bEgeqmiSBeGCc1qb3AdbCG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvk
+N1trSt8sV4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FC
+Y7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Z
+ywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+KAQ==
+-----END CERTIFICATE-----
+
+# Issuer: CN=Juur-SK O=AS Sertifitseerimiskeskus
+# Subject: CN=Juur-SK O=AS Sertifitseerimiskeskus
+# Label: "Juur-SK"
+# Serial: 999181308
+# MD5 Fingerprint: aa:8e:5d:d9:f8:db:0a:58:b7:8d:26:87:6c:82:35:55
+# SHA1 Fingerprint: 40:9d:4b:d9:17:b5:5c:27:b6:9b:64:cb:98:22:44:0d:cd:09:b8:89
+# SHA256 Fingerprint: ec:c3:e9:c3:40:75:03:be:e0:91:aa:95:2f:41:34:8f:f8:8b:aa:86:3b:22:64:be:fa:c8:07:90:15:74:e9:39
+-----BEGIN CERTIFICATE-----
+MIIE5jCCA86gAwIBAgIEO45L/DANBgkqhkiG9w0BAQUFADBdMRgwFgYJKoZIhvcN
+AQkBFglwa2lAc2suZWUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKExlBUyBTZXJ0aWZp
+dHNlZXJpbWlza2Vza3VzMRAwDgYDVQQDEwdKdXVyLVNLMB4XDTAxMDgzMDE0MjMw
+MVoXDTE2MDgyNjE0MjMwMVowXTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMQsw
+CQYDVQQGEwJFRTEiMCAGA1UEChMZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEQ
+MA4GA1UEAxMHSnV1ci1TSzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AIFxNj4zB9bjMI0TfncyRsvPGbJgMUaXhvSYRqTCZUXP00B841oiqBB4M8yIsdOB
+SvZiF3tfTQou0M+LI+5PAk676w7KvRhj6IAcjeEcjT3g/1tf6mTll+g/mX8MCgkz
+ABpTpyHhOEvWgxutr2TC+Rx6jGZITWYfGAriPrsfB2WThbkasLnE+w0R9vXW+RvH
+LCu3GFH+4Hv2qEivbDtPL+/40UceJlfwUR0zlv/vWT3aTdEVNMfqPxZIe5EcgEMP
+PbgFPtGzlc3Yyg/CQ2fbt5PgIoIuvvVoKIO5wTtpeyDaTpxt4brNj3pssAki14sL
+2xzVWiZbDcDq5WDQn/413z8CAwEAAaOCAawwggGoMA8GA1UdEwEB/wQFMAMBAf8w
+ggEWBgNVHSAEggENMIIBCTCCAQUGCisGAQQBzh8BAQEwgfYwgdAGCCsGAQUFBwIC
+MIHDHoHAAFMAZQBlACAAcwBlAHIAdABpAGYAaQBrAGEAYQB0ACAAbwBuACAAdgDk
+AGwAagBhAHMAdABhAHQAdQBkACAAQQBTAC0AaQBzACAAUwBlAHIAdABpAGYAaQB0
+AHMAZQBlAHIAaQBtAGkAcwBrAGUAcwBrAHUAcwAgAGEAbABhAG0ALQBTAEsAIABz
+AGUAcgB0AGkAZgBpAGsAYQBhAHQAaQBkAGUAIABrAGkAbgBuAGkAdABhAG0AaQBz
+AGUAawBzMCEGCCsGAQUFBwIBFhVodHRwOi8vd3d3LnNrLmVlL2Nwcy8wKwYDVR0f
+BCQwIjAgoB6gHIYaaHR0cDovL3d3dy5zay5lZS9qdXVyL2NybC8wHQYDVR0OBBYE
+FASqekej5ImvGs8KQKcYP2/v6X2+MB8GA1UdIwQYMBaAFASqekej5ImvGs8KQKcY
+P2/v6X2+MA4GA1UdDwEB/wQEAwIB5jANBgkqhkiG9w0BAQUFAAOCAQEAe8EYlFOi
+CfP+JmeaUOTDBS8rNXiRTHyoERF5TElZrMj3hWVcRrs7EKACr81Ptcw2Kuxd/u+g
+kcm2k298gFTsxwhwDY77guwqYHhpNjbRxZyLabVAyJRld/JXIWY7zoVAtjNjGr95
+HvxcHdMdkxuLDF2FvZkwMhgJkVLpfKG6/2SSmuz+Ne6ML678IIbsSt4beDI3poHS
+na9aEhbKmVv8b20OxaAehsmR0FyYgl9jDIpaq9iVpszLita/ZEuOyoqysOkhMp6q
+qIWYNIE5ITuoOlIyPfZrN4YGWhWY3PARZv40ILcD9EEQfTmEeZZyY7aWAuVrua0Z
+TbvGRNs2yyqcjg==
+-----END CERTIFICATE-----
+
+# Issuer: CN=Hongkong Post Root CA 1 O=Hongkong Post
+# Subject: CN=Hongkong Post Root CA 1 O=Hongkong Post
+# Label: "Hongkong Post Root CA 1"
+# Serial: 1000
+# MD5 Fingerprint: a8:0d:6f:39:78:b9:43:6d:77:42:6d:98:5a:cc:23:ca
+# SHA1 Fingerprint: d6:da:a8:20:8d:09:d2:15:4d:24:b5:2f:cb:34:6e:b2:58:b2:8a:58
+# SHA256 Fingerprint: f9:e6:7d:33:6c:51:00:2a:c0:54:c6:32:02:2d:66:dd:a2:e7:e3:ff:f1:0a:d0:61:ed:31:d8:bb:b4:10:cf:b2
+-----BEGIN CERTIFICATE-----
+MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx
+FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg
+Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG
+A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr
+b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ
+jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn
+PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh
+ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9
+nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h
+q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED
+MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC
+mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3
+7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB
+oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs
+EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO
+fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi
+AmvZWg==
+-----END CERTIFICATE-----
+
+# Issuer: CN=SecureSign RootCA11 O=Japan Certification Services, Inc.
+# Subject: CN=SecureSign RootCA11 O=Japan Certification Services, Inc.
+# Label: "SecureSign RootCA11"
+# Serial: 1
+# MD5 Fingerprint: b7:52:74:e2:92:b4:80:93:f2:75:e4:cc:d7:f2:ea:26
+# SHA1 Fingerprint: 3b:c4:9f:48:f8:f3:73:a0:9c:1e:bd:f8:5b:b1:c3:65:c7:d8:11:b3
+# SHA256 Fingerprint: bf:0f:ee:fb:9e:3a:58:1a:d5:f9:e9:db:75:89:98:57:43:d2:61:08:5c:4d:31:4f:6f:5d:72:59:aa:42:16:12
+-----BEGIN CERTIFICATE-----
+MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDEr
+MCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoG
+A1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0
+MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZp
+Y2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RD
+QTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvLTJsz
+i1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8
+h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOV
+MdrAG/LuYpmGYz+/3ZMqg6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9
+UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni
+8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsC
+h8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYD
+VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB
+AKChOBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xm
+KbabfSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ
+X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWr
+QbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR7SXf+Of5
+pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061lgeLKBObjBmN
+QSdJQO7e5iNEOdyhIta6A/I=
+-----END CERTIFICATE-----
+
+# Issuer: CN=ACEDICOM Root O=EDICOM OU=PKI
+# Subject: CN=ACEDICOM Root O=EDICOM OU=PKI
+# Label: "ACEDICOM Root"
+# Serial: 7029493972724711941
+# MD5 Fingerprint: 42:81:a0:e2:1c:e3:55:10:de:55:89:42:65:96:22:e6
+# SHA1 Fingerprint: e0:b4:32:2e:b2:f6:a5:68:b6:54:53:84:48:18:4a:50:36:87:43:84
+# SHA256 Fingerprint: 03:95:0f:b4:9a:53:1f:3e:19:91:94:23:98:df:a9:e0:ea:32:d7:ba:1c:dd:9b:c8:5d:b5:7e:d9:40:0b:43:4a
+-----BEGIN CERTIFICATE-----
+MIIFtTCCA52gAwIBAgIIYY3HhjsBggUwDQYJKoZIhvcNAQEFBQAwRDEWMBQGA1UE
+AwwNQUNFRElDT00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00x
+CzAJBgNVBAYTAkVTMB4XDTA4MDQxODE2MjQyMloXDTI4MDQxMzE2MjQyMlowRDEW
+MBQGA1UEAwwNQUNFRElDT00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZF
+RElDT00xCzAJBgNVBAYTAkVTMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEA/5KV4WgGdrQsyFhIyv2AVClVYyT/kGWbEHV7w2rbYgIB8hiGtXxaOLHkWLn7
+09gtn70yN78sFW2+tfQh0hOR2QetAQXW8713zl9CgQr5auODAKgrLlUTY4HKRxx7
+XBZXehuDYAQ6PmXDzQHe3qTWDLqO3tkE7hdWIpuPY/1NFgu3e3eM+SW10W2ZEi5P
+Grjm6gSSrj0RuVFCPYewMYWveVqc/udOXpJPQ/yrOq2lEiZmueIM15jO1FillUAK
+t0SdE3QrwqXrIhWYENiLxQSfHY9g5QYbm8+5eaA9oiM/Qj9r+hwDezCNzmzAv+Yb
+X79nuIQZ1RXve8uQNjFiybwCq0Zfm/4aaJQ0PZCOrfbkHQl/Sog4P75n/TSW9R28
+MHTLOO7VbKvU/PQAtwBbhTIWdjPp2KOZnQUAqhbm84F9b32qhm2tFXTTxKJxqvQU
+fecyuB+81fFOvW8XAjnXDpVCOscAPukmYxHqC9FK/xidstd7LzrZlvvoHpKuE1XI
+2Sf23EgbsCTBheN3nZqk8wwRHQ3ItBTutYJXCb8gWH8vIiPYcMt5bMlL8qkqyPyH
+K9caUPgn6C9D4zq92Fdx/c6mUlv53U3t5fZvie27k5x2IXXwkkwp9y+cAS7+UEae
+ZAwUswdbxcJzbPEHXEUkFDWug/FqTYl6+rPYLWbwNof1K1MCAwEAAaOBqjCBpzAP
+BgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKaz4SsrSbbXc6GqlPUB53NlTKxQ
+MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUprPhKytJttdzoaqU9QHnc2VMrFAw
+RAYDVR0gBD0wOzA5BgRVHSAAMDEwLwYIKwYBBQUHAgEWI2h0dHA6Ly9hY2VkaWNv
+bS5lZGljb21ncm91cC5jb20vZG9jMA0GCSqGSIb3DQEBBQUAA4ICAQDOLAtSUWIm
+fQwng4/F9tqgaHtPkl7qpHMyEVNEskTLnewPeUKzEKbHDZ3Ltvo/Onzqv4hTGzz3
+gvoFNTPhNahXwOf9jU8/kzJPeGYDdwdY6ZXIfj7QeQCM8htRM5u8lOk6e25SLTKe
+I6RF+7YuE7CLGLHdztUdp0J/Vb77W7tH1PwkzQSulgUV1qzOMPPKC8W64iLgpq0i
+5ALudBF/TP94HTXa5gI06xgSYXcGCRZj6hitoocf8seACQl1ThCojz2GuHURwCRi
+ipZ7SkXp7FnFvmuD5uHorLUwHv4FB4D54SMNUI8FmP8sX+g7tq3PgbUhh8oIKiMn
+MCArz+2UW6yyetLHKKGKC5tNSixthT8Jcjxn4tncB7rrZXtaAWPWkFtPF2Y9fwsZ
+o5NjEFIqnxQWWOLcpfShFosOkYuByptZ+thrkQdlVV9SH686+5DdaaVbnG0OLLb6
+zqylfDJKZ0DcMDQj3dcEI2bw/FWAp/tmGYI1Z2JwOV5vx+qQQEQIHriy1tvuWacN
+GHk0vFQYXlPKNFHtRQrmjseCNj6nOGOpMCwXEGCSn1WHElkQwg9naRHMTh5+Spqt
+r0CodaxWkHS4oJyleW/c6RrIaQXpuvoDs3zk4E7Czp3otkYNbn5XOmeUwssfnHdK
+Z05phkOTOPu220+DkdRgfks+KzgHVZhepA==
+-----END CERTIFICATE-----
+
+# Issuer: CN=Microsec e-Szigno Root CA 2009 O=Microsec Ltd.
+# Subject: CN=Microsec e-Szigno Root CA 2009 O=Microsec Ltd.
+# Label: "Microsec e-Szigno Root CA 2009"
+# Serial: 14014712776195784473
+# MD5 Fingerprint: f8:49:f4:03:bc:44:2d:83:be:48:69:7d:29:64:fc:b1
+# SHA1 Fingerprint: 89:df:74:fe:5c:f4:0f:4a:80:f9:e3:37:7d:54:da:91:e1:01:31:8e
+# SHA256 Fingerprint: 3c:5f:81:fe:a5:fa:b8:2c:64:bf:a2:ea:ec:af:cd:e8:e0:77:fc:86:20:a7:ca:e5:37:16:3d:f3:6e:db:f3:78
+-----BEGIN CERTIFICATE-----
+MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
+VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0
+ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G
+CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y
+OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx
+FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp
+Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o
+dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP
+kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc
+cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U
+fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7
+N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC
+xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1
++rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
+A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM
+Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG
+SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h
+mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk
+ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775
+tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c
+2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t
+HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW
+-----END CERTIFICATE-----
+
+# Issuer: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R3
+# Subject: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R3
+# Label: "GlobalSign Root CA - R3"
+# Serial: 4835703278459759426209954
+# MD5 Fingerprint: c5:df:b8:49:ca:05:13:55:ee:2d:ba:1a:c3:3e:b0:28
+# SHA1 Fingerprint: d6:9b:56:11:48:f0:1c:77:c5:45:78:c1:09:26:df:5b:85:69:76:ad
+# SHA256 Fingerprint: cb:b5:22:d7:b7:f1:27:ad:6a:01:13:86:5b:df:1c:d4:10:2e:7d:07:59:af:63:5a:7c:f4:72:0d:c9:63:c5:3b
+-----BEGIN CERTIFICATE-----
+MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G
+A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp
+Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4
+MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG
+A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8
+RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT
+gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm
+KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd
+QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ
+XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw
+DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o
+LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU
+RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp
+jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK
+6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX
+mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs
+Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH
+WD9f
+-----END CERTIFICATE-----
+
+# Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
+# Subject: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
+# Label: "Autoridad de Certificacion Firmaprofesional CIF A62634068"
+# Serial: 6047274297262753887
+# MD5 Fingerprint: 73:3a:74:7a:ec:bb:a3:96:a6:c2:e4:e2:c8:9b:c0:c3
+# SHA1 Fingerprint: ae:c5:fb:3f:c8:e1:bf:c4:e5:4f:03:07:5a:9a:e8:00:b7:f7:b6:fa
+# SHA256 Fingerprint: 04:04:80:28:bf:1f:28:64:d4:8f:9a:d4:d8:32:94:36:6a:82:88:56:55:3f:3b:14:30:3f:90:14:7f:5d:40:ef
+-----BEGIN CERTIFICATE-----
+MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE
+BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h
+cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy
+MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg
+Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9
+thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM
+cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG
+L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i
+NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h
+X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b
+m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy
+Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja
+EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T
+KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF
+6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh
+OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD
+VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD
+VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp
+cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv
+ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl
+AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF
+661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9
+am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1
+ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481
+PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS
+3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k
+SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF
+3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM
+ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g
+StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz
+Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB
+jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V
+-----END CERTIFICATE-----
+
+# Issuer: CN=Izenpe.com O=IZENPE S.A.
+# Subject: CN=Izenpe.com O=IZENPE S.A.
+# Label: "Izenpe.com"
+# Serial: 917563065490389241595536686991402621
+# MD5 Fingerprint: a6:b0:cd:85:80:da:5c:50:34:a3:39:90:2f:55:67:73
+# SHA1 Fingerprint: 2f:78:3d:25:52:18:a7:4a:65:39:71:b5:2c:a2:9c:45:15:6f:e9:19
+# SHA256 Fingerprint: 25:30:cc:8e:98:32:15:02:ba:d9:6f:9b:1f:ba:1b:09:9e:2d:29:9e:0f:45:48:bb:91:4f:36:3b:c0:d4:53:1f
+-----BEGIN CERTIFICATE-----
+MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4
+MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6
+ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD
+VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j
+b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq
+scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO
+xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H
+LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX
+uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD
+yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+
+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q
+rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN
+BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L
+hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB
+QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+
+HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu
+Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg
+QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB
+BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx
+MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA
+A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb
+laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56
+awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo
+JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw
+LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT
+VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk
+LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb
+UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/
+QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+
+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls
+QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw==
+-----END CERTIFICATE-----
+
+# Issuer: CN=Chambers of Commerce Root - 2008 O=AC Camerfirma S.A.
+# Subject: CN=Chambers of Commerce Root - 2008 O=AC Camerfirma S.A.
+# Label: "Chambers of Commerce Root - 2008"
+# Serial: 11806822484801597146
+# MD5 Fingerprint: 5e:80:9e:84:5a:0e:65:0b:17:02:f3:55:18:2a:3e:d7
+# SHA1 Fingerprint: 78:6a:74:ac:76:ab:14:7f:9c:6a:30:50:ba:9e:a8:7e:fe:9a:ce:3c
+# SHA256 Fingerprint: 06:3e:4a:fa:c4:91:df:d3:32:f3:08:9b:85:42:e9:46:17:d8:93:d7:fe:94:4e:10:a7:93:7e:e2:9d:96:93:c0
+-----BEGIN CERTIFICATE-----
+MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD
+VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0
+IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3
+MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMTIENoYW1iZXJz
+IG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEyMjk1MFoXDTM4MDcz
+MTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBj
+dXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIw
+EAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp
+MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW9
+28sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJq
+VKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072Q
+DuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR
+5gN/ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfL
+ZEFHcpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a
+Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl18Tl
+UlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2wsWsSaR6s
++12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ0wlf2eOKNcx5
+Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj
+ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAx
+hduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNV
+HQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1
++HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN
+YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29t
+L2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVy
+ZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAt
+IDIwMDiCCQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRV
+HSAAMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20w
+DQYJKoZIhvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwW
+PJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF
+5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpGqOt1
+glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaH
+FoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2
+pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MD
+xvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QG
+tjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcKzBIKinmwPQN/aUv0NCB9szTq
+jktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1De
+fhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg
+OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ
+d0jQ
+-----END CERTIFICATE-----
+
+# Issuer: CN=Global Chambersign Root - 2008 O=AC Camerfirma S.A.
+# Subject: CN=Global Chambersign Root - 2008 O=AC Camerfirma S.A.
+# Label: "Global Chambersign Root - 2008"
+# Serial: 14541511773111788494
+# MD5 Fingerprint: 9e:80:ff:78:01:0c:2e:c1:36:bd:fe:96:90:6e:08:f3
+# SHA1 Fingerprint: 4a:bd:ee:ec:95:0d:35:9c:89:ae:c7:52:a1:2c:5b:29:f6:d6:aa:0c
+# SHA256 Fingerprint: 13:63:35:43:93:34:a7:69:80:16:a0:d3:24:de:72:28:4e:07:9d:7b:52:20:bb:8f:bd:74:78:16:ee:be:ba:ca
+-----BEGIN CERTIFICATE-----
+MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD
+VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0
+IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3
+MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD
+aGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMxNDBaFw0zODA3MzEx
+MjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy
+cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG
+A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl
+BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xed
+KYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7
+G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2
+zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4
+ddPB/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyG
+HoiMvvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2
+Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3V
+yJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al/3K1dh3e
+beksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSFHTynyQbehP9r
+6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh
+wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsog
+zCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQW
+BBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDpr
+ru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJp
+ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRk
+cmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJt
+YSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiC
+CQDJzdPp1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCow
+KAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI
+hvcNAQEFBQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZ
+UohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz
+X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7LoR/x
+fxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVz
+a2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yyd
+Yhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMd
+SqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9O
+AP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETrP3iZ8ntxPjzxmKfFGBI/5rso
+M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4ge
+v8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z
+09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B
+-----END CERTIFICATE-----
+
+# Issuer: CN=Go Daddy Root Certificate Authority - G2 O=GoDaddy.com, Inc.
+# Subject: CN=Go Daddy Root Certificate Authority - G2 O=GoDaddy.com, Inc.
+# Label: "Go Daddy Root Certificate Authority - G2"
+# Serial: 0
+# MD5 Fingerprint: 80:3a:bc:22:c1:e6:fb:8d:9b:3b:27:4a:32:1b:9a:01
+# SHA1 Fingerprint: 47:be:ab:c9:22:ea:e8:0e:78:78:34:62:a7:9f:45:c2:54:fd:e6:8b
+# SHA256 Fingerprint: 45:14:0b:32:47:eb:9c:c8:c5:b4:f0:d7:b5:30:91:f7:32:92:08:9e:6e:5a:63:e2:74:9d:d3:ac:a9:19:8e:da
+-----BEGIN CERTIFICATE-----
+MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT
+EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp
+ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz
+NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
+EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE
+AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD
+E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH
+/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy
+DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh
+GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR
+tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA
+AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX
+WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu
+9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr
+gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo
+2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO
+LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI
+4uJEvlz36hz1
+-----END CERTIFICATE-----
+
+# Issuer: CN=Starfield Root Certificate Authority - G2 O=Starfield Technologies, Inc.
+# Subject: CN=Starfield Root Certificate Authority - G2 O=Starfield Technologies, Inc.
+# Label: "Starfield Root Certificate Authority - G2"
+# Serial: 0
+# MD5 Fingerprint: d6:39:81:c6:52:7e:96:69:fc:fc:ca:66:ed:05:f2:96
+# SHA1 Fingerprint: b5:1c:06:7c:ee:2b:0c:3d:f8:55:ab:2d:92:f4:fe:39:d4:e7:0f:0e
+# SHA256 Fingerprint: 2c:e1:cb:0b:f9:d2:f9:e1:02:99:3f:be:21:51:52:c3:b2:dd:0c:ab:de:1c:68:e5:31:9b:83:91:54:db:b7:f5
+-----BEGIN CERTIFICATE-----
+MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
+HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs
+ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw
+MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6
+b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj
+aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp
+Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg
+nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1
+HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N
+Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN
+dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0
+HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO
+BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G
+CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU
+sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3
+4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg
+8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K
+pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1
+mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0
+-----END CERTIFICATE-----
+
+# Issuer: CN=Starfield Services Root Certificate Authority - G2 O=Starfield Technologies, Inc.
+# Subject: CN=Starfield Services Root Certificate Authority - G2 O=Starfield Technologies, Inc.
+# Label: "Starfield Services Root Certificate Authority - G2"
+# Serial: 0
+# MD5 Fingerprint: 17:35:74:af:7b:61:1c:eb:f4:f9:3c:e2:ee:40:f9:a2
+# SHA1 Fingerprint: 92:5a:8f:8d:2c:6d:04:e0:66:5f:59:6a:ff:22:d8:63:e8:25:6f:3f
+# SHA256 Fingerprint: 56:8d:69:05:a2:c8:87:08:a4:b3:02:51:90:ed:cf:ed:b1:97:4a:60:6a:13:c6:e5:29:0f:cb:2a:e6:3e:da:b5
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
+HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs
+ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5
+MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy
+ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy
+dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p
+OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2
+8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K
+Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe
+hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk
+6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw
+DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q
+AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI
+bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB
+ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z
+qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd
+iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn
+0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN
+sSi6
+-----END CERTIFICATE-----
+
+# Issuer: CN=AffirmTrust Commercial O=AffirmTrust
+# Subject: CN=AffirmTrust Commercial O=AffirmTrust
+# Label: "AffirmTrust Commercial"
+# Serial: 8608355977964138876
+# MD5 Fingerprint: 82:92:ba:5b:ef:cd:8a:6f:a6:3d:55:f9:84:f6:d6:b7
+# SHA1 Fingerprint: f9:b5:b6:32:45:5f:9c:be:ec:57:5f:80:dc:e9:6e:2c:c7:b2:78:b7
+# SHA256 Fingerprint: 03:76:ab:1d:54:c5:f9:80:3c:e4:b2:e2:01:a0:ee:7e:ef:7b:57:b6:36:e8:a9:3c:9b:8d:48:60:c9:6f:5f:a7
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE
+BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz
+dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL
+MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp
+cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP
+Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr
+ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL
+MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1
+yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr
+VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/
+nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ
+KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG
+XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj
+vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt
+Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g
+N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC
+nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8=
+-----END CERTIFICATE-----
+
+# Issuer: CN=AffirmTrust Networking O=AffirmTrust
+# Subject: CN=AffirmTrust Networking O=AffirmTrust
+# Label: "AffirmTrust Networking"
+# Serial: 8957382827206547757
+# MD5 Fingerprint: 42:65:ca:be:01:9a:9a:4c:a9:8c:41:49:cd:c0:d5:7f
+# SHA1 Fingerprint: 29:36:21:02:8b:20:ed:02:f5:66:c5:32:d1:d6:ed:90:9f:45:00:2f
+# SHA256 Fingerprint: 0a:81:ec:5a:92:97:77:f1:45:90:4a:f3:8d:5d:50:9f:66:b5:e2:c5:8f:cd:b5:31:05:8b:0e:17:f3:f0:b4:1b
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE
+BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz
+dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL
+MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp
+cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y
+YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua
+kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL
+QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp
+6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG
+yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i
+QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ
+KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO
+tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu
+QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ
+Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u
+olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48
+x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s=
+-----END CERTIFICATE-----
+
+# Issuer: CN=AffirmTrust Premium O=AffirmTrust
+# Subject: CN=AffirmTrust Premium O=AffirmTrust
+# Label: "AffirmTrust Premium"
+# Serial: 7893706540734352110
+# MD5 Fingerprint: c4:5d:0e:48:b6:ac:28:30:4e:0a:bc:f9:38:16:87:57
+# SHA1 Fingerprint: d8:a6:33:2c:e0:03:6f:b1:85:f6:63:4f:7d:6a:06:65:26:32:28:27
+# SHA256 Fingerprint: 70:a7:3f:7f:37:6b:60:07:42:48:90:45:34:b1:14:82:d5:bf:0e:69:8e:cc:49:8d:f5:25:77:eb:f2:e9:3b:9a
+-----BEGIN CERTIFICATE-----
+MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE
+BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz
+dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG
+A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U
+cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf
+qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ
+JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ
++jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS
+s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5
+HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7
+70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG
+V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S
+qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S
+5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia
+C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX
+OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE
+FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
+BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2
+KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg
+Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B
+8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ
+MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc
+0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ
+u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF
+u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH
+YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8
+GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO
+RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e
+KeC2uAloGRwYQw==
+-----END CERTIFICATE-----
+
+# Issuer: CN=AffirmTrust Premium ECC O=AffirmTrust
+# Subject: CN=AffirmTrust Premium ECC O=AffirmTrust
+# Label: "AffirmTrust Premium ECC"
+# Serial: 8401224907861490260
+# MD5 Fingerprint: 64:b0:09:55:cf:b1:d5:99:e2:be:13:ab:a6:5d:ea:4d
+# SHA1 Fingerprint: b8:23:6b:00:2f:1d:16:86:53:01:55:6c:11:a4:37:ca:eb:ff:c3:bb
+# SHA256 Fingerprint: bd:71:fd:f6:da:97:e4:cf:62:d1:64:7a:dd:25:81:b0:7d:79:ad:f8:39:7e:b4:ec:ba:9c:5e:84:88:82:14:23
+-----BEGIN CERTIFICATE-----
+MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC
+VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ
+cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ
+BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt
+VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D
+0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9
+ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G
+A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs
+aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I
+flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ==
+-----END CERTIFICATE-----
+
+# Issuer: CN=Certum Trusted Network CA O=Unizeto Technologies S.A. OU=Certum Certification Authority
+# Subject: CN=Certum Trusted Network CA O=Unizeto Technologies S.A. OU=Certum Certification Authority
+# Label: "Certum Trusted Network CA"
+# Serial: 279744
+# MD5 Fingerprint: d5:e9:81:40:c5:18:69:fc:46:2c:89:75:62:0f:aa:78
+# SHA1 Fingerprint: 07:e0:32:e0:20:b7:2c:3f:19:2f:06:28:a2:59:3a:19:a7:0f:06:9e
+# SHA256 Fingerprint: 5c:58:46:8d:55:f5:8e:49:7e:74:39:82:d2:b5:00:10:b6:d1:65:37:4a:cf:83:a7:d4:a3:2d:b7:68:c4:40:8e
+-----BEGIN CERTIFICATE-----
+MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM
+MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D
+ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU
+cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3
+WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg
+Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw
+IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH
+UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM
+TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU
+BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM
+kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x
+AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV
+HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y
+sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL
+I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8
+J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY
+VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI
+03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=
+-----END CERTIFICATE-----
+
+# Issuer: CN=Certinomis - Autorité Racine O=Certinomis OU=0002 433998903
+# Subject: CN=Certinomis - Autorité Racine O=Certinomis OU=0002 433998903
+# Label: "Certinomis - Autorité Racine"
+# Serial: 1
+# MD5 Fingerprint: 7f:30:78:8c:03:e3:ca:c9:0a:e2:c9:ea:1e:aa:55:1a
+# SHA1 Fingerprint: 2e:14:da:ec:28:f0:fa:1e:8e:38:9a:4e:ab:eb:26:c0:0a:d3:83:c3
+# SHA256 Fingerprint: fc:bf:e2:88:62:06:f7:2b:27:59:3c:8b:07:02:97:e1:2d:76:9e:d1:0e:d7:93:07:05:a8:09:8e:ff:c1:4d:17
+-----BEGIN CERTIFICATE-----
+MIIFnDCCA4SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJGUjET
+MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxJjAk
+BgNVBAMMHUNlcnRpbm9taXMgLSBBdXRvcml0w6kgUmFjaW5lMB4XDTA4MDkxNzA4
+Mjg1OVoXDTI4MDkxNzA4Mjg1OVowYzELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNl
+cnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMSYwJAYDVQQDDB1DZXJ0
+aW5vbWlzIC0gQXV0b3JpdMOpIFJhY2luZTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBAJ2Fn4bT46/HsmtuM+Cet0I0VZ35gb5j2CN2DpdUzZlMGvE5x4jY
+F1AMnmHawE5V3udauHpOd4cN5bjr+p5eex7Ezyh0x5P1FMYiKAT5kcOrJ3NqDi5N
+8y4oH3DfVS9O7cdxbwlyLu3VMpfQ8Vh30WC8Tl7bmoT2R2FFK/ZQpn9qcSdIhDWe
+rP5pqZ56XjUl+rSnSTV3lqc2W+HN3yNw2F1MpQiD8aYkOBOo7C+ooWfHpi2GR+6K
+/OybDnT0K0kCe5B1jPyZOQE51kqJ5Z52qz6WKDgmi92NjMD2AR5vpTESOH2VwnHu
+7XSu5DaiQ3XV8QCb4uTXzEIDS3h65X27uK4uIJPT5GHfceF2Z5c/tt9qc1pkIuVC
+28+BA5PY9OMQ4HL2AHCs8MF6DwV/zzRpRbWT5BnbUhYjBYkOjUjkJW+zeL9i9Qf6
+lSTClrLooyPCXQP8w9PlfMl1I9f09bze5N/NgL+RiH2nE7Q5uiy6vdFrzPOlKO1E
+nn1So2+WLhl+HPNbxxaOu2B9d2ZHVIIAEWBsMsGoOBvrbpgT1u449fCfDu/+MYHB
+0iSVL1N6aaLwD4ZFjliCK0wi1F6g530mJ0jfJUaNSih8hp75mxpZuWW/Bd22Ql09
+5gBIgl4g9xGC3srYn+Y3RyYe63j3YcNBZFgCQfna4NH4+ej9Uji29YnfAgMBAAGj
+WzBZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQN
+jLZh2kS40RR9w759XkjwzspqsDAXBgNVHSAEEDAOMAwGCiqBegFWAgIAAQEwDQYJ
+KoZIhvcNAQEFBQADggIBACQ+YAZ+He86PtvqrxyaLAEL9MW12Ukx9F1BjYkMTv9s
+ov3/4gbIOZ/xWqndIlgVqIrTseYyCYIDbNc/CMf4uboAbbnW/FIyXaR/pDGUu7ZM
+OH8oMDX/nyNTt7buFHAAQCvaR6s0fl6nVjBhK4tDrP22iCj1a7Y+YEq6QpA0Z43q
+619FVDsXrIvkxmUP7tCMXWY5zjKn2BCXwH40nJ+U8/aGH88bc62UeYdocMMzpXDn
+2NU4lG9jeeu/Cg4I58UvD0KgKxRA/yHgBcUn4YQRE7rWhh1BCxMjidPJC+iKunqj
+o3M3NYB9Ergzd0A4wPpeMNLytqOx1qKVl4GbUu1pTP+A5FPbVFsDbVRfsbjvJL1v
+nxHDx2TCDyhihWZeGnuyt++uNckZM6i4J9szVb9o4XVIRFb7zdNIu0eJOqxp9YDG
+5ERQL1TEqkPFMTFYvZbF6nVsmnWxTfj3l/+WFvKXTej28xH5On2KOG4Ey+HTRRWq
+pdEdnV1j6CTmNhTih60bWfVEm/vXd3wfAXBioSAaosUaKPQhA+4u2cGA6rnZgtZb
+dsLLO7XSAPCjDuGtbkD326C00EauFddEwk01+dIL8hf2rGbVJLJP0RyZwG71fet0
+BLj5TXcJ17TPBzAJ8bgAVtkXFhYKK4bfjwEZGuW7gmP/vgt2Fl43N+bYdJeimUV5
+-----END CERTIFICATE-----
+
+# Issuer: CN=Root CA Generalitat Valenciana O=Generalitat Valenciana OU=PKIGVA
+# Subject: CN=Root CA Generalitat Valenciana O=Generalitat Valenciana OU=PKIGVA
+# Label: "Root CA Generalitat Valenciana"
+# Serial: 994436456
+# MD5 Fingerprint: 2c:8c:17:5e:b1:54:ab:93:17:b5:36:5a:db:d1:c6:f2
+# SHA1 Fingerprint: a0:73:e5:c5:bd:43:61:0d:86:4c:21:13:0a:85:58:57:cc:9c:ea:46
+# SHA256 Fingerprint: 8c:4e:df:d0:43:48:f3:22:96:9e:7e:29:a4:cd:4d:ca:00:46:55:06:1c:16:e1:b0:76:42:2e:f3:42:ad:63:0e
+-----BEGIN CERTIFICATE-----
+MIIGizCCBXOgAwIBAgIEO0XlaDANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJF
+UzEfMB0GA1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UECxMGUEtJ
+R1ZBMScwJQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmEwHhcN
+MDEwNzA2MTYyMjQ3WhcNMjEwNzAxMTUyMjQ3WjBoMQswCQYDVQQGEwJFUzEfMB0G
+A1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0GA1UECxMGUEtJR1ZBMScw
+JQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVuY2lhbmEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGKqtXETcvIorKA3Qdyu0togu8M1JAJke+
+WmmmO3I2F0zo37i7L3bhQEZ0ZQKQUgi0/6iMweDHiVYQOTPvaLRfX9ptI6GJXiKj
+SgbwJ/BXufjpTjJ3Cj9BZPPrZe52/lSqfR0grvPXdMIKX/UIKFIIzFVd0g/bmoGl
+u6GzwZTNVOAydTGRGmKy3nXiz0+J2ZGQD0EbtFpKd71ng+CT516nDOeB0/RSrFOy
+A8dEJvt55cs0YFAQexvba9dHq198aMpunUEDEO5rmXteJajCq+TA81yc477OMUxk
+Hl6AovWDfgzWyoxVjr7gvkkHD6MkQXpYHYTqWBLI4bft75PelAgxAgMBAAGjggM7
+MIIDNzAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnBr
+aS5ndmEuZXMwEgYDVR0TAQH/BAgwBgEB/wIBAjCCAjQGA1UdIASCAiswggInMIIC
+IwYKKwYBBAG/VQIBADCCAhMwggHoBggrBgEFBQcCAjCCAdoeggHWAEEAdQB0AG8A
+cgBpAGQAYQBkACAAZABlACAAQwBlAHIAdABpAGYAaQBjAGEAYwBpAPMAbgAgAFIA
+YQDtAHoAIABkAGUAIABsAGEAIABHAGUAbgBlAHIAYQBsAGkAdABhAHQAIABWAGEA
+bABlAG4AYwBpAGEAbgBhAC4ADQAKAEwAYQAgAEQAZQBjAGwAYQByAGEAYwBpAPMA
+bgAgAGQAZQAgAFAAcgDhAGMAdABpAGMAYQBzACAAZABlACAAQwBlAHIAdABpAGYA
+aQBjAGEAYwBpAPMAbgAgAHEAdQBlACAAcgBpAGcAZQAgAGUAbAAgAGYAdQBuAGMA
+aQBvAG4AYQBtAGkAZQBuAHQAbwAgAGQAZQAgAGwAYQAgAHAAcgBlAHMAZQBuAHQA
+ZQAgAEEAdQB0AG8AcgBpAGQAYQBkACAAZABlACAAQwBlAHIAdABpAGYAaQBjAGEA
+YwBpAPMAbgAgAHMAZQAgAGUAbgBjAHUAZQBuAHQAcgBhACAAZQBuACAAbABhACAA
+ZABpAHIAZQBjAGMAaQDzAG4AIAB3AGUAYgAgAGgAdAB0AHAAOgAvAC8AdwB3AHcA
+LgBwAGsAaQAuAGcAdgBhAC4AZQBzAC8AYwBwAHMwJQYIKwYBBQUHAgEWGWh0dHA6
+Ly93d3cucGtpLmd2YS5lcy9jcHMwHQYDVR0OBBYEFHs100DSHHgZZu90ECjcPk+y
+eAT8MIGVBgNVHSMEgY0wgYqAFHs100DSHHgZZu90ECjcPk+yeAT8oWykajBoMQsw
+CQYDVQQGEwJFUzEfMB0GA1UEChMWR2VuZXJhbGl0YXQgVmFsZW5jaWFuYTEPMA0G
+A1UECxMGUEtJR1ZBMScwJQYDVQQDEx5Sb290IENBIEdlbmVyYWxpdGF0IFZhbGVu
+Y2lhbmGCBDtF5WgwDQYJKoZIhvcNAQEFBQADggEBACRhTvW1yEICKrNcda3Fbcrn
+lD+laJWIwVTAEGmiEi8YPyVQqHxK6sYJ2fR1xkDar1CdPaUWu20xxsdzCkj+IHLt
+b8zog2EWRpABlUt9jppSCS/2bxzkoXHPjCpaF3ODR00PNvsETUlR4hTJZGH71BTg
+9J63NI8KJr2XXPR5OkowGcytT6CYirQxlyric21+eLj4iIlPsSKRZEv1UN4D2+XF
+ducTZnV+ZfsBn5OHiJ35Rld8TWCvmHMTI6QgkYH60GFmuH3Rr9ZvHmw96RH9qfmC
+IoaZM3Fa6hlXPZHNqcCjbgcTpsnt+GijnsNacgmHKNHEc8RzGF9QdRYxn7fofMM=
+-----END CERTIFICATE-----
+
+# Issuer: CN=TWCA Root Certification Authority O=TAIWAN-CA OU=Root CA
+# Subject: CN=TWCA Root Certification Authority O=TAIWAN-CA OU=Root CA
+# Label: "TWCA Root Certification Authority"
+# Serial: 1
+# MD5 Fingerprint: aa:08:8f:f6:f9:7b:b7:f2:b1:a7:1e:9b:ea:ea:bd:79
+# SHA1 Fingerprint: cf:9e:87:6d:d3:eb:fc:42:26:97:a3:b5:a3:7a:a0:76:a9:06:23:48
+# SHA256 Fingerprint: bf:d8:8f:e1:10:1c:41:ae:3e:80:1b:f8:be:56:35:0e:e9:ba:d1:a6:b9:bd:51:5e:dc:5c:6d:5b:87:11:ac:44
+-----BEGIN CERTIFICATE-----
+MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES
+MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU
+V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz
+WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO
+LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm
+aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE
+AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH
+K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX
+RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z
+rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx
+3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq
+hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC
+MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls
+XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D
+lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn
+aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ
+YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw==
+-----END CERTIFICATE-----
+
+# Issuer: O=SECOM Trust Systems CO.,LTD. OU=Security Communication RootCA2
+# Subject: O=SECOM Trust Systems CO.,LTD. OU=Security Communication RootCA2
+# Label: "Security Communication RootCA2"
+# Serial: 0
+# MD5 Fingerprint: 6c:39:7d:a4:0e:55:59:b2:3f:d6:41:b1:12:50:de:43
+# SHA1 Fingerprint: 5f:3b:8c:f2:f8:10:b3:7d:78:b4:ce:ec:19:19:c3:73:34:b9:c7:74
+# SHA256 Fingerprint: 51:3b:2c:ec:b8:10:d4:cd:e5:dd:85:39:1a:df:c6:c2:dd:60:d8:7b:b7:36:d2:b5:21:48:4a:a4:7a:0e:be:f6
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl
+MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe
+U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX
+DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy
+dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj
+YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV
+OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr
+zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM
+VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ
+hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO
+ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw
+awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs
+OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF
+coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc
+okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8
+t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy
+1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/
+SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03
+-----END CERTIFICATE-----
+
+# Issuer: CN=Hellenic Academic and Research Institutions RootCA 2011 O=Hellenic Academic and Research Institutions Cert. Authority
+# Subject: CN=Hellenic Academic and Research Institutions RootCA 2011 O=Hellenic Academic and Research Institutions Cert. Authority
+# Label: "Hellenic Academic and Research Institutions RootCA 2011"
+# Serial: 0
+# MD5 Fingerprint: 73:9f:4c:4b:73:5b:79:e9:fa:ba:1c:ef:6e:cb:d5:c9
+# SHA1 Fingerprint: fe:45:65:9b:79:03:5b:98:a1:61:b5:51:2e:ac:da:58:09:48:22:4d
+# SHA256 Fingerprint: bc:10:4f:15:a4:8b:e7:09:dc:a5:42:a7:e1:d4:b9:df:6f:05:45:27:e8:02:ea:a9:2d:59:54:44:25:8a:fe:71
+-----BEGIN CERTIFICATE-----
+MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix
+RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1
+dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p
+YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw
+NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK
+EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl
+cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl
+c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz
+dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ
+fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns
+bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD
+75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP
+FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV
+HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp
+5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu
+b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA
+A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p
+6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8
+TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7
+dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys
+Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI
+l7WdmplNsDz4SgCbZN2fOUvRJ9e4
+-----END CERTIFICATE-----
+
+# Issuer: CN=Actalis Authentication Root CA O=Actalis S.p.A./03358520967
+# Subject: CN=Actalis Authentication Root CA O=Actalis S.p.A./03358520967
+# Label: "Actalis Authentication Root CA"
+# Serial: 6271844772424770508
+# MD5 Fingerprint: 69:c1:0d:4f:07:a3:1b:c3:fe:56:3d:04:bc:11:f6:a6
+# SHA1 Fingerprint: f3:73:b3:87:06:5a:28:84:8a:f2:f3:4a:ce:19:2b:dd:c7:8e:9c:ac
+# SHA256 Fingerprint: 55:92:60:84:ec:96:3a:64:b9:6e:2a:be:01:ce:0b:a8:6a:64:fb:fe:bc:c7:aa:b5:af:c1:55:b3:7f:d7:60:66
+-----BEGIN CERTIFICATE-----
+MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE
+BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w
+MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290
+IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC
+SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1
+ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv
+UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX
+4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9
+KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/
+gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb
+rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ
+51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F
+be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe
+KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F
+v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn
+fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7
+jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz
+ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt
+ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL
+e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70
+jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz
+WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V
+SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j
+pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX
+X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok
+fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R
+K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU
+ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU
+LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT
+LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg==
+-----END CERTIFICATE-----
+
+# Issuer: O=Trustis Limited OU=Trustis FPS Root CA
+# Subject: O=Trustis Limited OU=Trustis FPS Root CA
+# Label: "Trustis FPS Root CA"
+# Serial: 36053640375399034304724988975563710553
+# MD5 Fingerprint: 30:c9:e7:1e:6b:e6:14:eb:65:b2:16:69:20:31:67:4d
+# SHA1 Fingerprint: 3b:c0:38:0b:33:c3:f6:a6:0c:86:15:22:93:d9:df:f5:4b:81:c0:04
+# SHA256 Fingerprint: c1:b4:82:99:ab:a5:20:8f:e9:63:0a:ce:55:ca:68:a0:3e:da:5a:51:9c:88:02:a0:d3:a6:73:be:8f:8e:55:7d
+-----BEGIN CERTIFICATE-----
+MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBF
+MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQL
+ExNUcnVzdGlzIEZQUyBSb290IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTEx
+MzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1RydXN0aXMgTGltaXRlZDEc
+MBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQRUN+
+AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihH
+iTHcDnlkH5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjj
+vSkCqPoc4Vu5g6hBSLwacY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA
+0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zto3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlB
+OrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEAAaNTMFEwDwYDVR0TAQH/
+BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAdBgNVHQ4E
+FgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01
+GX2cGE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmW
+zaD+vkAMXBJV+JOCyinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP4
+1BIy+Q7DsdwyhEQsb8tGD+pmQQ9P8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZE
+f1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHVl/9D7S3B2l0pKoU/rGXuhg8F
+jZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYliB6XzCGcKQEN
+ZetX2fNXlrtIzYE=
+-----END CERTIFICATE-----
+
+# Issuer: CN=StartCom Certification Authority O=StartCom Ltd. OU=Secure Digital Certificate Signing
+# Subject: CN=StartCom Certification Authority O=StartCom Ltd. OU=Secure Digital Certificate Signing
+# Label: "StartCom Certification Authority"
+# Serial: 45
+# MD5 Fingerprint: c9:3b:0d:84:41:fc:a4:76:79:23:08:57:de:10:19:16
+# SHA1 Fingerprint: a3:f1:33:3f:e2:42:bf:cf:c5:d1:4e:8f:39:42:98:40:68:10:d1:a0
+# SHA256 Fingerprint: e1:78:90:ee:09:a3:fb:f4:f4:8b:9c:41:4a:17:d6:37:b7:a5:06:47:e9:bc:75:23:22:72:7f:cc:17:42:a9:11
+-----BEGIN CERTIFICATE-----
+MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEW
+MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
+Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM3WhcNMzYwOTE3MTk0NjM2WjB9
+MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi
+U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh
+cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA
+A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk
+pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf
+OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C
+Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT
+Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi
+HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM
+Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w
++2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+
+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3
+Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B
+26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID
+AQABo4ICEDCCAgwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
+VR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMB8GA1UdIwQYMBaAFE4L7xqkQFul
+F2mHMMo0aEPQQa7yMIIBWgYDVR0gBIIBUTCCAU0wggFJBgsrBgEEAYG1NwEBATCC
+ATgwLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5w
+ZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tL2ludGVybWVk
+aWF0ZS5wZGYwgc8GCCsGAQUFBwICMIHCMCcWIFN0YXJ0IENvbW1lcmNpYWwgKFN0
+YXJ0Q29tKSBMdGQuMAMCAQEagZZMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0aGUg
+c2VjdGlvbiAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0
+aWZpY2F0aW9uIEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly93
+d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgG
+CWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1
+dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAgEAjo/n3JR5fPGFf59Jb2vKXfuM/gTF
+wWLRfUKKvFO3lANmMD+x5wqnUCBVJX92ehQN6wQOQOY+2IirByeDqXWmN3PH/UvS
+Ta0XQMhGvjt/UfzDtgUx3M2FIk5xt/JxXrAaxrqTi3iSSoX4eA+D/i+tLPfkpLst
+0OcNOrg+zvZ49q5HJMqjNTbOx8aHmNrs++myziebiMMEofYLWWivydsQD032ZGNc
+pRJvkrKTlMeIFw6Ttn5ii5B/q06f/ON1FE8qMt9bDeD1e5MNq6HPh+GlBEXoPBKl
+CcWw0bdT82AUuoVpaiF8H3VhFyAXe2w7QSlc4axa0c2Mm+tgHRns9+Ww2vl5GKVF
+P0lDV9LdJNUso/2RjSe15esUBppMeyG7Oq0wBhjA2MFrLH9ZXF2RsXAiV+uKa0hK
+1Q8p7MZAwC+ITGgBF3f0JBlPvfrhsiAhS90a2Cl9qrjeVOwhVYBsHvUwyKMQ5bLm
+KhQxw4UtjJixhlpPiVktucf3HMiKf8CdBUrmQk9io20ppB+Fq9vlgcitKj1MXVuE
+JnHEhV5xJMqlG2zYYdMa4FTbzrqpMrUi9nNBCV24F10OD5mQ1kfabwo6YigUZ4LZ
+8dCAWZvLMdibD4x3TrVoivJs9iQOLWxwxXPR3hTQcY+203sC9uO41Alua551hDnm
+fyWl8kgAwKQB2j8=
+-----END CERTIFICATE-----
+
+# Issuer: CN=StartCom Certification Authority G2 O=StartCom Ltd.
+# Subject: CN=StartCom Certification Authority G2 O=StartCom Ltd.
+# Label: "StartCom Certification Authority G2"
+# Serial: 59
+# MD5 Fingerprint: 78:4b:fb:9e:64:82:0a:d3:b8:4c:62:f3:64:f2:90:64
+# SHA1 Fingerprint: 31:f1:fd:68:22:63:20:ee:c6:3b:3f:9d:ea:4a:3e:53:7c:7c:39:17
+# SHA256 Fingerprint: c7:ba:65:67:de:93:a7:98:ae:1f:aa:79:1e:71:2d:37:8f:ae:1f:93:c4:39:7f:ea:44:1b:b7:cb:e6:fd:59:95
+-----BEGIN CERTIFICATE-----
+MIIFYzCCA0ugAwIBAgIBOzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJJTDEW
+MBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlm
+aWNhdGlvbiBBdXRob3JpdHkgRzIwHhcNMTAwMTAxMDEwMDAxWhcNMzkxMjMxMjM1
+OTAxWjBTMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEsMCoG
+A1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRzIwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2iTZbB7cgNr2Cu+EWIAOVeq8Oo1XJ
+JZlKxdBWQYeQTSFgpBSHO839sj60ZwNq7eEPS8CRhXBF4EKe3ikj1AENoBB5uNsD
+vfOpL9HG4A/LnooUCri99lZi8cVytjIl2bLzvWXFDSxu1ZJvGIsAQRSCb0AgJnoo
+D/Uefyf3lLE3PbfHkffiAez9lInhzG7TNtYKGXmu1zSCZf98Qru23QumNK9LYP5/
+Q0kGi4xDuFby2X8hQxfqp0iVAXV16iulQ5XqFYSdCI0mblWbq9zSOdIxHWDirMxW
+RST1HFSr7obdljKF+ExP6JV2tgXdNiNnvP8V4so75qbsO+wmETRIjfaAKxojAuuK
+HDp2KntWFhxyKrOq42ClAJ8Em+JvHhRYW6Vsi1g8w7pOOlz34ZYrPu8HvKTlXcxN
+nw3h3Kq74W4a7I/htkxNeXJdFzULHdfBR9qWJODQcqhaX2YtENwvKhOuJv4KHBnM
+0D4LnMgJLvlblnpHnOl68wVQdJVznjAJ85eCXuaPOQgeWeU1FEIT/wCc976qUM/i
+UUjXuG+v+E5+M5iSFGI6dWPPe/regjupuznixL0sAA7IF6wT700ljtizkC+p2il9
+Ha90OrInwMEePnWjFqmveiJdnxMaz6eg6+OGCtP95paV1yPIN93EfKo2rJgaErHg
+TuixO/XWb/Ew1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
+AwIBBjAdBgNVHQ4EFgQUS8W0QGutHLOlHGVuRjaJhwUMDrYwDQYJKoZIhvcNAQEL
+BQADggIBAHNXPyzVlTJ+N9uWkusZXn5T50HsEbZH77Xe7XRcxfGOSeD8bpkTzZ+K
+2s06Ctg6Wgk/XzTQLwPSZh0avZyQN8gMjgdalEVGKua+etqhqaRpEpKwfTbURIfX
+UfEpY9Z1zRbkJ4kd+MIySP3bmdCPX1R0zKxnNBFi2QwKN4fRoxdIjtIXHfbX/dtl
+6/2o1PXWT6RbdejF0mCy2wl+JYt7ulKSnj7oxXehPOBKc2thz4bcQ///If4jXSRK
+9dNtD2IEBVeC2m6kMyV5Sy5UGYvMLD0w6dEG/+gyRr61M3Z3qAFdlsHB1b6uJcDJ
+HgoJIIihDsnzb02CVAAgp9KP5DlUFy6NHrgbuxu9mk47EDTcnIhT76IxW1hPkWLI
+wpqazRVdOKnWvvgTtZ8SafJQYqz7Fzf07rh1Z2AQ+4NQ+US1dZxAF7L+/XldblhY
+XzD8AK6vM8EOTmy6p6ahfzLbOOCxchcKK5HsamMm7YnUeMx0HgX4a/6ManY5Ka5l
+IxKVCCIcl85bBu4M4ru8H0ST9tg4RQUh7eStqxK2A6RCLi3ECToDZ2mEmuFZkIoo
+hdVddLHRDiBYmxOlsGOm7XtH/UVVMKTumtTm4ofvmMkyghEpIrwACjFeLQ/Ajulr
+so8uBtjRkcfGEvRM/TAXw8HaOFvjqermobp573PYtlNXLfbQ4ddI
+-----END CERTIFICATE-----
+
+# Issuer: CN=Buypass Class 2 Root CA O=Buypass AS-983163327
+# Subject: CN=Buypass Class 2 Root CA O=Buypass AS-983163327
+# Label: "Buypass Class 2 Root CA"
+# Serial: 2
+# MD5 Fingerprint: 46:a7:d2:fe:45:fb:64:5a:a8:59:90:9b:78:44:9b:29
+# SHA1 Fingerprint: 49:0a:75:74:de:87:0a:47:fe:58:ee:f6:c7:6b:eb:c6:0b:12:40:99
+# SHA256 Fingerprint: 9a:11:40:25:19:7c:5b:b9:5d:94:e6:3d:55:cd:43:79:08:47:b6:46:b2:3c:df:11:ad:a4:a0:0e:ff:15:fb:48
+-----BEGIN CERTIFICATE-----
+MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd
+MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg
+Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow
+TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw
+HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB
+BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr
+6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV
+L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91
+1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx
+MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ
+QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB
+arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr
+Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi
+FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS
+P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN
+9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP
+AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz
+uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h
+9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s
+A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t
+OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo
++fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7
+KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2
+DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us
+H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ
+I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7
+5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h
+3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz
+Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA=
+-----END CERTIFICATE-----
+
+# Issuer: CN=Buypass Class 3 Root CA O=Buypass AS-983163327
+# Subject: CN=Buypass Class 3 Root CA O=Buypass AS-983163327
+# Label: "Buypass Class 3 Root CA"
+# Serial: 2
+# MD5 Fingerprint: 3d:3b:18:9e:2c:64:5a:e8:d5:88:ce:0e:f9:37:c2:ec
+# SHA1 Fingerprint: da:fa:f7:fa:66:84:ec:06:8f:14:50:bd:c7:c2:81:a5:bc:a9:64:57
+# SHA256 Fingerprint: ed:f7:eb:bc:a2:7a:2a:38:4d:38:7b:7d:40:10:c6:66:e2:ed:b4:84:3e:4c:29:b4:ae:1d:5b:93:32:e6:b2:4d
+-----BEGIN CERTIFICATE-----
+MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd
+MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg
+Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow
+TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw
+HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB
+BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y
+ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E
+N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9
+tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX
+0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c
+/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X
+KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY
+zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS
+O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D
+34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP
+K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3
+AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv
+Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj
+QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV
+cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS
+IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2
+HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa
+O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv
+033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u
+dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE
+kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41
+3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD
+u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq
+4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc=
+-----END CERTIFICATE-----
+
+# Issuer: CN=T-TeleSec GlobalRoot Class 3 O=T-Systems Enterprise Services GmbH OU=T-Systems Trust Center
+# Subject: CN=T-TeleSec GlobalRoot Class 3 O=T-Systems Enterprise Services GmbH OU=T-Systems Trust Center
+# Label: "T-TeleSec GlobalRoot Class 3"
+# Serial: 1
+# MD5 Fingerprint: ca:fb:40:a8:4e:39:92:8a:1d:fe:8e:2f:c4:27:ea:ef
+# SHA1 Fingerprint: 55:a6:72:3e:cb:f2:ec:cd:c3:23:74:70:19:9d:2a:be:11:e3:81:d1
+# SHA256 Fingerprint: fd:73:da:d3:1c:64:4f:f1:b4:3b:ef:0c:cd:da:96:71:0b:9c:d9:87:5e:ca:7e:31:70:7a:f3:e9:6d:52:2b:bd
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx
+KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd
+BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl
+YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1
+OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy
+aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50
+ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN
+8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/
+RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4
+hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5
+ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM
+EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj
+QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1
+A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy
+WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ
+1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30
+6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT
+91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml
+e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p
+TpPDpFQUWw==
+-----END CERTIFICATE-----
+
+# Issuer: CN=EE Certification Centre Root CA O=AS Sertifitseerimiskeskus
+# Subject: CN=EE Certification Centre Root CA O=AS Sertifitseerimiskeskus
+# Label: "EE Certification Centre Root CA"
+# Serial: 112324828676200291871926431888494945866
+# MD5 Fingerprint: 43:5e:88:d4:7d:1a:4a:7e:fd:84:2e:52:eb:01:d4:6f
+# SHA1 Fingerprint: c9:a8:b9:e7:55:80:5e:58:e3:53:77:a7:25:eb:af:c3:7b:27:cc:d7
+# SHA256 Fingerprint: 3e:84:ba:43:42:90:85:16:e7:75:73:c0:99:2f:09:79:ca:08:4e:46:85:68:1f:f1:95:cc:ba:8a:22:9b:8a:76
+-----BEGIN CERTIFICATE-----
+MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1
+MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1
+czEoMCYGA1UEAwwfRUUgQ2VydGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYG
+CSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIwMTAxMDMwMTAxMDMwWhgPMjAzMDEy
+MTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNl
+ZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBS
+b290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUy
+euuOF0+W2Ap7kaJjbMeMTC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvO
+bntl8jixwKIy72KyaOBhU8E2lf/slLo2rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIw
+WFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw93X2PaRka9ZP585ArQ/d
+MtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtNP2MbRMNE
+1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYD
+VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/
+zQas8fElyalL1BSZMEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYB
+BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEF
+BQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+RjxY6hUFaTlrg4wCQiZrxTFGGV
+v9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqMlIpPnTX/dqQG
+E5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u
+uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIW
+iAYLtqZLICjU3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/v
+GVCJYMzpJJUPwssd8m92kMfMdcGWxZ0=
+-----END CERTIFICATE-----
+
+# Issuer: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007
+# Subject: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007
+# Label: "TURKTRUST Certificate Services Provider Root 2007"
+# Serial: 1
+# MD5 Fingerprint: 2b:70:20:56:86:82:a0:18:c8:07:53:12:28:70:21:72
+# SHA1 Fingerprint: f1:7f:6f:b6:31:dc:99:e3:a3:c8:7f:fe:1c:f1:81:10:88:d9:60:33
+# SHA256 Fingerprint: 97:8c:d9:66:f2:fa:a0:7b:a7:aa:95:00:d9:c0:2e:9d:77:f2:cd:ad:a6:ad:6b:a7:4a:f4:b9:1c:66:59:3c:50
+-----BEGIN CERTIFICATE-----
+MIIEPTCCAyWgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvzE/MD0GA1UEAww2VMOc
+UktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx
+c8SxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMV4wXAYDVQQKDFVUw5xS
+S1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kg
+SGl6bWV0bGVyaSBBLsWeLiAoYykgQXJhbMSxayAyMDA3MB4XDTA3MTIyNTE4Mzcx
+OVoXDTE3MTIyMjE4MzcxOVowgb8xPzA9BgNVBAMMNlTDnFJLVFJVU1QgRWxla3Ry
+b25payBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTELMAkGA1UEBhMC
+VFIxDzANBgNVBAcMBkFua2FyYTFeMFwGA1UECgxVVMOcUktUUlVTVCBCaWxnaSDE
+sGxldGnFn2ltIHZlIEJpbGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkgQS7F
+ni4gKGMpIEFyYWzEsWsgMjAwNzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAKu3PgqMyKVYFeaK7yc9SrToJdPNM8Ig3BnuiD9NYvDdE3ePYakqtdTyuTFY
+KTsvP2qcb3N2Je40IIDu6rfwxArNK4aUyeNgsURSsloptJGXg9i3phQvKUmi8wUG
++7RP2qFsmmaf8EMJyupyj+sA1zU511YXRxcw9L6/P8JorzZAwan0qafoEGsIiveG
+HtyaKhUG9qPw9ODHFNRRf8+0222vR5YXm3dx2KdxnSQM9pQ/hTEST7ruToK4uT6P
+IzdezKKqdfcYbwnTrqdUKDT74eA7YH2gvnmJhsifLfkKS8RQouf9eRbHegsYz85M
+733WB2+Y8a+xwXrXgTW4qhe04MsCAwEAAaNCMEAwHQYDVR0OBBYEFCnFkKslrxHk
+Yb+j/4hhkeYO/pyBMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBBQUAA4IBAQAQDdr4Ouwo0RSVgrESLFF6QSU2TJ/sPx+EnWVUXKgW
+AkD6bho3hO9ynYYKVZ1WKKxmLNA6VpM0ByWtCLCPyA8JWcqdmBzlVPi5RX9ql2+I
+aE1KBiY3iAIOtsbWcpnOa3faYjGkVh+uX4132l32iPwa2Z61gfAyuOOI0JzzaqC5
+mxRZNTZPz/OOXl0XrRWV2N2y1RVuAE6zS89mlOTgzbUF2mNXi+WzqtvALhyQRNsa
+XRik7r4EW5nVcV9VZWRi1aKbBFmGyGJ353yCRWo9F7/snXUMrqNvWtMvmDb08PUZ
+qxFdyKbjKlhqQgnDvZImZjINXQhVdP+MmNAKpoRq0Tl9
+-----END CERTIFICATE-----
+
+# Issuer: CN=D-TRUST Root Class 3 CA 2 2009 O=D-Trust GmbH
+# Subject: CN=D-TRUST Root Class 3 CA 2 2009 O=D-Trust GmbH
+# Label: "D-TRUST Root Class 3 CA 2 2009"
+# Serial: 623603
+# MD5 Fingerprint: cd:e0:25:69:8d:47:ac:9c:89:35:90:f7:fd:51:3d:2f
+# SHA1 Fingerprint: 58:e8:ab:b0:36:15:33:fb:80:f7:9b:1b:6d:29:d3:ff:8d:5f:00:f0
+# SHA256 Fingerprint: 49:e7:a4:42:ac:f0:ea:62:87:05:00:54:b5:25:64:b6:50:e4:f4:9e:42:e3:48:d6:aa:38:e0:39:e9:57:b1:c1
+-----BEGIN CERTIFICATE-----
+MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF
+MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD
+bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha
+ME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMM
+HkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOADER03
+UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42
+tSHKXzlABF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9R
+ySPocq60vFYJfxLLHLGvKZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsM
+lFqVlNpQmvH/pStmMaTJOKDfHR+4CS7zp+hnUquVH+BGPtikw8paxTGA6Eian5Rp
+/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUCAwEAAaOCARowggEWMA8G
+A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ4PGEMA4G
+A1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVj
+dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUy
+MENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRl
+cmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3Js
+L2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmwwDQYJKoZIhvcNAQEL
+BQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm2H6NMLVwMeni
+acfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0
+o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4K
+zCUqNQT4YJEVdT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8
+PIWmawomDeCTmGCufsYkl4phX5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3Y
+Johw1+qRzT65ysCQblrGXnRl11z+o+I=
+-----END CERTIFICATE-----
+
+# Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009 O=D-Trust GmbH
+# Subject: CN=D-TRUST Root Class 3 CA 2 EV 2009 O=D-Trust GmbH
+# Label: "D-TRUST Root Class 3 CA 2 EV 2009"
+# Serial: 623604
+# MD5 Fingerprint: aa:c6:43:2c:5e:2d:cd:c4:34:c0:50:4f:11:02:4f:b6
+# SHA1 Fingerprint: 96:c9:1b:0b:95:b4:10:98:42:fa:d0:d8:22:79:fe:60:fa:b9:16:83
+# SHA256 Fingerprint: ee:c5:49:6b:98:8c:e9:86:25:b9:34:09:2e:ec:29:08:be:d0:b0:f3:16:c2:d4:73:0c:84:ea:f1:f3:d3:48:81
+-----BEGIN CERTIFICATE-----
+MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF
+MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD
+bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw
+NDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV
+BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpn
+ljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM0
+3TP1YtHhzRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6Z
+qQTMFexgaDbtCHu39b+T7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lR
+p75mpoo6Kr3HGrHhFPC+Oh25z1uxav60sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8
+HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure3511H3a6UCAwEAAaOCASQw
+ggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyvcop9Ntea
+HNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFw
+Oi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh
+c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E
+RT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQt
+dHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDku
+Y3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp
+3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05
+nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF
+CSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na
+xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX
+KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1
+-----END CERTIFICATE-----
+
+# Issuer: CN=Autoridad de Certificacion Raiz del Estado Venezolano O=Sistema Nacional de Certificacion Electronica OU=Superintendencia de Servicios de Certificacion Electronica
+# Subject: CN=PSCProcert O=Sistema Nacional de Certificacion Electronica OU=Proveedor de Certificados PROCERT
+# Label: "PSCProcert"
+# Serial: 11
+# MD5 Fingerprint: e6:24:e9:12:01:ae:0c:de:8e:85:c4:ce:a3:12:dd:ec
+# SHA1 Fingerprint: 70:c1:8d:74:b4:28:81:0a:e4:fd:a5:75:d7:01:9f:99:b0:3d:50:74
+# SHA256 Fingerprint: 3c:fc:3c:14:d1:f6:84:ff:17:e3:8c:43:ca:44:0c:00:b9:67:ec:93:3e:8b:fe:06:4c:a1:d7:2c:90:f2:ad:b0
+-----BEGIN CERTIFICATE-----
+MIIJhjCCB26gAwIBAgIBCzANBgkqhkiG9w0BAQsFADCCAR4xPjA8BgNVBAMTNUF1
+dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIFJhaXogZGVsIEVzdGFkbyBWZW5lem9s
+YW5vMQswCQYDVQQGEwJWRTEQMA4GA1UEBxMHQ2FyYWNhczEZMBcGA1UECBMQRGlz
+dHJpdG8gQ2FwaXRhbDE2MDQGA1UEChMtU2lzdGVtYSBOYWNpb25hbCBkZSBDZXJ0
+aWZpY2FjaW9uIEVsZWN0cm9uaWNhMUMwQQYDVQQLEzpTdXBlcmludGVuZGVuY2lh
+IGRlIFNlcnZpY2lvcyBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMSUwIwYJ
+KoZIhvcNAQkBFhZhY3JhaXpAc3VzY2VydGUuZ29iLnZlMB4XDTEwMTIyODE2NTEw
+MFoXDTIwMTIyNTIzNTk1OVowgdExJjAkBgkqhkiG9w0BCQEWF2NvbnRhY3RvQHBy
+b2NlcnQubmV0LnZlMQ8wDQYDVQQHEwZDaGFjYW8xEDAOBgNVBAgTB01pcmFuZGEx
+KjAoBgNVBAsTIVByb3ZlZWRvciBkZSBDZXJ0aWZpY2Fkb3MgUFJPQ0VSVDE2MDQG
+A1UEChMtU2lzdGVtYSBOYWNpb25hbCBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9u
+aWNhMQswCQYDVQQGEwJWRTETMBEGA1UEAxMKUFNDUHJvY2VydDCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBANW39KOUM6FGqVVhSQ2oh3NekS1wwQYalNo9
+7BVCwfWMrmoX8Yqt/ICV6oNEolt6Vc5Pp6XVurgfoCfAUFM+jbnADrgV3NZs+J74
+BCXfgI8Qhd19L3uA3VcAZCP4bsm+lU/hdezgfl6VzbHvvnpC2Mks0+saGiKLt38G
+ieU89RLAu9MLmV+QfI4tL3czkkohRqipCKzx9hEC2ZUWno0vluYC3XXCFCpa1sl9
+JcLB/KpnheLsvtF8PPqv1W7/U0HU9TI4seJfxPmOEO8GqQKJ/+MMbpfg353bIdD0
+PghpbNjU5Db4g7ayNo+c7zo3Fn2/omnXO1ty0K+qP1xmk6wKImG20qCZyFSTXai2
+0b1dCl53lKItwIKOvMoDKjSuc/HUtQy9vmebVOvh+qBa7Dh+PsHMosdEMXXqP+UH
+0quhJZb25uSgXTcYOWEAM11G1ADEtMo88aKjPvM6/2kwLkDd9p+cJsmWN63nOaK/
+6mnbVSKVUyqUtd+tFjiBdWbjxywbk5yqjKPK2Ww8F22c3HxT4CAnQzb5EuE8XL1m
+v6JpIzi4mWCZDlZTOpx+FIywBm/xhnaQr/2v/pDGj59/i5IjnOcVdo/Vi5QTcmn7
+K2FjiO/mpF7moxdqWEfLcU8UC17IAggmosvpr2uKGcfLFFb14dq12fy/czja+eev
+bqQ34gcnAgMBAAGjggMXMIIDEzASBgNVHRMBAf8ECDAGAQH/AgEBMDcGA1UdEgQw
+MC6CD3N1c2NlcnRlLmdvYi52ZaAbBgVghl4CAqASDBBSSUYtRy0yMDAwNDAzNi0w
+MB0GA1UdDgQWBBRBDxk4qpl/Qguk1yeYVKIXTC1RVDCCAVAGA1UdIwSCAUcwggFD
+gBStuyIdxuDSAaj9dlBSk+2YwU2u06GCASakggEiMIIBHjE+MDwGA1UEAxM1QXV0
+b3JpZGFkIGRlIENlcnRpZmljYWNpb24gUmFpeiBkZWwgRXN0YWRvIFZlbmV6b2xh
+bm8xCzAJBgNVBAYTAlZFMRAwDgYDVQQHEwdDYXJhY2FzMRkwFwYDVQQIExBEaXN0
+cml0byBDYXBpdGFsMTYwNAYDVQQKEy1TaXN0ZW1hIE5hY2lvbmFsIGRlIENlcnRp
+ZmljYWNpb24gRWxlY3Ryb25pY2ExQzBBBgNVBAsTOlN1cGVyaW50ZW5kZW5jaWEg
+ZGUgU2VydmljaW9zIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25pY2ExJTAjBgkq
+hkiG9w0BCQEWFmFjcmFpekBzdXNjZXJ0ZS5nb2IudmWCAQowDgYDVR0PAQH/BAQD
+AgEGME0GA1UdEQRGMESCDnByb2NlcnQubmV0LnZloBUGBWCGXgIBoAwMClBTQy0w
+MDAwMDKgGwYFYIZeAgKgEgwQUklGLUotMzE2MzUzNzMtNzB2BgNVHR8EbzBtMEag
+RKBChkBodHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52ZS9sY3IvQ0VSVElGSUNBRE8t
+UkFJWi1TSEEzODRDUkxERVIuY3JsMCOgIaAfhh1sZGFwOi8vYWNyYWl6LnN1c2Nl
+cnRlLmdvYi52ZTA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAGGG2h0dHA6Ly9v
+Y3NwLnN1c2NlcnRlLmdvYi52ZTBBBgNVHSAEOjA4MDYGBmCGXgMBAjAsMCoGCCsG
+AQUFBwIBFh5odHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52ZS9kcGMwDQYJKoZIhvcN
+AQELBQADggIBACtZ6yKZu4SqT96QxtGGcSOeSwORR3C7wJJg7ODU523G0+1ng3dS
+1fLld6c2suNUvtm7CpsR72H0xpkzmfWvADmNg7+mvTV+LFwxNG9s2/NkAZiqlCxB
+3RWGymspThbASfzXg0gTB1GEMVKIu4YXx2sviiCtxQuPcD4quxtxj7mkoP3Yldmv
+Wb8lK5jpY5MvYB7Eqvh39YtsL+1+LrVPQA3uvFd359m21D+VJzog1eWuq2w1n8Gh
+HVnchIHuTQfiSLaeS5UtQbHh6N5+LwUeaO6/u5BlOsju6rEYNxxik6SgMexxbJHm
+pHmJWhSnFFAFTKQAVzAswbVhltw+HoSvOULP5dAssSS830DD7X9jSr3hTxJkhpXz
+sOfIt+FTvZLm8wyWuevo5pLtp4EJFAv8lXrPj9Y0TzYS3F7RNHXGRoAvlQSMx4bE
+qCaJqD8Zm4G7UaRKhqsLEQ+xrmNTbSjq3TNWOByyrYDT13K9mmyZY+gAu0F2Bbdb
+mRiKw7gSXFbPVgx96OLP7bx0R/vu0xdOIk9W/1DzLuY5poLWccret9W6aAjtmcz9
+opLLabid+Qqkpj5PkygqYWwHJgD/ll9ohri4zspV4KuxPX+Y1zMOWj3YeMLEYC/H
+YvBhkdI4sPaeVdtAgAUSM84dkpvRabP/v/GSCmE1P93+hvS84Bpxs2Km
+-----END CERTIFICATE-----
+
+# Issuer: CN=China Internet Network Information Center EV Certificates Root O=China Internet Network Information Center
+# Subject: CN=China Internet Network Information Center EV Certificates Root O=China Internet Network Information Center
+# Label: "China Internet Network Information Center EV Certificates Root"
+# Serial: 1218379777
+# MD5 Fingerprint: 55:5d:63:00:97:bd:6a:97:f5:67:ab:4b:fb:6e:63:15
+# SHA1 Fingerprint: 4f:99:aa:93:fb:2b:d1:37:26:a1:99:4a:ce:7f:f0:05:f2:93:5d:1e
+# SHA256 Fingerprint: 1c:01:c6:f4:db:b2:fe:fc:22:55:8b:2b:ca:32:56:3f:49:84:4a:cf:c3:2b:7b:e4:b0:ff:59:9f:9e:8c:7a:f7
+-----BEGIN CERTIFICATE-----
+MIID9zCCAt+gAwIBAgIESJ8AATANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMC
+Q04xMjAwBgNVBAoMKUNoaW5hIEludGVybmV0IE5ldHdvcmsgSW5mb3JtYXRpb24g
+Q2VudGVyMUcwRQYDVQQDDD5DaGluYSBJbnRlcm5ldCBOZXR3b3JrIEluZm9ybWF0
+aW9uIENlbnRlciBFViBDZXJ0aWZpY2F0ZXMgUm9vdDAeFw0xMDA4MzEwNzExMjVa
+Fw0zMDA4MzEwNzExMjVaMIGKMQswCQYDVQQGEwJDTjEyMDAGA1UECgwpQ2hpbmEg
+SW50ZXJuZXQgTmV0d29yayBJbmZvcm1hdGlvbiBDZW50ZXIxRzBFBgNVBAMMPkNo
+aW5hIEludGVybmV0IE5ldHdvcmsgSW5mb3JtYXRpb24gQ2VudGVyIEVWIENlcnRp
+ZmljYXRlcyBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm35z
+7r07eKpkQ0H1UN+U8i6yjUqORlTSIRLIOTJCBumD1Z9S7eVnAztUwYyZmczpwA//
+DdmEEbK40ctb3B75aDFk4Zv6dOtouSCV98YPjUesWgbdYavi7NifFy2cyjw1l1Vx
+zUOFsUcW9SxTgHbP0wBkvUCZ3czY28Sf1hNfQYOL+Q2HklY0bBoQCxfVWhyXWIQ8
+hBouXJE0bhlffxdpxWXvayHG1VA6v2G5BY3vbzQ6sm8UY78WO5upKv23KzhmBsUs
+4qpnHkWnjQRmQvaPK++IIGmPMowUc9orhpFjIpryp9vOiYurXccUwVswah+xt54u
+gQEC7c+WXmPbqOY4twIDAQABo2MwYTAfBgNVHSMEGDAWgBR8cks5x8DbYqVPm6oY
+NJKiyoOCWTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4E
+FgQUfHJLOcfA22KlT5uqGDSSosqDglkwDQYJKoZIhvcNAQEFBQADggEBACrDx0M3
+j92tpLIM7twUbY8opJhJywyA6vPtI2Z1fcXTIWd50XPFtQO3WKwMVC/GVhMPMdoG
+52U7HW8228gd+f2ABsqjPWYWqJ1MFn3AlUa1UeTiH9fqBk1jjZaM7+czV0I664zB
+echNdn3e9rG3geCg+aF4RhcaVpjwTj2rHO3sOdwHSPdj/gauwqRcalsyiMXHM4Ws
+ZkJHwlgkmeHlPuV1LI5D1l08eB6olYIpUNHRFrrvwb562bTYzB5MRuF3sTGrvSrI
+zo9uoV1/A3U05K2JRVRevq4opbs/eHnrc7MKDf2+yfdWrPa37S+bISnHOLaVxATy
+wy39FCqQmbkHzJ8=
+-----END CERTIFICATE-----
+
+# Issuer: CN=Swisscom Root CA 2 O=Swisscom OU=Digital Certificate Services
+# Subject: CN=Swisscom Root CA 2 O=Swisscom OU=Digital Certificate Services
+# Label: "Swisscom Root CA 2"
+# Serial: 40698052477090394928831521023204026294
+# MD5 Fingerprint: 5b:04:69:ec:a5:83:94:63:18:a7:86:d0:e4:f2:6e:19
+# SHA1 Fingerprint: 77:47:4f:c6:30:e4:0f:4c:47:64:3f:84:ba:b8:c6:95:4a:8a:41:ec
+# SHA256 Fingerprint: f0:9b:12:2c:71:14:f4:a0:9b:d4:ea:4f:4a:99:d5:58:b4:6e:4c:25:cd:81:14:0d:29:c0:56:13:91:4c:38:41
+-----BEGIN CERTIFICATE-----
+MIIF2TCCA8GgAwIBAgIQHp4o6Ejy5e/DfEoeWhhntjANBgkqhkiG9w0BAQsFADBk
+MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0
+YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg
+Q0EgMjAeFw0xMTA2MjQwODM4MTRaFw0zMTA2MjUwNzM4MTRaMGQxCzAJBgNVBAYT
+AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp
+Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAyMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlUJOhJ1R5tMJ6HJaI2nbeHCOFvEr
+jw0DzpPMLgAIe6szjPTpQOYXTKueuEcUMncy3SgM3hhLX3af+Dk7/E6J2HzFZ++r
+0rk0X2s682Q2zsKwzxNoysjL67XiPS4h3+os1OD5cJZM/2pYmLcX5BtS5X4HAB1f
+2uY+lQS3aYg5oUFgJWFLlTloYhyxCwWJwDaCFCE/rtuh/bxvHGCGtlOUSbkrRsVP
+ACu/obvLP+DHVxxX6NZp+MEkUp2IVd3Chy50I9AU/SpHWrumnf2U5NGKpV+GY3aF
+y6//SSj8gO1MedK75MDvAe5QQQg1I3ArqRa0jG6F6bYRzzHdUyYb3y1aSgJA/MTA
+tukxGggo5WDDH8SQjhBiYEQN7Aq+VRhxLKX0srwVYv8c474d2h5Xszx+zYIdkeNL
+6yxSNLCK/RJOlrDrcH+eOfdmQrGrrFLadkBXeyq96G4DsguAhYidDMfCd7Camlf0
+uPoTXGiTOmekl9AbmbeGMktg2M7v0Ax/lZ9vh0+Hio5fCHyqW/xavqGRn1V9TrAL
+acywlKinh/LTSlDcX3KwFnUey7QYYpqwpzmqm59m2I2mbJYV4+by+PGDYmy7Velh
+k6M99bFXi08jsJvllGov34zflVEpYKELKeRcVVi3qPyZ7iVNTA6z00yPhOgpD/0Q
+VAKFyPnlw4vP5w8CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw
+FDASBgdghXQBUwIBBgdghXQBUwIBMBIGA1UdEwEB/wQIMAYBAf8CAQcwHQYDVR0O
+BBYEFE0mICKJS9PVpAqhb97iEoHF8TwuMB8GA1UdIwQYMBaAFE0mICKJS9PVpAqh
+b97iEoHF8TwuMA0GCSqGSIb3DQEBCwUAA4ICAQAyCrKkG8t9voJXiblqf/P0wS4R
+fbgZPnm3qKhyN2abGu2sEzsOv2LwnN+ee6FTSA5BesogpxcbtnjsQJHzQq0Qw1zv
+/2BZf82Fo4s9SBwlAjxnffUy6S8w5X2lejjQ82YqZh6NM4OKb3xuqFp1mrjX2lhI
+REeoTPpMSQpKwhI3qEAMw8jh0FcNlzKVxzqfl9NX+Ave5XLzo9v/tdhZsnPdTSpx
+srpJ9csc1fV5yJmz/MFMdOO0vSk3FQQoHt5FRnDsr7p4DooqzgB53MBfGWcsa0vv
+aGgLQ+OswWIJ76bdZWGgr4RVSJFSHMYlkSrQwSIjYVmvRRGFHQEkNI/Ps/8XciAT
+woCqISxxOQ7Qj1zB09GOInJGTB2Wrk9xseEFKZZZ9LuedT3PDTcNYtsmjGOpI99n
+Bjx8Oto0QuFmtEYE3saWmA9LSHokMnWRn6z3aOkquVVlzl1h0ydw2Df+n7mvoC5W
+t6NlUe07qxS/TFED6F+KBZvuim6c779o+sjaC+NCydAXFJy3SuCvkychVSa1ZC+N
+8f+mQAWFBVzKBxlcCxMoTFh/wqXvRdpg065lYZ1Tg3TCrvJcwhbtkj6EPnNgiLx2
+9CzP0H1907he0ZESEOnN3col49XtmS++dYFLJPlFRpTJKSFTnCZFqhMX5OfNeOI5
+wSsSnqaeG8XmDtkx2Q==
+-----END CERTIFICATE-----
+
+# Issuer: CN=Swisscom Root EV CA 2 O=Swisscom OU=Digital Certificate Services
+# Subject: CN=Swisscom Root EV CA 2 O=Swisscom OU=Digital Certificate Services
+# Label: "Swisscom Root EV CA 2"
+# Serial: 322973295377129385374608406479535262296
+# MD5 Fingerprint: 7b:30:34:9f:dd:0a:4b:6b:35:ca:31:51:28:5d:ae:ec
+# SHA1 Fingerprint: e7:a1:90:29:d3:d5:52:dc:0d:0f:c6:92:d3:ea:88:0d:15:2e:1a:6b
+# SHA256 Fingerprint: d9:5f:ea:3c:a4:ee:dc:e7:4c:d7:6e:75:fc:6d:1f:f6:2c:44:1f:0f:a8:bc:77:f0:34:b1:9e:5d:b2:58:01:5d
+-----BEGIN CERTIFICATE-----
+MIIF4DCCA8igAwIBAgIRAPL6ZOJ0Y9ON/RAdBB92ylgwDQYJKoZIhvcNAQELBQAw
+ZzELMAkGA1UEBhMCY2gxETAPBgNVBAoTCFN3aXNzY29tMSUwIwYDVQQLExxEaWdp
+dGFsIENlcnRpZmljYXRlIFNlcnZpY2VzMR4wHAYDVQQDExVTd2lzc2NvbSBSb290
+IEVWIENBIDIwHhcNMTEwNjI0MDk0NTA4WhcNMzEwNjI1MDg0NTA4WjBnMQswCQYD
+VQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0YWwgQ2Vy
+dGlmaWNhdGUgU2VydmljZXMxHjAcBgNVBAMTFVN3aXNzY29tIFJvb3QgRVYgQ0Eg
+MjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMT3HS9X6lds93BdY7Bx
+UglgRCgzo3pOCvrY6myLURYaVa5UJsTMRQdBTxB5f3HSek4/OE6zAMaVylvNwSqD
+1ycfMQ4jFrclyxy0uYAyXhqdk/HoPGAsp15XGVhRXrwsVgu42O+LgrQ8uMIkqBPH
+oCE2G3pXKSinLr9xJZDzRINpUKTk4RtiGZQJo/PDvO/0vezbE53PnUgJUmfANykR
+HvvSEaeFGHR55E+FFOtSN+KxRdjMDUN/rhPSays/p8LiqG12W0OfvrSdsyaGOx9/
+5fLoZigWJdBLlzin5M8J0TbDC77aO0RYjb7xnglrPvMyxyuHxuxenPaHZa0zKcQv
+idm5y8kDnftslFGXEBuGCxobP/YCfnvUxVFkKJ3106yDgYjTdLRZncHrYTNaRdHL
+OdAGalNgHa/2+2m8atwBz735j9m9W8E6X47aD0upm50qKGsaCnw8qyIL5XctcfaC
+NYGu+HuB5ur+rPQam3Rc6I8k9l2dRsQs0h4rIWqDJ2dVSqTjyDKXZpBy2uPUZC5f
+46Fq9mDU5zXNysRojddxyNMkM3OxbPlq4SjbX8Y96L5V5jcb7STZDxmPX2MYWFCB
+UWVv8p9+agTnNCRxunZLWB4ZvRVgRaoMEkABnRDixzgHcgplwLa7JSnaFp6LNYth
+7eVxV4O1PHGf40+/fh6Bn0GXAgMBAAGjgYYwgYMwDgYDVR0PAQH/BAQDAgGGMB0G
+A1UdIQQWMBQwEgYHYIV0AVMCAgYHYIV0AVMCAjASBgNVHRMBAf8ECDAGAQH/AgED
+MB0GA1UdDgQWBBRF2aWBbj2ITY1x0kbBbkUe88SAnTAfBgNVHSMEGDAWgBRF2aWB
+bj2ITY1x0kbBbkUe88SAnTANBgkqhkiG9w0BAQsFAAOCAgEAlDpzBp9SSzBc1P6x
+XCX5145v9Ydkn+0UjrgEjihLj6p7jjm02Vj2e6E1CqGdivdj5eu9OYLU43otb98T
+PLr+flaYC/NUn81ETm484T4VvwYmneTwkLbUwp4wLh/vx3rEUMfqe9pQy3omywC0
+Wqu1kx+AiYQElY2NfwmTv9SoqORjbdlk5LgpWgi/UOGED1V7XwgiG/W9mR4U9s70
+WBCCswo9GcG/W6uqmdjyMb3lOGbcWAXH7WMaLgqXfIeTK7KK4/HsGOV1timH59yL
+Gn602MnTihdsfSlEvoqq9X46Lmgxk7lq2prg2+kupYTNHAq4Sgj5nPFhJpiTt3tm
+7JFe3VE/23MPrQRYCd0EApUKPtN236YQHoA96M2kZNEzx5LH4k5E4wnJTsJdhw4S
+nr8PyQUQ3nqjsTzyP6WqJ3mtMX0f/fwZacXduT98zca0wjAefm6S139hdlqP65VN
+vBFuIXxZN5nQBrz5Bm0yFqXZaajh3DyAHmBR3NdUIR7KYndP+tiPsys6DXhyyWhB
+WkdKwqPrGtcKqzwyVcgKEZzfdNbwQBUdyLmPtTbFr/giuMod89a2GQ+fYWVq6nTI
+fI/DT11lgh/ZDYnadXL77/FHZxOzyNEZiCcmmpl5fx7kLD977vHeTYuWl8PVP3wb
+I+2ksx0WckNLIOFZfsLorSa/ovc=
+-----END CERTIFICATE-----
+
+# Issuer: CN=CA Disig Root R1 O=Disig a.s.
+# Subject: CN=CA Disig Root R1 O=Disig a.s.
+# Label: "CA Disig Root R1"
+# Serial: 14052245610670616104
+# MD5 Fingerprint: be:ec:11:93:9a:f5:69:21:bc:d7:c1:c0:67:89:cc:2a
+# SHA1 Fingerprint: 8e:1c:74:f8:a6:20:b9:e5:8a:f4:61:fa:ec:2b:47:56:51:1a:52:c6
+# SHA256 Fingerprint: f9:6f:23:f4:c3:e7:9c:07:7a:46:98:8d:5a:f5:90:06:76:a0:f0:39:cb:64:5d:d1:75:49:b2:16:c8:24:40:ce
+-----BEGIN CERTIFICATE-----
+MIIFaTCCA1GgAwIBAgIJAMMDmu5QkG4oMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNV
+BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu
+MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIxMB4XDTEyMDcxOTA5MDY1NloXDTQy
+MDcxOTA5MDY1NlowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx
+EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjEw
+ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCqw3j33Jijp1pedxiy3QRk
+D2P9m5YJgNXoqqXinCaUOuiZc4yd39ffg/N4T0Dhf9Kn0uXKE5Pn7cZ3Xza1lK/o
+OI7bm+V8u8yN63Vz4STN5qctGS7Y1oprFOsIYgrY3LMATcMjfF9DCCMyEtztDK3A
+fQ+lekLZWnDZv6fXARz2m6uOt0qGeKAeVjGu74IKgEH3G8muqzIm1Cxr7X1r5OJe
+IgpFy4QxTaz+29FHuvlglzmxZcfe+5nkCiKxLU3lSCZpq+Kq8/v8kiky6bM+TR8n
+oc2OuRf7JT7JbvN32g0S9l3HuzYQ1VTW8+DiR0jm3hTaYVKvJrT1cU/J19IG32PK
+/yHoWQbgCNWEFVP3Q+V8xaCJmGtzxmjOZd69fwX3se72V6FglcXM6pM6vpmumwKj
+rckWtc7dXpl4fho5frLABaTAgqWjR56M6ly2vGfb5ipN0gTco65F97yLnByn1tUD
+3AjLLhbKXEAz6GfDLuemROoRRRw1ZS0eRWEkG4IupZ0zXWX4Qfkuy5Q/H6MMMSRE
+7cderVC6xkGbrPAXZcD4XW9boAo0PO7X6oifmPmvTiT6l7Jkdtqr9O3jw2Dv1fkC
+yC2fg69naQanMVXVz0tv/wQFx1isXxYb5dKj6zHbHzMVTdDypVP1y+E9Tmgt2BLd
+qvLmTZtJ5cUoobqwWsagtQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBBjAdBgNVHQ4EFgQUiQq0OJMa5qvum5EY+fU8PjXQ04IwDQYJKoZI
+hvcNAQEFBQADggIBADKL9p1Kyb4U5YysOMo6CdQbzoaz3evUuii+Eq5FLAR0rBNR
+xVgYZk2C2tXck8An4b58n1KeElb21Zyp9HWc+jcSjxyT7Ff+Bw+r1RL3D65hXlaA
+SfX8MPWbTx9BLxyE04nH4toCdu0Jz2zBuByDHBb6lM19oMgY0sidbvW9adRtPTXo
+HqJPYNcHKfyyo6SdbhWSVhlMCrDpfNIZTUJG7L399ldb3Zh+pE3McgODWF3vkzpB
+emOqfDqo9ayk0d2iLbYq/J8BjuIQscTK5GfbVSUZP/3oNn6z4eGBrxEWi1CXYBmC
+AMBrTXO40RMHPuq2MU/wQppt4hF05ZSsjYSVPCGvxdpHyN85YmLLW1AL14FABZyb
+7bq2ix4Eb5YgOe2kfSnbSM6C3NQCjR0EMVrHS/BsYVLXtFHCgWzN4funodKSds+x
+DzdYpPJScWc/DIh4gInByLUfkmO+p3qKViwaqKactV2zY9ATIKHrkWzQjX2v3wvk
+F7mGnjixlAxYjOBVqjtjbZqJYLhkKpLGN/R+Q0O3c+gB53+XD9fyexn9GtePyfqF
+a3qdnom2piiZk4hA9z7NUaPK6u95RyG1/jLix8NRb76AdPCkwzryT+lf3xkK8jsT
+Q6wxpLPn6/wY1gGp8yqPNg7rtLG8t0zJa7+h89n07eLw4+1knj0vllJPgFOL
+-----END CERTIFICATE-----
+
+# Issuer: CN=CA Disig Root R2 O=Disig a.s.
+# Subject: CN=CA Disig Root R2 O=Disig a.s.
+# Label: "CA Disig Root R2"
+# Serial: 10572350602393338211
+# MD5 Fingerprint: 26:01:fb:d8:27:a7:17:9a:45:54:38:1a:43:01:3b:03
+# SHA1 Fingerprint: b5:61:eb:ea:a4:de:e4:25:4b:69:1a:98:a5:57:47:c2:34:c7:d9:71
+# SHA256 Fingerprint: e2:3d:4a:03:6d:7b:70:e9:f5:95:b1:42:20:79:d2:b9:1e:df:bb:1f:b6:51:a0:63:3e:aa:8a:9d:c5:f8:07:03
+-----BEGIN CERTIFICATE-----
+MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV
+BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu
+MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQy
+MDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx
+EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjIw
+ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbCw3Oe
+NcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNH
+PWSb6WiaxswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3I
+x2ymrdMxp7zo5eFm1tL7A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbe
+QTg06ov80egEFGEtQX6sx3dOy1FU+16SGBsEWmjGycT6txOgmLcRK7fWV8x8nhfR
+yyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqVg8NTEQxzHQuyRpDRQjrO
+QG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa5Beny912
+H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJ
+QfYEkoopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUD
+i/ZnWejBBhG93c+AAk9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORs
+nLMOPReisjQS1n6yqEm70XooQL6iFh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1
+rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5uQu0wDQYJKoZI
+hvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM
+tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqf
+GopTpti72TVVsRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkb
+lvdhuDvEK7Z4bLQjb/D907JedR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka
++elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W81k/BfDxujRNt+3vrMNDcTa/F1bal
+TFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjxmHHEt38OFdAlab0i
+nSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01utI3
+gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18Dr
+G5gPcFw0sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3Os
+zMOl6W8KjptlwlCFtaOgUxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8x
+L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL
+-----END CERTIFICATE-----
+
+# Issuer: CN=ACCVRAIZ1 O=ACCV OU=PKIACCV
+# Subject: CN=ACCVRAIZ1 O=ACCV OU=PKIACCV
+# Label: "ACCVRAIZ1"
+# Serial: 6828503384748696800
+# MD5 Fingerprint: d0:a0:5a:ee:05:b6:09:94:21:a1:7d:f1:b2:29:82:02
+# SHA1 Fingerprint: 93:05:7a:88:15:c6:4f:ce:88:2f:fa:91:16:52:28:78:bc:53:64:17
+# SHA256 Fingerprint: 9a:6e:c0:12:e1:a7:da:9d:be:34:19:4d:47:8a:d7:c0:db:18:22:fb:07:1d:f1:29:81:49:6e:d1:04:38:41:13
+-----BEGIN CERTIFICATE-----
+MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UE
+AwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQsw
+CQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQ
+BgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwHUEtJQUNDVjENMAsGA1UECgwEQUND
+VjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCb
+qau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gMjmoY
+HtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWo
+G2ioPej0RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpA
+lHPrzg5XPAOBOp0KoVdDaaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhr
+IA8wKFSVf+DuzgpmndFALW4ir50awQUZ0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/
+0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDGWuzndN9wrqODJerWx5eH
+k6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs78yM2x/47
+4KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMO
+m3WR5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpa
+cXpkatcnYGMN285J9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPl
+uUsXQA+xtrn13k/c4LOsOxFwYIRKQ26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYI
+KwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRwOi8vd3d3LmFjY3YuZXMvZmls
+ZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEuY3J0MB8GCCsG
+AQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2
+VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeT
+VfZW6oHlNsyMHj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIG
+CCsGAQUFBwICMIIBFB6CARAAQQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUA
+cgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBhAO0AegAgAGQAZQAgAGwAYQAgAEEA
+QwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUAYwBuAG8AbABvAGcA
+7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBjAHQA
+cgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAA
+QwBQAFMAIABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUA
+czAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2Mu
+aHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRt
+aW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2MV9kZXIuY3JsMA4GA1Ud
+DwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZIhvcNAQEF
+BQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdp
+D70ER9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gU
+JyCpZET/LtZ1qmxNYEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+m
+AM/EKXMRNt6GGT6d7hmKG9Ww7Y49nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepD
+vV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJTS+xJlsndQAJxGJ3KQhfnlms
+tn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3sCPdK6jT2iWH
+7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h
+I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szA
+h1xA2syVP1XgNce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xF
+d3+YJ5oyXSrjhO7FmGYvliAd3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2H
+pPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7
+-----END CERTIFICATE-----
+
+# Issuer: CN=TWCA Global Root CA O=TAIWAN-CA OU=Root CA
+# Subject: CN=TWCA Global Root CA O=TAIWAN-CA OU=Root CA
+# Label: "TWCA Global Root CA"
+# Serial: 3262
+# MD5 Fingerprint: f9:03:7e:cf:e6:9e:3c:73:7a:2a:90:07:69:ff:2b:96
+# SHA1 Fingerprint: 9c:bb:48:53:f6:a4:f6:d3:52:a4:e8:32:52:55:60:13:f5:ad:af:65
+# SHA256 Fingerprint: 59:76:90:07:f7:68:5d:0f:cd:50:87:2f:9f:95:d5:75:5a:5b:2b:45:7d:81:f3:69:2b:61:0a:98:67:2f:0e:1b
+-----BEGIN CERTIFICATE-----
+MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx
+EjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT
+VFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5
+NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsT
+B1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF
+10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz
+0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfCh
+MBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbH
+zIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc
+46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2
+yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCi
+laLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYP
+oA/pyJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQA
+BDzfuBSO6N+pjWxnkjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcE
+qYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm
+4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6gcFGn90xHNcgL
+1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn
+LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WF
+H6vPNOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNo
+RI2T9GRwoD2dKAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+
+nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh
+15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW
+6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3mi4TW
+nsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5j
+wa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWz
+aGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmy
+KwbQBM0=
+-----END CERTIFICATE-----
+
+# Issuer: CN=TeliaSonera Root CA v1 O=TeliaSonera
+# Subject: CN=TeliaSonera Root CA v1 O=TeliaSonera
+# Label: "TeliaSonera Root CA v1"
+# Serial: 199041966741090107964904287217786801558
+# MD5 Fingerprint: 37:41:49:1b:18:56:9a:26:f5:ad:c2:66:fb:40:a5:4c
+# SHA1 Fingerprint: 43:13:bb:96:f1:d5:86:9b:c1:4e:6a:92:f6:cf:f6:34:69:87:82:37
+# SHA256 Fingerprint: dd:69:36:fe:21:f8:f0:77:c1:23:a1:a5:21:c1:22:24:f7:22:55:b7:3e:03:a7:26:06:93:e8:a2:4b:0f:a3:89
+-----BEGIN CERTIFICATE-----
+MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw
+NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv
+b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD
+VQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2
+MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+6yfwIaPzaSZVfp3F
+VRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA3GV1
+7CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+X
+Z75Ljo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+
+/jXh7VB7qTCNGdMJjmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs
+81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkm
+dtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3F0fUTPHSiXk+TT2YqGHe
+Oh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJoWjiUIMu
+sDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4
+pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fs
+slESl1MpWtTwEhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQ
+arMCpgKIv7NHfirZ1fpoeDVNAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYD
+VR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qWDNXr+nuqF+gTEjANBgkqhkiG
+9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNmzqjMDfz1mgbl
+dxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx
+0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1Tj
+TQpgcmLNkQfWpb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBed
+Y2gea+zDTYa4EzAvXUYNR0PVG6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7
+Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpcc41teyWRyu5FrgZLAMzTsVlQ2jqI
+OylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOTJsjrDNYmiLbAJM+7
+vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2qReW
+t88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcn
+HL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx
+SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY=
+-----END CERTIFICATE-----
+
+# Issuer: CN=E-Tugra Certification Authority O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş. OU=E-Tugra Sertifikasyon Merkezi
+# Subject: CN=E-Tugra Certification Authority O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş. OU=E-Tugra Sertifikasyon Merkezi
+# Label: "E-Tugra Certification Authority"
+# Serial: 7667447206703254355
+# MD5 Fingerprint: b8:a1:03:63:b0:bd:21:71:70:8a:6f:13:3a:bb:79:49
+# SHA1 Fingerprint: 51:c6:e7:08:49:06:6e:f3:92:d4:5c:a0:0d:6d:a3:62:8f:c3:52:39
+# SHA256 Fingerprint: b0:bf:d5:2b:b0:d7:d9:bd:92:bf:5d:4d:c1:3d:a2:55:c0:2c:54:2f:37:83:65:ea:89:39:11:f5:5e:55:f2:3c
+-----BEGIN CERTIFICATE-----
+MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV
+BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC
+aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV
+BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1
+Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz
+MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+
+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp
+em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN
+ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY
+B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH
+D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF
+Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo
+q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D
+k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH
+fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut
+dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM
+ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8
+zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn
+rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX
+U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6
+Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5
+XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF
+Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR
+HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY
+GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c
+77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3
++GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK
+vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6
+FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl
+yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P
+AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD
+y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d
+NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA==
+-----END CERTIFICATE-----
+
+# Issuer: CN=T-TeleSec GlobalRoot Class 2 O=T-Systems Enterprise Services GmbH OU=T-Systems Trust Center
+# Subject: CN=T-TeleSec GlobalRoot Class 2 O=T-Systems Enterprise Services GmbH OU=T-Systems Trust Center
+# Label: "T-TeleSec GlobalRoot Class 2"
+# Serial: 1
+# MD5 Fingerprint: 2b:9b:9e:e4:7b:6c:1f:00:72:1a:cc:c1:77:79:df:6a
+# SHA1 Fingerprint: 59:0d:2d:7d:88:4f:40:2e:61:7e:a5:62:32:17:65:cf:17:d8:94:e9
+# SHA256 Fingerprint: 91:e2:f5:78:8d:58:10:eb:a7:ba:58:73:7d:e1:54:8a:8e:ca:cd:01:45:98:bc:0b:14:3e:04:1b:17:05:25:52
+-----BEGIN CERTIFICATE-----
+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx
+KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd
+BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl
+YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1
+OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy
+aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50
+ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd
+AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC
+FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi
+1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq
+jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ
+wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj
+QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/
+WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy
+NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC
+uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw
+IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6
+g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN
+9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP
+BSeOE6Fuwg==
+-----END CERTIFICATE-----
+
+# Issuer: CN=Atos TrustedRoot 2011 O=Atos
+# Subject: CN=Atos TrustedRoot 2011 O=Atos
+# Label: "Atos TrustedRoot 2011"
+# Serial: 6643877497813316402
+# MD5 Fingerprint: ae:b9:c4:32:4b:ac:7f:5d:66:cc:77:94:bb:2a:77:56
+# SHA1 Fingerprint: 2b:b1:f5:3e:55:0c:1d:c5:f1:d4:e6:b7:6a:46:4b:55:06:02:ac:21
+# SHA256 Fingerprint: f3:56:be:a2:44:b7:a9:1e:b3:5d:53:ca:9a:d7:86:4a:ce:01:8e:2d:35:d5:f8:f9:6d:df:68:a6:f4:1a:a4:74
+-----BEGIN CERTIFICATE-----
+MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE
+AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG
+EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM
+FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC
+REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp
+Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM
+VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+
+SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ
+4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L
+cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi
+eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV
+HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG
+A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3
+DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j
+vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP
+DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc
+maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D
+lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv
+KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed
+-----END CERTIFICATE-----
+
+# Issuer: CN=QuoVadis Root CA 1 G3 O=QuoVadis Limited
+# Subject: CN=QuoVadis Root CA 1 G3 O=QuoVadis Limited
+# Label: "QuoVadis Root CA 1 G3"
+# Serial: 687049649626669250736271037606554624078720034195
+# MD5 Fingerprint: a4:bc:5b:3f:fe:37:9a:fa:64:f0:e2:fa:05:3d:0b:ab
+# SHA1 Fingerprint: 1b:8e:ea:57:96:29:1a:c9:39:ea:b8:0a:81:1a:73:73:c0:93:79:67
+# SHA256 Fingerprint: 8a:86:6f:d1:b2:76:b5:7e:57:8e:92:1c:65:82:8a:2b:ed:58:e9:f2:f2:88:05:41:34:b7:f1:f4:bf:c9:cc:74
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL
+BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc
+BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00
+MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
+aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEgRzMwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakEPBtV
+wedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWe
+rNrwU8lmPNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF341
+68Xfuw6cwI2H44g4hWf6Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh
+4Pw5qlPafX7PGglTvF0FBM+hSo+LdoINofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXp
+UhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/lg6AnhF4EwfWQvTA9xO+o
+abw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV7qJZjqlc
+3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/G
+KubX9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSt
+hfbZxbGL0eUQMk1fiyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KO
+Tk0k+17kBL5yG6YnLUlamXrXXAkgt3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOt
+zCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZIhvcNAQELBQAD
+ggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC
+MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2
+cDMT/uFPpiN3GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUN
+qXsCHKnQO18LwIE6PWThv6ctTr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5
+YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP+V04ikkwj+3x6xn0dxoxGE1nVGwv
+b2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2
+8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k
+NSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj
+ZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp
+q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt
+nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD
+-----END CERTIFICATE-----
+
+# Issuer: CN=QuoVadis Root CA 2 G3 O=QuoVadis Limited
+# Subject: CN=QuoVadis Root CA 2 G3 O=QuoVadis Limited
+# Label: "QuoVadis Root CA 2 G3"
+# Serial: 390156079458959257446133169266079962026824725800
+# MD5 Fingerprint: af:0c:86:6e:bf:40:2d:7f:0b:3e:12:50:ba:12:3d:06
+# SHA1 Fingerprint: 09:3c:61:f3:8b:8b:dc:7d:55:df:75:38:02:05:00:e1:25:f5:c8:36
+# SHA256 Fingerprint: 8f:e4:fb:0a:f9:3a:4d:0d:67:db:0b:eb:b2:3e:37:c7:1b:f3:25:dc:bc:dd:24:0e:a0:4d:af:58:b4:7e:18:40
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL
+BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc
+BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00
+MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
+aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFhZiFf
+qq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMW
+n4rjyduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ym
+c5GQYaYDFCDy54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+
+O7q414AB+6XrW7PFXmAqMaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1
+o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0j
+IaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZoL1NesNKq
+IcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz
+8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43eh
+vNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l
+7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALG
+cC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQAD
+ggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66
+AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RC
+roijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0Ga
+W/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4n
+lv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/JHyPLhGGfHoJE
++V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV
+csaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd
+dbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg
+KCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM
+HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4
+WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M
+-----END CERTIFICATE-----
+
+# Issuer: CN=QuoVadis Root CA 3 G3 O=QuoVadis Limited
+# Subject: CN=QuoVadis Root CA 3 G3 O=QuoVadis Limited
+# Label: "QuoVadis Root CA 3 G3"
+# Serial: 268090761170461462463995952157327242137089239581
+# MD5 Fingerprint: df:7d:b9:ad:54:6f:68:a1:df:89:57:03:97:43:b0:d7
+# SHA1 Fingerprint: 48:12:bd:92:3c:a8:c4:39:06:e7:30:6d:27:96:e6:a4:cf:22:2e:7d
+# SHA256 Fingerprint: 88:ef:81:de:20:2e:b0:18:45:2e:43:f8:64:72:5c:ea:5f:bd:1f:c2:d9:d2:05:73:07:09:c5:d8:b8:69:0f:46
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL
+BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc
+BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00
+MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
+aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286IxSR
+/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNu
+FoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXR
+U7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+c
+ra1AdHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERROR
+FHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/k
+A9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzw
+eyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634Ryl
+sSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBp
+VzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0Q
+A4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+
+ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+BjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQAD
+ggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px
+KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnI
+FUBhynLWcKzSt/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5Wvv
+oxXqA/4Ti2Tk08HS6IT7SdEQTXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFg
+u/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9DuDcpmvJRPpq3t/O5jrFc/ZSXPsoaP
+0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf
+3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl
+8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+
+DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN
+PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/
+ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0
+-----END CERTIFICATE-----
+
+# Issuer: CN=DigiCert Assured ID Root G2 O=DigiCert Inc OU=www.digicert.com
+# Subject: CN=DigiCert Assured ID Root G2 O=DigiCert Inc OU=www.digicert.com
+# Label: "DigiCert Assured ID Root G2"
+# Serial: 15385348160840213938643033620894905419
+# MD5 Fingerprint: 92:38:b9:f8:63:24:82:65:2c:57:33:e6:fe:81:8f:9d
+# SHA1 Fingerprint: a1:4b:48:d9:43:ee:0a:0e:40:90:4f:3c:e0:a4:c0:91:93:51:5d:3f
+# SHA256 Fingerprint: 7d:05:eb:b6:82:33:9f:8c:94:51:ee:09:4e:eb:fe:fa:79:53:a1:14:ed:b2:f4:49:49:45:2f:ab:7d:2f:c1:85
+-----BEGIN CERTIFICATE-----
+MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
+b3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
+cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA
+n61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc
+biJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp
+EgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA
+bx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu
+YjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB
+AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW
+BBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI
+QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I
+0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni
+lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9
+B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv
+ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo
+IhNzbM8m9Yop5w==
+-----END CERTIFICATE-----
+
+# Issuer: CN=DigiCert Assured ID Root G3 O=DigiCert Inc OU=www.digicert.com
+# Subject: CN=DigiCert Assured ID Root G3 O=DigiCert Inc OU=www.digicert.com
+# Label: "DigiCert Assured ID Root G3"
+# Serial: 15459312981008553731928384953135426796
+# MD5 Fingerprint: 7c:7f:65:31:0c:81:df:8d:ba:3e:99:e2:5c:ad:6e:fb
+# SHA1 Fingerprint: f5:17:a2:4f:9a:48:c6:c9:f8:a2:00:26:9f:dc:0f:48:2c:ab:30:89
+# SHA256 Fingerprint: 7e:37:cb:8b:4c:47:09:0c:ab:36:55:1b:a6:f4:5d:b8:40:68:0f:ba:16:6a:95:2d:b1:00:71:7f:43:05:3f:c2
+-----BEGIN CERTIFICATE-----
+MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw
+CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu
+ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg
+RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV
+UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu
+Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq
+hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf
+Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q
+RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
+BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD
+AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY
+JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv
+6pZjamVFkpUBtA==
+-----END CERTIFICATE-----
+
+# Issuer: CN=DigiCert Global Root G2 O=DigiCert Inc OU=www.digicert.com
+# Subject: CN=DigiCert Global Root G2 O=DigiCert Inc OU=www.digicert.com
+# Label: "DigiCert Global Root G2"
+# Serial: 4293743540046975378534879503202253541
+# MD5 Fingerprint: e4:a6:8a:c8:54:ac:52:42:46:0a:fd:72:48:1b:2a:44
+# SHA1 Fingerprint: df:3c:24:f9:bf:d6:66:76:1b:26:80:73:fe:06:d1:cc:8d:4f:82:a4
+# SHA256 Fingerprint: cb:3c:cb:b7:60:31:e5:e0:13:8f:8d:d3:9a:23:f9:de:47:ff:c3:5e:43:c1:14:4c:ea:27:d4:6a:5a:b1:cb:5f
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
+MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
+2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
+1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
+q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
+tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
+vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV
+5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY
+1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
+NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
+Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
+8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
+pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
+MrY=
+-----END CERTIFICATE-----
+
+# Issuer: CN=DigiCert Global Root G3 O=DigiCert Inc OU=www.digicert.com
+# Subject: CN=DigiCert Global Root G3 O=DigiCert Inc OU=www.digicert.com
+# Label: "DigiCert Global Root G3"
+# Serial: 7089244469030293291760083333884364146
+# MD5 Fingerprint: f5:5d:a4:50:a5:fb:28:7e:1e:0f:0d:cc:96:57:56:ca
+# SHA1 Fingerprint: 7e:04:de:89:6a:3e:66:6d:00:e6:87:d3:3f:fa:d9:3b:e8:3d:34:9e
+# SHA256 Fingerprint: 31:ad:66:48:f8:10:41:38:c7:38:f3:9e:a4:32:01:33:39:3e:3a:18:cc:02:29:6e:f9:7c:2a:c9:ef:67:31:d0
+-----BEGIN CERTIFICATE-----
+MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw
+CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu
+ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe
+Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw
+EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x
+IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF
+K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG
+fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO
+Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd
+BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx
+AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/
+oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8
+sycX
+-----END CERTIFICATE-----
+
+# Issuer: CN=DigiCert Trusted Root G4 O=DigiCert Inc OU=www.digicert.com
+# Subject: CN=DigiCert Trusted Root G4 O=DigiCert Inc OU=www.digicert.com
+# Label: "DigiCert Trusted Root G4"
+# Serial: 7451500558977370777930084869016614236
+# MD5 Fingerprint: 78:f2:fc:aa:60:1f:2f:b4:eb:c9:37:ba:53:2e:75:49
+# SHA1 Fingerprint: dd:fb:16:cd:49:31:c9:73:a2:03:7d:3f:c8:3a:4d:7d:77:5d:05:e4
+# SHA256 Fingerprint: 55:2f:7b:dc:f1:a7:af:9e:6c:e6:72:01:7f:4f:12:ab:f7:72:40:c7:8e:76:1a:c2:03:d1:d9:d2:0a:c8:99:88
+-----BEGIN CERTIFICATE-----
+MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg
+RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV
+UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu
+Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y
+ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If
+xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV
+ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO
+DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ
+jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/
+CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi
+EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM
+fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY
+uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK
+chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t
+9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
+hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD
+ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2
+SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd
++SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc
+fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa
+sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N
+cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N
+0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie
+4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI
+r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1
+/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm
+gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+
+-----END CERTIFICATE-----
+
+# Issuer: CN=Certification Authority of WoSign O=WoSign CA Limited
+# Subject: CN=Certification Authority of WoSign O=WoSign CA Limited
+# Label: "WoSign"
+# Serial: 125491772294754854453622855443212256657
+# MD5 Fingerprint: a1:f2:f9:b5:d2:c8:7a:74:b8:f3:05:f1:d7:e1:84:8d
+# SHA1 Fingerprint: b9:42:94:bf:91:ea:8f:b6:4b:e6:10:97:c7:fb:00:13:59:b6:76:cb
+# SHA256 Fingerprint: 4b:22:d5:a6:ae:c9:9f:3c:db:79:aa:5e:c0:68:38:47:9c:d5:ec:ba:71:64:f7:f2:2d:c1:d6:5f:63:d8:57:08
+-----BEGIN CERTIFICATE-----
+MIIFdjCCA16gAwIBAgIQXmjWEXGUY1BWAGjzPsnFkTANBgkqhkiG9w0BAQUFADBV
+MQswCQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxKjAoBgNV
+BAMTIUNlcnRpZmljYXRpb24gQXV0aG9yaXR5IG9mIFdvU2lnbjAeFw0wOTA4MDgw
+MTAwMDFaFw0zOTA4MDgwMTAwMDFaMFUxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFX
+b1NpZ24gQ0EgTGltaXRlZDEqMCgGA1UEAxMhQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkgb2YgV29TaWduMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvcqN
+rLiRFVaXe2tcesLea9mhsMMQI/qnobLMMfo+2aYpbxY94Gv4uEBf2zmoAHqLoE1U
+fcIiePyOCbiohdfMlZdLdNiefvAA5A6JrkkoRBoQmTIPJYhTpA2zDxIIFgsDcScc
+f+Hb0v1naMQFXQoOXXDX2JegvFNBmpGN9J42Znp+VsGQX+axaCA2pIwkLCxHC1l2
+ZjC1vt7tj/id07sBMOby8w7gLJKA84X5KIq0VC6a7fd2/BVoFutKbOsuEo/Uz/4M
+x1wdC34FMr5esAkqQtXJTpCzWQ27en7N1QhatH/YHGkR+ScPewavVIMYe+HdVHpR
+aG53/Ma/UkpmRqGyZxq7o093oL5d//xWC0Nyd5DKnvnyOfUNqfTq1+ezEC8wQjch
+zDBwyYaYD8xYTYO7feUapTeNtqwylwA6Y3EkHp43xP901DfA4v6IRmAR3Qg/UDar
+uHqklWJqbrDKaiFaafPz+x1wOZXzp26mgYmhiMU7ccqjUu6Du/2gd/Tkb+dC221K
+mYo0SLwX3OSACCK28jHAPwQ+658geda4BmRkAjHXqc1S+4RFaQkAKtxVi8QGRkvA
+Sh0JWzko/amrzgD5LkhLJuYwTKVYyrREgk/nkR4zw7CT/xH8gdLKH3Ep3XZPkiWv
+HYG3Dy+MwwbMLyejSuQOmbp8HkUff6oZRZb9/D0CAwEAAaNCMEAwDgYDVR0PAQH/
+BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOFmzw7R8bNLtwYgFP6H
+EtX2/vs+MA0GCSqGSIb3DQEBBQUAA4ICAQCoy3JAsnbBfnv8rWTjMnvMPLZdRtP1
+LOJwXcgu2AZ9mNELIaCJWSQBnfmvCX0KI4I01fx8cpm5o9dU9OpScA7F9dY74ToJ
+MuYhOZO9sxXqT2r09Ys/L3yNWC7F4TmgPsc9SnOeQHrAK2GpZ8nzJLmzbVUsWh2e
+JXLOC62qx1ViC777Y7NhRCOjy+EaDveaBk3e1CNOIZZbOVtXHS9dCF4Jef98l7VN
+g64N1uajeeAz0JmWAjCnPv/So0M/BVoG6kQC2nz4SNAzqfkHx5Xh9T71XXG68pWp
+dIhhWeO/yloTunK0jF02h+mmxTwTv97QRCbut+wucPrXnbes5cVAWubXbHssw1ab
+R80LzvobtCHXt2a49CUwi1wNuepnsvRtrtWhnk/Yn+knArAdBtaP4/tIEp9/EaEQ
+PkxROpaw0RPxx9gmrjrKkcRpnd8BKWRRb2jaFOwIQZeQjdCygPLPwj2/kWjFgGce
+xGATVdVhmVd8upUPYUk6ynW8yQqTP2cOEvIo4jEbwFcW3wh8GcF+Dx+FHgo2fFt+
+J7x6v+Db9NpSvd4MVHAxkUOVyLzwPt0JfjBkUO1/AaQzZ01oT74V77D2AhGiGxMl
+OtzCWfHjXEa7ZywCRuoeSKbmW9m1vFGikpbbqsY3Iqb+zCB0oy2pLmvLwIIRIbWT
+ee5Ehr7XHuQe+w==
+-----END CERTIFICATE-----
+
+# Issuer: CN=CA 沃通根证书 O=WoSign CA Limited
+# Subject: CN=CA 沃通根证书 O=WoSign CA Limited
+# Label: "WoSign China"
+# Serial: 106921963437422998931660691310149453965
+# MD5 Fingerprint: 78:83:5b:52:16:76:c4:24:3b:83:78:e8:ac:da:9a:93
+# SHA1 Fingerprint: 16:32:47:8d:89:f9:21:3a:92:00:85:63:f5:a4:a7:d3:12:40:8a:d6
+# SHA256 Fingerprint: d6:f0:34:bd:94:aa:23:3f:02:97:ec:a4:24:5b:28:39:73:e4:47:aa:59:0f:31:0c:77:f4:8f:df:83:11:22:54
+-----BEGIN CERTIFICATE-----
+MIIFWDCCA0CgAwIBAgIQUHBrzdgT/BtOOzNy0hFIjTANBgkqhkiG9w0BAQsFADBG
+MQswCQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxGzAZBgNV
+BAMMEkNBIOayg+mAmuagueivgeS5pjAeFw0wOTA4MDgwMTAwMDFaFw0zOTA4MDgw
+MTAwMDFaMEYxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRl
+ZDEbMBkGA1UEAwwSQ0Eg5rKD6YCa5qC56K+B5LmmMIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEA0EkhHiX8h8EqwqzbdoYGTufQdDTc7WU1/FDWiD+k8H/r
+D195L4mx/bxjWDeTmzj4t1up+thxx7S8gJeNbEvxUNUqKaqoGXqW5pWOdO2XCld1
+9AXbbQs5uQF/qvbW2mzmBeCkTVL829B0txGMe41P/4eDrv8FAxNXUDf+jJZSEExf
+v5RxadmWPgxDT74wwJ85dE8GRV2j1lY5aAfMh09Qd5Nx2UQIsYo06Yms25tO4dnk
+UkWMLhQfkWsZHWgpLFbE4h4TV2TwYeO5Ed+w4VegG63XX9Gv2ystP9Bojg/qnw+L
+NVgbExz03jWhCl3W6t8Sb8D7aQdGctyB9gQjF+BNdeFyb7Ao65vh4YOhn0pdr8yb
++gIgthhid5E7o9Vlrdx8kHccREGkSovrlXLp9glk3Kgtn3R46MGiCWOc76DbT52V
+qyBPt7D3h1ymoOQ3OMdc4zUPLK2jgKLsLl3Az+2LBcLmc272idX10kaO6m1jGx6K
+yX2m+Jzr5dVjhU1zZmkR/sgO9MHHZklTfuQZa/HpelmjbX7FF+Ynxu8b22/8DU0G
+AbQOXDBGVWCvOGU6yke6rCzMRh+yRpY/8+0mBe53oWprfi1tWFxK1I5nuPHa1UaK
+J/kR8slC/k7e3x9cxKSGhxYzoacXGKUN5AXlK8IrC6KVkLn9YDxOiT7nnO4fuwEC
+AwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
+BBYEFOBNv9ybQV0T6GTwp+kVpOGBwboxMA0GCSqGSIb3DQEBCwUAA4ICAQBqinA4
+WbbaixjIvirTthnVZil6Xc1bL3McJk6jfW+rtylNpumlEYOnOXOvEESS5iVdT2H6
+yAa+Tkvv/vMx/sZ8cApBWNromUuWyXi8mHwCKe0JgOYKOoICKuLJL8hWGSbueBwj
+/feTZU7n85iYr83d2Z5AiDEoOqsuC7CsDCT6eiaY8xJhEPRdF/d+4niXVOKM6Cm6
+jBAyvd0zaziGfjk9DgNyp115j0WKWa5bIW4xRtVZjc8VX90xJc/bYNaBRHIpAlf2
+ltTW/+op2znFuCyKGo3Oy+dCMYYFaA6eFN0AkLppRQjbbpCBhqcqBT/mhDn4t/lX
+X0ykeVoQDF7Va/81XwVRHmyjdanPUIPTfPRm94KNPQx96N97qA4bLJyuQHCH2u2n
+FoJavjVsIE4iYdm8UXrNemHcSxH5/mc0zy4EZmFcV5cjjPOGG0jfKq+nwf/Yjj4D
+u9gqsPoUJbJRa4ZDhS4HIxaAjUz7tGM7zMN07RujHv41D198HRaG9Q7DlfEvr10l
+O1Hm13ZBONFLAzkopR6RctR9q5czxNM+4Gm2KHmgCY0c0f9BckgG/Jou5yD5m6Le
+ie2uPAmvylezkolwQOQvT8Jwg0DXJCxr5wkf09XHwQj02w47HAcLQxGEIYbpgNR1
+2KvxAmLBsX5VYc8T1yaw15zLKYs4SgsOkI26oQ==
+-----END CERTIFICATE-----
+
+# Issuer: CN=COMODO RSA Certification Authority O=COMODO CA Limited
+# Subject: CN=COMODO RSA Certification Authority O=COMODO CA Limited
+# Label: "COMODO RSA Certification Authority"
+# Serial: 101909084537582093308941363524873193117
+# MD5 Fingerprint: 1b:31:b0:71:40:36:cc:14:36:91:ad:c4:3e:fd:ec:18
+# SHA1 Fingerprint: af:e5:d2:44:a8:d1:19:42:30:ff:47:9f:e2:f8:97:bb:cd:7a:8c:b4
+# SHA256 Fingerprint: 52:f0:e1:c4:e5:8e:c6:29:29:1b:60:31:7f:07:46:71:b8:5d:7e:a8:0d:5b:07:27:34:63:53:4b:32:b4:02:34
+-----BEGIN CERTIFICATE-----
+MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB
+hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
+BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5
+MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
+EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
+Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR
+6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X
+pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC
+9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV
+/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf
+Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z
++pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w
+qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah
+SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC
+u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf
+Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq
+crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
+FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
+/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl
+wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM
+4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV
+2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna
+FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ
+CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK
+boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke
+jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL
+S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb
+QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl
+0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB
+NVOFBkpdn627G190
+-----END CERTIFICATE-----
+
+# Issuer: CN=USERTrust RSA Certification Authority O=The USERTRUST Network
+# Subject: CN=USERTrust RSA Certification Authority O=The USERTRUST Network
+# Label: "USERTrust RSA Certification Authority"
+# Serial: 2645093764781058787591871645665788717
+# MD5 Fingerprint: 1b:fe:69:d1:91:b7:19:33:a3:72:a8:0f:e1:55:e5:b5
+# SHA1 Fingerprint: 2b:8f:1b:57:33:0d:bb:a2:d0:7a:6c:51:f7:0e:e9:0d:da:b9:ad:8e
+# SHA256 Fingerprint: e7:93:c9:b0:2f:d8:aa:13:e2:1c:31:22:8a:cc:b0:81:19:64:3b:74:9c:89:89:64:b1:74:6d:46:c3:d4:cb:d2
+-----BEGIN CERTIFICATE-----
+MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB
+iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
+cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
+BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw
+MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV
+BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
+aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy
+dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B
+3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY
+tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/
+Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2
+VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT
+79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6
+c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT
+Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l
+c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee
+UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE
+Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
+BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G
+A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF
+Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO
+VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3
+ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs
+8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR
+iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze
+Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ
+XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/
+qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB
+VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB
+L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG
+jjxDah2nGN59PRbxYvnKkKj9
+-----END CERTIFICATE-----
+
+# Issuer: CN=USERTrust ECC Certification Authority O=The USERTRUST Network
+# Subject: CN=USERTrust ECC Certification Authority O=The USERTRUST Network
+# Label: "USERTrust ECC Certification Authority"
+# Serial: 123013823720199481456569720443997572134
+# MD5 Fingerprint: fa:68:bc:d9:b5:7f:ad:fd:c9:1d:06:83:28:cc:24:c1
+# SHA1 Fingerprint: d1:cb:ca:5d:b2:d5:2a:7f:69:3b:67:4d:e5:f0:5a:1d:0c:95:7d:f0
+# SHA256 Fingerprint: 4f:f4:60:d5:4b:9c:86:da:bf:bc:fc:57:12:e0:40:0d:2b:ed:3f:bc:4d:4f:bd:aa:86:e0:6a:dc:d2:a9:ad:7a
+-----BEGIN CERTIFICATE-----
+MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl
+eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT
+JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx
+MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg
+VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm
+aWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo
+I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng
+o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G
+A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB
+zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW
+RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg=
+-----END CERTIFICATE-----
+
+# Issuer: CN=GlobalSign O=GlobalSign OU=GlobalSign ECC Root CA - R4
+# Subject: CN=GlobalSign O=GlobalSign OU=GlobalSign ECC Root CA - R4
+# Label: "GlobalSign ECC Root CA - R4"
+# Serial: 14367148294922964480859022125800977897474
+# MD5 Fingerprint: 20:f0:27:68:d1:7e:a0:9d:0e:e6:2a:ca:df:5c:89:8e
+# SHA1 Fingerprint: 69:69:56:2e:40:80:f4:24:a1:e7:19:9f:14:ba:f3:ee:58:ab:6a:bb
+# SHA256 Fingerprint: be:c9:49:11:c2:95:56:76:db:6c:0a:55:09:86:d7:6e:3b:a0:05:66:7c:44:2c:97:62:b4:fb:b7:73:de:22:8c
+-----BEGIN CERTIFICATE-----
+MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk
+MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH
+bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX
+DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD
+QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ
+FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw
+DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F
+uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX
+kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs
+ewv4n4Q=
+-----END CERTIFICATE-----
+
+# Issuer: CN=GlobalSign O=GlobalSign OU=GlobalSign ECC Root CA - R5
+# Subject: CN=GlobalSign O=GlobalSign OU=GlobalSign ECC Root CA - R5
+# Label: "GlobalSign ECC Root CA - R5"
+# Serial: 32785792099990507226680698011560947931244
+# MD5 Fingerprint: 9f:ad:3b:1c:02:1e:8a:ba:17:74:38:81:0c:a2:bc:08
+# SHA1 Fingerprint: 1f:24:c6:30:cd:a4:18:ef:20:69:ff:ad:4f:dd:5f:46:3a:1b:69:aa
+# SHA256 Fingerprint: 17:9f:bc:14:8a:3d:d0:0f:d2:4e:a1:34:58:cc:43:bf:a7:f5:9c:81:82:d7:83:a5:13:f6:eb:ec:10:0c:89:24
+-----BEGIN CERTIFICATE-----
+MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk
+MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH
+bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX
+DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD
+QSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc
+8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke
+hOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI
+KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg
+515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO
+xwy8p2Fp8fc74SrL+SvzZpA3
+-----END CERTIFICATE-----
+
+# Issuer: CN=Staat der Nederlanden Root CA - G3 O=Staat der Nederlanden
+# Subject: CN=Staat der Nederlanden Root CA - G3 O=Staat der Nederlanden
+# Label: "Staat der Nederlanden Root CA - G3"
+# Serial: 10003001
+# MD5 Fingerprint: 0b:46:67:07:db:10:2f:19:8c:35:50:60:d1:0b:f4:37
+# SHA1 Fingerprint: d8:eb:6b:41:51:92:59:e0:f3:e7:85:00:c0:3d:b6:88:97:c9:ee:fc
+# SHA256 Fingerprint: 3c:4f:b0:b9:5a:b8:b3:00:32:f4:32:b8:6f:53:5f:e1:72:c1:85:d0:fd:39:86:58:37:cf:36:18:7f:a6:f4:28
+-----BEGIN CERTIFICATE-----
+MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO
+TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh
+dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloX
+DTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl
+ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv
+b3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4yolQP
+cPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WW
+IkYFsO2tx1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqX
+xz8ecAgwoNzFs21v0IJyEavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFy
+KJLZWyNtZrVtB0LrpjPOktvA9mxjeM3KTj215VKb8b475lRgsGYeCasH/lSJEULR
+9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUurmkVLoR9BvUhTFXFkC4az
+5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU51nus6+N8
+6U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7
+Ngzp07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHP
+bMk7ccHViLVlvMDoFxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXt
+BznaqB16nzaeErAMZRKQFWDZJkBE41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTt
+XUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMBAAGjQjBAMA8GA1UdEwEB/wQF
+MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleuyjWcLhL75Lpd
+INyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD
+U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwp
+LiniyMMB8jPqKqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8
+Ipf3YF3qKS9Ysr1YvY2WTxB1v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixp
+gZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA8KCWAg8zxXHzniN9lLf9OtMJgwYh
+/WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b8KKaa8MFSu1BYBQw
+0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0rmj1A
+fsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq
+4BZ+Extq1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR
+1VmiiXTTn74eS9fGbbeIJG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/
+QFH1T/U67cjF68IeHRaVesd+QnGTbksVtzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM
+94B7IWcnMFk=
+-----END CERTIFICATE-----
+
+# Issuer: CN=Staat der Nederlanden EV Root CA O=Staat der Nederlanden
+# Subject: CN=Staat der Nederlanden EV Root CA O=Staat der Nederlanden
+# Label: "Staat der Nederlanden EV Root CA"
+# Serial: 10000013
+# MD5 Fingerprint: fc:06:af:7b:e8:1a:f1:9a:b4:e8:d2:70:1f:c0:f5:ba
+# SHA1 Fingerprint: 76:e2:7e:c1:4f:db:82:c1:c0:a6:75:b5:05:be:3d:29:b4:ed:db:bb
+# SHA256 Fingerprint: 4d:24:91:41:4c:fe:95:67:46:ec:4c:ef:a6:cf:6f:72:e2:8a:13:29:43:2f:9d:8a:90:7a:c4:cb:5d:ad:c1:5a
+-----BEGIN CERTIFICATE-----
+MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJO
+TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFh
+dCBkZXIgTmVkZXJsYW5kZW4gRVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0y
+MjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIg
+TmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRlcmxhbmRlbiBFViBS
+b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkkSzrS
+M4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nC
+UiY4iKTWO0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3d
+Z//BYY1jTw+bbRcwJu+r0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46p
+rfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13l
+pJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gVXJrm0w912fxBmJc+qiXb
+j5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr08C+eKxC
+KFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS
+/ZbV0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0X
+cgOPvZuM5l5Tnrmd74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH
+1vI4gnPah1vlPNOePqc7nvQDs/nxfRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrP
+px9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwaivsnuL8wbqg7
+MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI
+eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u
+2dfOWBfoqSmuc0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHS
+v4ilf0X8rLiltTMMgsT7B/Zq5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTC
+wPTxGfARKbalGAKb12NMcIxHowNDXLldRqANb/9Zjr7dn3LDWyvfjFvO5QxGbJKy
+CqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tNf1zuacpzEPuKqf2e
+vTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi5Dp6
+Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIa
+Gl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL
+eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8
+FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc
+7uzXLg==
+-----END CERTIFICATE-----
+
+# Issuer: CN=IdenTrust Commercial Root CA 1 O=IdenTrust
+# Subject: CN=IdenTrust Commercial Root CA 1 O=IdenTrust
+# Label: "IdenTrust Commercial Root CA 1"
+# Serial: 13298821034946342390520003877796839426
+# MD5 Fingerprint: b3:3e:77:73:75:ee:a0:d3:e3:7e:49:63:49:59:bb:c7
+# SHA1 Fingerprint: df:71:7e:aa:4a:d9:4e:c9:55:84:99:60:2d:48:de:5f:bc:f0:3a:25
+# SHA256 Fingerprint: 5d:56:49:9b:e4:d2:e0:8b:cf:ca:d0:8a:3e:38:72:3d:50:50:3b:de:70:69:48:e4:2f:55:60:30:19:e5:28:ae
+-----BEGIN CERTIFICATE-----
+MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK
+MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu
+VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw
+MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw
+JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG
+SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT
+3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU
++ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp
+S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1
+bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi
+T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL
+vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK
+Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK
+dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT
+c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv
+l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N
+iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD
+ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH
+6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt
+LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93
+nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3
++wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK
+W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT
+AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq
+l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG
+4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ
+mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A
+7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H
+-----END CERTIFICATE-----
+
+# Issuer: CN=IdenTrust Public Sector Root CA 1 O=IdenTrust
+# Subject: CN=IdenTrust Public Sector Root CA 1 O=IdenTrust
+# Label: "IdenTrust Public Sector Root CA 1"
+# Serial: 13298821034946342390521976156843933698
+# MD5 Fingerprint: 37:06:a5:b0:fc:89:9d:ba:f4:6b:8c:1a:64:cd:d5:ba
+# SHA1 Fingerprint: ba:29:41:60:77:98:3f:f4:f3:ef:f2:31:05:3b:2e:ea:6d:4d:45:fd
+# SHA256 Fingerprint: 30:d0:89:5a:9a:44:8a:26:20:91:63:55:22:d1:f5:20:10:b5:86:7a:ca:e1:2c:78:ef:95:8f:d4:f4:38:9f:2f
+-----BEGIN CERTIFICATE-----
+MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN
+MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu
+VHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN
+MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0
+MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7
+ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGy
+RBb06tD6Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlS
+bdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF
+/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R
+3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGwyj4GD3vw
+EUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy
+9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V
+GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ
+2fjXctscvG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsV
+WaFHVCkugyhfHMKiq3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gD
+W/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcN
+AQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj
+t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHV
+DRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9
+TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G
+lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwW
+mhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4Df
+WN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5
++bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJ
+tshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhA
+GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv
+8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c
+-----END CERTIFICATE-----
+
+# Issuer: CN=Entrust Root Certification Authority - G2 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2009 Entrust, Inc. - for authorized use only
+# Subject: CN=Entrust Root Certification Authority - G2 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2009 Entrust, Inc. - for authorized use only
+# Label: "Entrust Root Certification Authority - G2"
+# Serial: 1246989352
+# MD5 Fingerprint: 4b:e2:c9:91:96:65:0c:f4:0e:5a:93:92:a0:0a:fe:b2
+# SHA1 Fingerprint: 8c:f4:27:fd:79:0c:3a:d1:66:06:8d:e8:1e:57:ef:bb:93:22:72:d4
+# SHA256 Fingerprint: 43:df:57:74:b0:3e:7f:ef:5f:e4:0d:93:1a:7b:ed:f1:bb:2e:6b:42:73:8c:4e:6d:38:41:10:3d:3a:a7:f3:39
+-----BEGIN CERTIFICATE-----
+MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC
+VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50
+cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs
+IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz
+dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy
+NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu
+dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt
+dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0
+aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T
+RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN
+cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW
+wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1
+U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0
+jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP
+BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN
+BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/
+jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ
+Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v
+1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R
+nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH
+VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g==
+-----END CERTIFICATE-----
+
+# Issuer: CN=Entrust Root Certification Authority - EC1 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2012 Entrust, Inc. - for authorized use only
+# Subject: CN=Entrust Root Certification Authority - EC1 O=Entrust, Inc. OU=See www.entrust.net/legal-terms/(c) 2012 Entrust, Inc. - for authorized use only
+# Label: "Entrust Root Certification Authority - EC1"
+# Serial: 51543124481930649114116133369
+# MD5 Fingerprint: b6:7e:1d:f0:58:c5:49:6c:24:3b:3d:ed:98:18:ed:bc
+# SHA1 Fingerprint: 20:d8:06:40:df:9b:25:f5:12:25:3a:11:ea:f7:59:8a:eb:14:b5:47
+# SHA256 Fingerprint: 02:ed:0e:b2:8c:14:da:45:16:5c:56:67:91:70:0d:64:51:d7:fb:56:f0:b2:ab:1d:3b:8e:b0:70:e5:6e:df:f5
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG
+A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3
+d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu
+dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq
+RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy
+MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD
+VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0
+L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g
+Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD
+ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi
+A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt
+ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH
+Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
+BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC
+R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX
+hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G
+-----END CERTIFICATE-----
+
+# Issuer: CN=CFCA EV ROOT O=China Financial Certification Authority
+# Subject: CN=CFCA EV ROOT O=China Financial Certification Authority
+# Label: "CFCA EV ROOT"
+# Serial: 407555286
+# MD5 Fingerprint: 74:e1:b6:ed:26:7a:7a:44:30:33:94:ab:7b:27:81:30
+# SHA1 Fingerprint: e2:b8:29:4b:55:84:ab:6b:58:c2:90:46:6c:ac:3f:b8:39:8f:84:83
+# SHA256 Fingerprint: 5c:c3:d7:8e:4e:1d:5e:45:54:7a:04:e6:87:3e:64:f9:0c:f9:53:6d:1c:cc:2e:f8:00:f3:55:c4:c5:fd:70:fd
+-----BEGIN CERTIFICATE-----
+MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJD
+TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y
+aXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkx
+MjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5j
+aWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJP
+T1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnVBU03
+sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpL
+TIpTUnrD7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5
+/ZOkVIBMUtRSqy5J35DNuF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp
+7hZZLDRJGqgG16iI0gNyejLi6mhNbiyWZXvKWfry4t3uMCz7zEasxGPrb382KzRz
+EpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7xzbh72fROdOXW3NiGUgt
+hxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9fpy25IGvP
+a931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqot
+aK8KgWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNg
+TnYGmE69g60dWIolhdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfV
+PKPtl8MeNPo4+QgO48BdK4PRVmrJtqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hv
+cWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAfBgNVHSMEGDAWgBTj/i39KNAL
+tbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd
+BgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB
+ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObT
+ej/tUxPQ4i9qecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdL
+jOztUmCypAbqTuv0axn96/Ua4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBS
+ESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sGE5uPhnEFtC+NiWYzKXZUmhH4J/qy
+P5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfXBDrDMlI1Dlb4pd19
+xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjnaH9d
+Ci77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN
+5mydLIhyPDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe
+/v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+Z
+AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ
+5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su
+-----END CERTIFICATE-----
+
+# Issuer: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5 O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş.
+# Subject: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5 O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş.
+# Label: "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
+# Serial: 156233699172481
+# MD5 Fingerprint: da:70:8e:f0:22:df:93:26:f6:5f:9f:d3:15:06:52:4e
+# SHA1 Fingerprint: c4:18:f6:4d:46:d1:df:00:3d:27:30:13:72:43:a9:12:11:c6:75:fb
+# SHA256 Fingerprint: 49:35:1b:90:34:44:c1:85:cc:dc:5c:69:3d:24:d8:55:5c:b2:08:d6:a8:14:13:07:69:9f:4a:f0:63:19:9d:78
+-----BEGIN CERTIFICATE-----
+MIIEJzCCAw+gAwIBAgIHAI4X/iQggTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UE
+BhMCVFIxDzANBgNVBAcMBkFua2FyYTFNMEsGA1UECgxEVMOcUktUUlVTVCBCaWxn
+aSDEsGxldGnFn2ltIHZlIEJpbGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkg
+QS7Fni4xQjBABgNVBAMMOVTDnFJLVFJVU1QgRWxla3Ryb25payBTZXJ0aWZpa2Eg
+SGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSBINTAeFw0xMzA0MzAwODA3MDFaFw0yMzA0
+MjgwODA3MDFaMIGxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMU0wSwYD
+VQQKDERUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8
+dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjFCMEAGA1UEAww5VMOcUktUUlVTVCBF
+bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIEg1MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCUZ4WWe60ghUEoI5RHwWrom
+/4NZzkQqL/7hzmAD/I0Dpe3/a6i6zDQGn1k19uwsu537jVJp45wnEFPzpALFp/kR
+Gml1bsMdi9GYjZOHp3GXDSHHmflS0yxjXVW86B8BSLlg/kJK9siArs1mep5Fimh3
+4khon6La8eHBEJ/rPCmBp+EyCNSgBbGM+42WAA4+Jd9ThiI7/PS98wl+d+yG6w8z
+5UNP9FR1bSmZLmZaQ9/LXMrI5Tjxfjs1nQ/0xVqhzPMggCTTV+wVunUlm+hkS7M0
+hO8EuPbJbKoCPrZV4jI3X/xml1/N1p7HIL9Nxqw/dV8c7TKcfGkAaZHjIxhT6QID
+AQABo0IwQDAdBgNVHQ4EFgQUVpkHHtOsDGlktAxQR95DLL4gwPswDgYDVR0PAQH/
+BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJ5FdnsX
+SDLyOIspve6WSk6BGLFRRyDN0GSxDsnZAdkJzsiZ3GglE9Rc8qPoBP5yCccLqh0l
+VX6Wmle3usURehnmp349hQ71+S4pL+f5bFgWV1Al9j4uPqrtd3GqqpmWRgqujuwq
+URawXs3qZwQcWDD1YIq9pr1N5Za0/EKJAWv2cMhQOQwt1WbZyNKzMrcbGW3LM/nf
+peYVhDfwwvJllpKQd/Ct9JDpEXjXk4nAPQu6KfTomZ1yju2dL+6SfaHx/126M2CF
+Yv4HAqGEVka+lgqaE9chTLd8B59OTj+RdPsnnRHM3eaxynFNExc5JsUpISuTKWqW
++qtB4Uu2NQvAmxU=
+-----END CERTIFICATE-----
+
+# Issuer: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş.
+# Subject: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6 O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş.
+# Label: "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6"
+# Serial: 138134509972618
+# MD5 Fingerprint: f8:c5:ee:2a:6b:be:95:8d:08:f7:25:4a:ea:71:3e:46
+# SHA1 Fingerprint: 8a:5c:8c:ee:a5:03:e6:05:56:ba:d8:1b:d4:f6:c9:b0:ed:e5:2f:e0
+# SHA256 Fingerprint: 8d:e7:86:55:e1:be:7f:78:47:80:0b:93:f6:94:d2:1d:36:8c:c0:6e:03:3e:7f:ab:04:bb:5e:b9:9d:a6:b7:00
+-----BEGIN CERTIFICATE-----
+MIIEJjCCAw6gAwIBAgIGfaHyZeyKMA0GCSqGSIb3DQEBCwUAMIGxMQswCQYDVQQG
+EwJUUjEPMA0GA1UEBwwGQW5rYXJhMU0wSwYDVQQKDERUw5xSS1RSVVNUIEJpbGdp
+IMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBB
+LsWeLjFCMEAGA1UEAww5VMOcUktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBI
+aXptZXQgU2HEn2xhecSxY8Sxc8SxIEg2MB4XDTEzMTIxODA5MDQxMFoXDTIzMTIx
+NjA5MDQxMFowgbExCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExTTBLBgNV
+BAoMRFTDnFJLVFJVU1QgQmlsZ2kgxLBsZXRpxZ9pbSB2ZSBCaWxpxZ9pbSBHw7x2
+ZW5sacSfaSBIaXptZXRsZXJpIEEuxZ4uMUIwQAYDVQQDDDlUw5xSS1RSVVNUIEVs
+ZWt0cm9uaWsgU2VydGlmaWthIEhpem1ldCBTYcSfbGF5xLFjxLFzxLEgSDYwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdsGjW6L0UlqMACprx9MfMkU1x
+eHe59yEmFXNRFpQJRwXiM/VomjX/3EsvMsew7eKC5W/a2uqsxgbPJQ1BgfbBOCK9
++bGlprMBvD9QFyv26WZV1DOzXPhDIHiTVRZwGTLmiddk671IUP320EEDwnS3/faA
+z1vFq6TWlRKb55cTMgPp1KtDWxbtMyJkKbbSk60vbNg9tvYdDjTu0n2pVQ8g9P0p
+u5FbHH3GQjhtQiht1AH7zYiXSX6484P4tZgvsycLSF5W506jM7NE1qXyGJTtHB6p
+lVxiSvgNZ1GpryHV+DKdeboaX+UEVU0TRv/yz3THGmNtwx8XEsMeED5gCLMxAgMB
+AAGjQjBAMB0GA1UdDgQWBBTdVRcT9qzoSCHK77Wv0QAy7Z6MtTAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAb1gNl0Oq
+FlQ+v6nfkkU/hQu7VtMMUszIv3ZnXuaqs6fvuay0EBQNdH49ba3RfdCaqaXKGDsC
+QC4qnFAUi/5XfldcEQlLNkVS9z2sFP1E34uXI9TDwe7UU5X+LEr+DXCqu4svLcsy
+o4LyVN/Y8t3XSHLuSqMplsNEzm61kod2pLv0kmzOLBQJZo6NrRa1xxsJYTvjIKID
+gI6tflEATseWhvtDmHd9KMeP2Cpu54Rvl0EpABZeTeIT6lnAY2c6RPuY/ATTMHKm
+9ocJV612ph1jmv3XZch4gyt1O6VbuA1df74jrlZVlFjvH4GMKrLN5ptjnhi85WsG
+tAuYSyher4hYyw==
+-----END CERTIFICATE-----
+
+# Issuer: CN=Certinomis - Root CA O=Certinomis OU=0002 433998903
+# Subject: CN=Certinomis - Root CA O=Certinomis OU=0002 433998903
+# Label: "Certinomis - Root CA"
+# Serial: 1
+# MD5 Fingerprint: 14:0a:fd:8d:a8:28:b5:38:69:db:56:7e:61:22:03:3f
+# SHA1 Fingerprint: 9d:70:bb:01:a5:a4:a0:18:11:2e:f7:1c:01:b9:32:c5:34:e7:88:a8
+# SHA256 Fingerprint: 2a:99:f5:bc:11:74:b7:3c:bb:1d:62:08:84:e0:1c:34:e5:1c:cb:39:78:da:12:5f:0e:33:26:88:83:bf:41:58
+-----BEGIN CERTIFICATE-----
+MIIFkjCCA3qgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJGUjET
+MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxHTAb
+BgNVBAMTFENlcnRpbm9taXMgLSBSb290IENBMB4XDTEzMTAyMTA5MTcxOFoXDTMz
+MTAyMTA5MTcxOFowWjELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMx
+FzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMR0wGwYDVQQDExRDZXJ0aW5vbWlzIC0g
+Um9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANTMCQosP5L2
+fxSeC5yaah1AMGT9qt8OHgZbn1CF6s2Nq0Nn3rD6foCWnoR4kkjW4znuzuRZWJfl
+LieY6pOod5tK8O90gC3rMB+12ceAnGInkYjwSond3IjmFPnVAy//ldu9n+ws+hQV
+WZUKxkd8aRi5pwP5ynapz8dvtF4F/u7BUrJ1Mofs7SlmO/NKFoL21prbcpjp3vDF
+TKWrteoB4owuZH9kb/2jJZOLyKIOSY008B/sWEUuNKqEUL3nskoTuLAPrjhdsKkb
+5nPJWqHZZkCqqU2mNAKthH6yI8H7KsZn9DS2sJVqM09xRLWtwHkziOC/7aOgFLSc
+CbAK42C++PhmiM1b8XcF4LVzbsF9Ri6OSyemzTUK/eVNfaoqoynHWmgE6OXWk6Ri
+wsXm9E/G+Z8ajYJJGYrKWUM66A0ywfRMEwNvbqY/kXPLynNvEiCL7sCCeN5LLsJJ
+wx3tFvYk9CcbXFcx3FXuqB5vbKziRcxXV4p1VxngtViZSTYxPDMBbRZKzbgqg4SG
+m/lg0h9tkQPTYKbVPZrdd5A9NaSfD171UkRpucC63M9933zZxKyGIjK8e2uR73r4
+F2iw4lNVYC2vPsKD2NkJK/DAZNuHi5HMkesE/Xa0lZrmFAYb1TQdvtj/dBxThZng
+WVJKYe2InmtJiUZ+IFrZ50rlau7SZRFDAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB
+BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTvkUz1pcMw6C8I6tNxIqSSaHh0
+2TAfBgNVHSMEGDAWgBTvkUz1pcMw6C8I6tNxIqSSaHh02TANBgkqhkiG9w0BAQsF
+AAOCAgEAfj1U2iJdGlg+O1QnurrMyOMaauo++RLrVl89UM7g6kgmJs95Vn6RHJk/
+0KGRHCwPT5iVWVO90CLYiF2cN/z7ZMF4jIuaYAnq1fohX9B0ZedQxb8uuQsLrbWw
+F6YSjNRieOpWauwK0kDDPAUwPk2Ut59KA9N9J0u2/kTO+hkzGm2kQtHdzMjI1xZS
+g081lLMSVX3l4kLr5JyTCcBMWwerx20RoFAXlCOotQqSD7J6wWAsOMwaplv/8gzj
+qh8c3LigkyfeY+N/IZ865Z764BNqdeuWXGKRlI5nU7aJ+BIJy29SWwNyhlCVCNSN
+h4YVH5Uk2KRvms6knZtt0rJ2BobGVgjF6wnaNsIbW0G+YSrjcOa4pvi2WsS9Iff/
+ql+hbHY5ZtbqTFXhADObE5hjyW/QASAJN1LnDE8+zbz1X5YnpyACleAu6AdBBR8V
+btaw5BngDwKTACdyxYvRVB9dSsNAl35VpnzBMwQUAR1JIGkLGZOdblgi90AMRgwj
+Y/M50n92Uaf0yKHxDHYiI0ZSKS3io0EHVmmY0gUJvGnHWmHNj4FgFU2A3ZDifcRQ
+8ow7bkrHxuaAKzyBvBGAFhAn1/DNP3nMcyrDflOR1m749fPH0FFNjkulW+YZFzvW
+gQncItzujrnEj1PhZ7szuIgVRs/taTX/dQ1G885x4cVrhkIGuUE=
+-----END CERTIFICATE-----
+
+# Issuer: CN=OISTE WISeKey Global Root GB CA O=WISeKey OU=OISTE Foundation Endorsed
+# Subject: CN=OISTE WISeKey Global Root GB CA O=WISeKey OU=OISTE Foundation Endorsed
+# Label: "OISTE WISeKey Global Root GB CA"
+# Serial: 157768595616588414422159278966750757568
+# MD5 Fingerprint: a4:eb:b9:61:28:2e:b7:2f:98:b0:35:26:90:99:51:1d
+# SHA1 Fingerprint: 0f:f9:40:76:18:d3:d7:6a:4b:98:f0:a8:35:9e:0c:fd:27:ac:cc:ed
+# SHA256 Fingerprint: 6b:9c:08:e8:6e:b0:f7:67:cf:ad:65:cd:98:b6:21:49:e5:49:4a:67:f5:84:5e:7b:d1:ed:01:9f:27:b8:6b:d6
+-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt
+MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg
+Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i
+YWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAwMzJaFw0zOTEyMDExNTEwMzFaMG0x
+CzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBG
+b3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh
+bCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3
+HEokKtaXscriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGx
+WuR51jIjK+FTzJlFXHtPrby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX
+1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNk
+u7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4oQnc/nSMbsrY9gBQHTC5P
+99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvgGUpuuy9r
+M2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUB
+BAMCAQAwDQYJKoZIhvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrgh
+cViXfa43FK8+5/ea4n32cZiZBKpDdHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5
+gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0VQreUGdNZtGn//3ZwLWoo4rO
+ZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEuiHZeeevJuQHHf
+aPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic
+Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM=
+-----END CERTIFICATE-----
+
+# Issuer: CN=Certification Authority of WoSign G2 O=WoSign CA Limited
+# Subject: CN=Certification Authority of WoSign G2 O=WoSign CA Limited
+# Label: "Certification Authority of WoSign G2"
+# Serial: 142423943073812161787490648904721057092
+# MD5 Fingerprint: c8:1c:7d:19:aa:cb:71:93:f2:50:f8:52:a8:1e:ba:60
+# SHA1 Fingerprint: fb:ed:dc:90:65:b7:27:20:37:bc:55:0c:9c:56:de:bb:f2:78:94:e1
+# SHA256 Fingerprint: d4:87:a5:6f:83:b0:74:82:e8:5e:96:33:94:c1:ec:c2:c9:e5:1d:09:03:ee:94:6b:02:c3:01:58:1e:d9:9e:16
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmSgAwIBAgIQayXaioidfLwPBbOxemFFRDANBgkqhkiG9w0BAQsFADBY
+MQswCQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxLTArBgNV
+BAMTJENlcnRpZmljYXRpb24gQXV0aG9yaXR5IG9mIFdvU2lnbiBHMjAeFw0xNDEx
+MDgwMDU4NThaFw00NDExMDgwMDU4NThaMFgxCzAJBgNVBAYTAkNOMRowGAYDVQQK
+ExFXb1NpZ24gQ0EgTGltaXRlZDEtMCsGA1UEAxMkQ2VydGlmaWNhdGlvbiBBdXRo
+b3JpdHkgb2YgV29TaWduIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAvsXEoCKASU+/2YcRxlPhuw+9YH+v9oIOH9ywjj2X4FA8jzrvZjtFB5sg+OPX
+JYY1kBaiXW8wGQiHC38Gsp1ij96vkqVg1CuAmlI/9ZqD6TRay9nVYlzmDuDfBpgO
+gHzKtB0TiGsOqCR3A9DuW/PKaZE1OVbFbeP3PU9ekzgkyhjpJMuSA93MHD0JcOQg
+5PGurLtzaaNjOg9FD6FKmsLRY6zLEPg95k4ot+vElbGs/V6r+kHLXZ1L3PR8du9n
+fwB6jdKgGlxNIuG12t12s9R23164i5jIFFTMaxeSt+BKv0mUYQs4kI9dJGwlezt5
+2eJ+na2fmKEG/HgUYFf47oB3sQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+mCp62XF3RYUCE4MD42b4Pdkr2cwDQYJ
+KoZIhvcNAQELBQADggEBAFfDejaCnI2Y4qtAqkePx6db7XznPWZaOzG73/MWM5H8
+fHulwqZm46qwtyeYP0nXYGdnPzZPSsvxFPpahygc7Y9BMsaV+X3avXtbwrAh449G
+3CE4Q3RM+zD4F3LBMvzIkRfEzFg3TgvMWvchNSiDbGAtROtSjFA9tWwS1/oJu2yy
+SrHFieT801LYYRf+epSEj3m2M1m6D8QL4nCgS3gu+sif/a+RZQp4OBXllxcU3fng
+LDT4ONCEIgDAFFEYKwLcMFrw6AF8NTojrwjkr6qOKEJJLvD1mTS+7Q9LGOHSJDy7
+XUe3IfKN0QqZjuNuPq1w4I+5ysxugTH2e5x6eeRncRg=
+-----END CERTIFICATE-----
+
+# Issuer: CN=CA WoSign ECC Root O=WoSign CA Limited
+# Subject: CN=CA WoSign ECC Root O=WoSign CA Limited
+# Label: "CA WoSign ECC Root"
+# Serial: 138625735294506723296996289575837012112
+# MD5 Fingerprint: 80:c6:53:ee:61:82:28:72:f0:ff:21:b9:17:ca:b2:20
+# SHA1 Fingerprint: d2:7a:d2:be:ed:94:c0:a1:3c:c7:25:21:ea:5d:71:be:81:19:f3:2b
+# SHA256 Fingerprint: 8b:45:da:1c:06:f7:91:eb:0c:ab:f2:6b:e5:88:f5:fb:23:16:5c:2e:61:4b:f8:85:56:2d:0d:ce:50:b2:9b:02
+-----BEGIN CERTIFICATE-----
+MIICCTCCAY+gAwIBAgIQaEpYcIBr8I8C+vbe6LCQkDAKBggqhkjOPQQDAzBGMQsw
+CQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxGzAZBgNVBAMT
+EkNBIFdvU2lnbiBFQ0MgUm9vdDAeFw0xNDExMDgwMDU4NThaFw00NDExMDgwMDU4
+NThaMEYxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEb
+MBkGA1UEAxMSQ0EgV29TaWduIEVDQyBSb290MHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAE4f2OuEMkq5Z7hcK6C62N4DrjJLnSsb6IOsq/Srj57ywvr1FQPEd1bPiUt5v8
+KB7FVMxjnRZLU8HnIKvNrCXSf4/CwVqCXjCLelTOA7WRf6qU0NGKSMyCBSah1VES
+1ns2o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
+FgQUqv3VWqP2h4syhf3RMluARZPzA7gwCgYIKoZIzj0EAwMDaAAwZQIxAOSkhLCB
+1T2wdKyUpOgOPQB0TKGXa/kNUTyh2Tv0Daupn75OcsqF1NnstTJFGG+rrQIwfcf3
+aWMvoeGY7xMQ0Xk/0f7qO3/eVvSQsRUR2LIiFdAvwyYua/GRspBl9JrmkO5K
+-----END CERTIFICATE-----
+
+# Issuer: CN=SZAFIR ROOT CA2 O=Krajowa Izba Rozliczeniowa S.A.
+# Subject: CN=SZAFIR ROOT CA2 O=Krajowa Izba Rozliczeniowa S.A.
+# Label: "SZAFIR ROOT CA2"
+# Serial: 357043034767186914217277344587386743377558296292
+# MD5 Fingerprint: 11:64:c1:89:b0:24:b1:8c:b1:07:7e:89:9e:51:9e:99
+# SHA1 Fingerprint: e2:52:fa:95:3f:ed:db:24:60:bd:6e:28:f3:9c:cc:cf:5e:b3:3f:de
+# SHA256 Fingerprint: a1:33:9d:33:28:1a:0b:56:e5:57:d3:d3:2b:1c:e7:f9:36:7e:b0:94:bd:5f:a7:2a:7e:50:04:c8:de:d7:ca:fe
+-----BEGIN CERTIFICATE-----
+MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQEL
+BQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6
+ZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkw
+NzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9L
+cmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYDVQQDDA9TWkFGSVIg
+Uk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5QqEvN
+QLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT
+3PSQ1hNKDJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw
+3gAeqDRHu5rr/gsUvTaE2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr6
+3fE9biCloBK0TXC5ztdyO4mTp4CEHCdJckm1/zuVnsHMyAHs6A6KCpbns6aH5db5
+BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwiieDhZNRnvDF5YTy7ykHN
+XGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsF
+AAOCAQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw
+8PRBEew/R40/cof5O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOG
+nXkZ7/e7DDWQw4rtTw/1zBLZpD67oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCP
+oky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul4+vJhaAlIDf7js4MNIThPIGy
+d05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6+/NNIxuZMzSg
+LvWpCz/UXeHPhJ/iGcJfitYgHuNztw==
+-----END CERTIFICATE-----
+
+# Issuer: CN=Certum Trusted Network CA 2 O=Unizeto Technologies S.A. OU=Certum Certification Authority
+# Subject: CN=Certum Trusted Network CA 2 O=Unizeto Technologies S.A. OU=Certum Certification Authority
+# Label: "Certum Trusted Network CA 2"
+# Serial: 44979900017204383099463764357512596969
+# MD5 Fingerprint: 6d:46:9e:d9:25:6d:08:23:5b:5e:74:7d:1e:27:db:f2
+# SHA1 Fingerprint: d3:dd:48:3e:2b:bf:4c:05:e8:af:10:f5:fa:76:26:cf:d3:dc:30:92
+# SHA256 Fingerprint: b6:76:f2:ed:da:e8:77:5c:d3:6c:b0:f6:3c:d1:d4:60:39:61:f4:9e:62:65:ba:01:3a:2f:03:07:b6:d0:b8:04
+-----BEGIN CERTIFICATE-----
+MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCB
+gDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu
+QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG
+A1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMCIYDzIwMTExMDA2MDgz
+OTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQTDEiMCAGA1UEChMZ
+VW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3
+b3JrIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWA
+DGSdhhuWZGc/IjoedQF97/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn
+0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+oCgCXhVqqndwpyeI1B+twTUrWwbNWuKFB
+OJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40bRr5HMNUuctHFY9rnY3lE
+fktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2puTRZCr+E
+Sv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1m
+o130GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02i
+sx7QBlrd9pPPV3WZ9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOW
+OZV7bIBaTxNyxtd9KXpEulKkKtVBRgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgez
+Tv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pyehizKV/Ma5ciSixqClnrDvFAS
+adgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vMBhBgu4M1t15n
+3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMC
+AQYwDQYJKoZIhvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQ
+F/xlhMcQSZDe28cmk4gmb3DWAl45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTf
+CVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuAL55MYIR4PSFk1vtBHxgP58l1cb29
+XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMoclm2q8KMZiYcdywm
+djWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tMpkT/
+WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jb
+AoJnwTnbw3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksq
+P/ujmv5zMnHCnsZy4YpoJ/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Ko
+b7a6bINDd82Kkhehnlt4Fj1F4jNy3eFmypnTycUm/Q1oBEauttmbjL4ZvrHG8hnj
+XALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLXis7VmFxWlgPF7ncGNf/P
+5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7zAYspsbi
+DrW5viSP
+-----END CERTIFICATE-----
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/cli.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/cli.py
new file mode 100644
index 00000000000..1d5384cdd88
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/cli.py
@@ -0,0 +1,264 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/cli
+~~~~~~~~~
+
+Command line interface for Hyper inspired by Httpie.
+"""
+import json
+import locale
+import logging
+import sys
+from argparse import ArgumentParser, RawTextHelpFormatter
+from argparse import OPTIONAL, ZERO_OR_MORE
+from pprint import pformat
+from textwrap import dedent
+
+from hyper import HTTPConnection, HTTP20Connection
+from hyper import __version__
+from hyper.compat import is_py2, urlencode, urlsplit, write_to_stdout
+from hyper.common.util import to_host_port_tuple
+
+
+log = logging.getLogger('hyper')
+
+PREFERRED_ENCODING = locale.getpreferredencoding()
+
+# Various separators used in args
+SEP_HEADERS = ':'
+SEP_QUERY = '=='
+SEP_DATA = '='
+
+SEP_GROUP_ITEMS = [
+    SEP_HEADERS,
+    SEP_QUERY,
+    SEP_DATA,
+]
+
+
+class KeyValue(object):
+    """Base key-value pair parsed from CLI."""
+
+    def __init__(self, key, value, sep, orig):
+        self.key = key
+        self.value = value
+        self.sep = sep
+        self.orig = orig
+
+
+class KeyValueArgType(object):
+    """A key-value pair argument type used with `argparse`.
+
+    Parses a key-value arg and constructs a `KeyValue` instance.
+    Used for headers, form data, and other key-value pair types.
+    This class is inspired by httpie and implements simple tokenizer only.
+    """
+    def __init__(self, *separators):
+        self.separators = separators
+
+    def __call__(self, string):
+        for sep in self.separators:
+            splitted = string.split(sep, 1)
+            if len(splitted) == 2:
+                key, value = splitted
+                return KeyValue(key, value, sep, string)
+
+
+def make_positional_argument(parser):
+    parser.add_argument(
+        'method', metavar='METHOD', nargs=OPTIONAL, default='GET',
+        help=dedent("""
+        The HTTP method to be used for the request
+        (GET, POST, PUT, DELETE, ...).
+        """))
+    parser.add_argument(
+        '_url', metavar='URL',
+        help=dedent("""
+        The scheme defaults to 'https://' if the URL does not include one.
+        """))
+    parser.add_argument(
+        'items',
+        metavar='REQUEST_ITEM',
+        nargs=ZERO_OR_MORE,
+        type=KeyValueArgType(*SEP_GROUP_ITEMS),
+        help=dedent("""
+        Optional key-value pairs to be included in the request.
+        The separator used determines the type:
+
+        ':' HTTP headers:
+
+            Referer:http://httpie.org  Cookie:foo=bar  User-Agent:bacon/1.0
+
+        '==' URL parameters to be appended to the request URI:
+
+            search==hyper
+
+        '=' Data fields to be serialized into a JSON object:
+
+            name=Hyper  language=Python  description='CLI HTTP client'
+        """))
+
+
+def make_troubleshooting_argument(parser):
+    parser.add_argument(
+        '--version', action='version', version=__version__,
+        help='Show version and exit.')
+    parser.add_argument(
+        '--debug', action='store_true', default=False,
+        help='Show debugging information (loglevel=DEBUG)')
+    parser.add_argument(
+        '--h2', action='store_true', default=False,
+        help="Do HTTP/2 directly, skipping plaintext upgrade and ignoring "
+             "NPN/ALPN."
+    )
+
+
+def split_host_and_port(hostname):
+    if ':' in hostname:
+        return to_host_port_tuple(hostname, default_port=443)
+    return hostname, None
+
+
+class UrlInfo(object):
+    def __init__(self):
+        self.fragment = None
+        self.host = 'localhost'
+        self.netloc = None
+        self.path = '/'
+        self.port = 443
+        self.query = None
+        self.scheme = 'https'
+        self.secure = False
+
+
+def set_url_info(args):
+    info = UrlInfo()
+    _result = urlsplit(args._url)
+    for attr in vars(info).keys():
+        value = getattr(_result, attr, None)
+        if value:
+            setattr(info, attr, value)
+
+    if info.scheme == 'http' and not _result.port:
+        info.port = 80
+
+    # Set the secure arg is the scheme is HTTPS, otherwise do unsecured.
+    info.secure = info.scheme == 'https'
+
+    if info.netloc:
+        hostname, _ = split_host_and_port(info.netloc)
+        info.host = hostname  # ensure stripping port number
+    else:
+        if _result.path:
+            _path = _result.path.split('/', 1)
+            hostname, port = split_host_and_port(_path[0])
+            info.host = hostname
+            if info.path == _path[0]:
+                info.path = '/'
+            elif len(_path) == 2 and _path[1]:
+                info.path = '/' + _path[1]
+            if port is not None:
+                info.port = port
+
+    log.debug('Url Info: %s', vars(info))
+    args.url = info
+
+
+def set_request_data(args):
+    body, headers, params = {}, {}, {}
+    for i in args.items:
+        if i.sep == SEP_HEADERS:
+            if i.key:
+                headers[i.key] = i.value
+            else:
+                # when overriding a HTTP/2 special header there will be a
+                # leading colon, which tricks the command line parser into
+                # thinking the header is empty
+                k, v = i.value.split(':', 1)
+                headers[':' + k] = v
+        elif i.sep == SEP_QUERY:
+            params[i.key] = i.value
+        elif i.sep == SEP_DATA:
+            value = i.value
+            if is_py2:  # pragma: no cover
+                value = value.decode(PREFERRED_ENCODING)
+            body[i.key] = value
+
+    if params:
+        args.url.path += '?' + urlencode(params)
+
+    if body:
+        content_type = 'application/json'
+        headers.setdefault('content-type', content_type)
+        args.body = json.dumps(body)
+
+    if args.method is None:
+        args.method = 'POST' if args.body else 'GET'
+
+    args.method = args.method.upper()
+    args.headers = headers
+
+
+def parse_argument(argv=None):
+    parser = ArgumentParser(formatter_class=RawTextHelpFormatter)
+    parser.set_defaults(body=None, headers={})
+    make_positional_argument(parser)
+    make_troubleshooting_argument(parser)
+    args = parser.parse_args(sys.argv[1:] if argv is None else argv)
+
+    if args.debug:
+        handler = logging.StreamHandler()
+        handler.setLevel(logging.DEBUG)
+        log.addHandler(handler)
+        log.setLevel(logging.DEBUG)
+
+    set_url_info(args)
+    set_request_data(args)
+    return args
+
+
+def get_content_type_and_charset(response):
+    charset = 'utf-8'
+    content_type = response.headers.get('content-type')
+    if content_type is None:
+        return 'unknown', charset
+
+    content_type = content_type[0].decode('utf-8').lower()
+    type_and_charset = content_type.split(';', 1)
+    ctype = type_and_charset[0].strip()
+    if len(type_and_charset) == 2:
+        charset = type_and_charset[1].strip().split('=')[1]
+
+    return ctype, charset
+
+
+def request(args):
+    if not args.h2:
+        conn = HTTPConnection(
+            args.url.host, args.url.port, secure=args.url.secure
+        )
+    else:  # pragma: no cover
+        conn = HTTP20Connection(
+            args.url.host,
+            args.url.port,
+            secure=args.url.secure,
+            force_proto='h2'
+        )
+
+    conn.request(args.method, args.url.path, args.body, args.headers)
+    response = conn.get_response()
+    log.debug('Response Headers:\n%s', pformat(response.headers))
+    ctype, charset = get_content_type_and_charset(response)
+    data = response.read()
+    return data
+
+
+def main(argv=None):
+    args = parse_argument(argv)
+    log.debug('Commandline Argument: %s', args)
+    data = request(args)
+    write_to_stdout(data)
+
+
+if __name__ == '__main__':  # pragma: no cover
+    main()
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/__init__.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/__init__.py
new file mode 100644
index 00000000000..cf84291208b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/__init__.py
@@ -0,0 +1,7 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/common
+~~~~~~~~~~~~
+
+Common code in hyper.
+"""
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/bufsocket.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/bufsocket.py
new file mode 100644
index 00000000000..b35393af2a0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/bufsocket.py
@@ -0,0 +1,240 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/http20/bufsocket.py
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This file implements a buffered socket wrapper.
+
+The purpose of this is to avoid the overhead of unnecessary syscalls while
+allowing small reads from the network. This represents a potentially massive
+performance optimisation at the cost of burning some memory in the userspace
+process.
+"""
+import select
+from .exceptions import ConnectionResetError, LineTooLongError
+
+
+class BufferedSocket(object):
+    """
+    A buffered socket wrapper.
+
+    The purpose of this is to avoid the overhead of unnecessary syscalls while
+    allowing small reads from the network. This represents a potentially
+    massive performance optimisation at the cost of burning some memory in the
+    userspace process.
+    """
+    def __init__(self, sck, buffer_size=1000):
+        """
+        Create the buffered socket.
+
+        :param sck: The socket to wrap.
+        :param buffer_size: The size of the backing buffer in bytes. This
+            parameter should be set to an appropriate value for your use case.
+            Small values of ``buffer_size`` increase the overhead of buffer
+            management: large values cause more memory to be used.
+        """
+        # The wrapped socket.
+        self._sck = sck
+
+        # The buffer we're using.
+        self._backing_buffer = bytearray(buffer_size)
+        self._buffer_view = memoryview(self._backing_buffer)
+
+        # The size of the buffer.
+        self._buffer_size = buffer_size
+
+        # The start index in the memory view.
+        self._index = 0
+
+        # The number of bytes in the buffer.
+        self._bytes_in_buffer = 0
+
+    @property
+    def _remaining_capacity(self):
+        """
+        The maximum number of bytes the buffer could still contain.
+        """
+        return self._buffer_size - self._index
+
+    @property
+    def _buffer_end(self):
+        """
+        The index of the first free byte in the buffer.
+        """
+        return self._index + self._bytes_in_buffer
+
+    @property
+    def can_read(self):
+        """
+        Whether or not there is more data to read from the socket.
+        """
+        read = select.select([self._sck], [], [], 0)[0]
+        if read:
+            return True
+
+        return False
+
+    @property
+    def buffer(self):
+        """
+        Get access to the buffer itself.
+        """
+        return self._buffer_view[self._index:self._buffer_end]
+
+    def advance_buffer(self, count):
+        """
+        Advances the buffer by the amount of data consumed outside the socket.
+        """
+        self._index += count
+        self._bytes_in_buffer -= count
+
+    def new_buffer(self):
+        """
+        This method moves all the data in the backing buffer to the start of
+        a new, fresh buffer. This gives the ability to read much more data.
+        """
+        def read_all_from_buffer():
+            end = self._index + self._bytes_in_buffer
+            return self._buffer_view[self._index:end]
+
+        new_buffer = bytearray(self._buffer_size)
+        new_buffer_view = memoryview(new_buffer)
+        new_buffer_view[0:self._bytes_in_buffer] = read_all_from_buffer()
+
+        self._index = 0
+        self._backing_buffer = new_buffer
+        self._buffer_view = new_buffer_view
+
+        return
+
+    def recv(self, amt):
+        """
+        Read some data from the socket.
+
+        :param amt: The amount of data to read.
+        :returns: A ``memoryview`` object containing the appropriate number of
+            bytes. The data *must* be copied out by the caller before the next
+            call to this function.
+        """
+        # In this implementation you can never read more than the number of
+        # bytes in the buffer.
+        if amt > self._buffer_size:
+            amt = self._buffer_size
+
+        # If the amount of data we've been asked to read is less than the
+        # remaining space in the buffer, we need to clear out the buffer and
+        # start over.
+        if amt > self._remaining_capacity:
+            self.new_buffer()
+
+        # If there's still some room in the buffer, opportunistically attempt
+        # to read into it.
+        # If we don't actually _need_ the data (i.e. there's enough in the
+        # buffer to satisfy the request), use select to work out if the read
+        # attempt will block. If it will, don't bother reading. If we need the
+        # data, always do the read.
+        if self._bytes_in_buffer >= amt:
+            should_read = select.select([self._sck], [], [], 0)[0]
+        else:
+            should_read = True
+
+        if (self._remaining_capacity > self._bytes_in_buffer and should_read):
+            count = self._sck.recv_into(self._buffer_view[self._buffer_end:])
+
+            # The socket just got closed. We should throw an exception if we
+            # were asked for more data than we can return.
+            if not count and amt > self._bytes_in_buffer:
+                raise ConnectionResetError()
+            self._bytes_in_buffer += count
+
+        # Read out the bytes and update the index.
+        amt = min(amt, self._bytes_in_buffer)
+        data = self._buffer_view[self._index:self._index+amt]
+
+        self._index += amt
+        self._bytes_in_buffer -= amt
+
+        return data
+
+    def fill(self):
+        """
+        Attempts to fill the buffer as much as possible. It will block for at
+        most the time required to have *one* ``recv_into`` call return.
+        """
+        if not self._remaining_capacity:
+            self.new_buffer()
+
+        count = self._sck.recv_into(self._buffer_view[self._buffer_end:])
+        if not count:
+            raise ConnectionResetError()
+
+        self._bytes_in_buffer += count
+
+        return
+
+    def readline(self):
+        """
+        Read up to a newline from the network and returns it. The implicit
+        maximum line length is the buffer size of the buffered socket.
+
+        Note that, unlike recv, this method absolutely *does* block until it
+        can read the line.
+
+        :returns: A ``memoryview`` object containing the appropriate number of
+            bytes. The data *must* be copied out by the caller before the next
+            call to this function.
+        """
+        # First, check if there's anything in the buffer. This is one of those
+        # rare circumstances where this will work correctly on all platforms.
+        index = self._backing_buffer.find(
+            b'\n',
+            self._index,
+            self._index + self._bytes_in_buffer
+        )
+
+        if index != -1:
+            length = index + 1 - self._index
+            data = self._buffer_view[self._index:self._index+length]
+            self._index += length
+            self._bytes_in_buffer -= length
+            return data
+
+        # In this case, we didn't find a newline in the buffer. To fix that,
+        # read some data into the buffer. To do our best to satisfy the read,
+        # we should shunt the data down in the buffer so that it's right at
+        # the start. We don't bother if we're already at the start of the
+        # buffer.
+        if self._index != 0:
+            self.new_buffer()
+
+        while self._bytes_in_buffer < self._buffer_size:
+            count = self._sck.recv_into(self._buffer_view[self._buffer_end:])
+            if not count:
+                raise ConnectionResetError()
+
+            # We have some more data. Again, look for a newline in that gap.
+            first_new_byte = self._buffer_end
+            self._bytes_in_buffer += count
+            index = self._backing_buffer.find(
+                b'\n',
+                first_new_byte,
+                first_new_byte + count,
+            )
+
+            if index != -1:
+                # The length of the buffer is the index into the
+                # buffer at which we found the newline plus 1, minus the start
+                # index of the buffer, which really should be zero.
+                assert not self._index
+                length = index + 1
+                data = self._buffer_view[:length]
+                self._index += length
+                self._bytes_in_buffer -= length
+                return data
+
+        # If we got here, it means we filled the buffer without ever getting
+        # a newline. Time to throw an exception.
+        raise LineTooLongError()
+
+    def __getattr__(self, name):
+        return getattr(self._sck, name)
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/connection.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/connection.py
new file mode 100644
index 00000000000..dee18d680e4
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/connection.py
@@ -0,0 +1,157 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/common/connection
+~~~~~~~~~~~~~~~~~~~~~~~
+
+Hyper's HTTP/1.1 and HTTP/2 abstraction layer.
+"""
+from .exceptions import TLSUpgrade, HTTPUpgrade
+from ..http11.connection import HTTP11Connection
+from ..http20.connection import HTTP20Connection
+from ..tls import H2_NPN_PROTOCOLS, H2C_PROTOCOL
+
+
+class HTTPConnection(object):
+    """
+    An object representing a single HTTP connection to a server.
+
+    This object behaves similarly to the Python standard library's
+    ``HTTPConnection`` object, with a few critical differences.
+
+    Most of the standard library's arguments to the constructor are not
+    supported by hyper. Most optional parameters apply to *either* HTTP/1.1 or
+    HTTP/2.
+
+    :param host: The host to connect to. This may be an IP address or a
+        hostname, and optionally may include a port: for example,
+        ``'http2bin.org'``, ``'http2bin.org:443'`` or ``'127.0.0.1'``.
+    :param port: (optional) The port to connect to. If not provided and one
+        also isn't provided in the ``host`` parameter, defaults to 80.
+    :param secure: (optional) Whether the request should use TLS.
+        Defaults to ``False`` for most requests, but to ``True`` for any
+        request issued to port 443.
+    :param window_manager: (optional) The class to use to manage flow control
+        windows. This needs to be a subclass of the
+        :class:`BaseFlowControlManager
+        <hyper.http20.window.BaseFlowControlManager>`. If not provided,
+        :class:`FlowControlManager <hyper.http20.window.FlowControlManager>`
+        will be used.
+    :param enable_push: (optional) Whether the server is allowed to push
+        resources to the client (see
+        :meth:`get_pushes() <hyper.HTTP20Connection.get_pushes>`).
+    :param ssl_context: (optional) A class with custom certificate settings.
+        If not provided then hyper's default ``SSLContext`` is used instead.
+    :param proxy_host: (optional) The proxy to connect to.  This can be an IP
+        address or a host name and may include a port.
+    :param proxy_port: (optional) The proxy port to connect to. If not provided
+        and one also isn't provided in the ``proxy`` parameter, defaults to
+        8080.
+    """
+    def __init__(self,
+                 host,
+                 port=None,
+                 secure=None,
+                 window_manager=None,
+                 enable_push=False,
+                 ssl_context=None,
+                 proxy_host=None,
+                 proxy_port=None,
+                 **kwargs):
+
+        self._host = host
+        self._port = port
+        self._h1_kwargs = {
+            'secure': secure, 'ssl_context': ssl_context,
+            'proxy_host': proxy_host, 'proxy_port': proxy_port
+        }
+        self._h2_kwargs = {
+            'window_manager': window_manager, 'enable_push': enable_push,
+            'secure': secure, 'ssl_context': ssl_context,
+            'proxy_host': proxy_host, 'proxy_port': proxy_port
+        }
+
+        # Add any unexpected kwargs to both dictionaries.
+        self._h1_kwargs.update(kwargs)
+        self._h2_kwargs.update(kwargs)
+
+        self._conn = HTTP11Connection(
+            self._host, self._port, **self._h1_kwargs
+        )
+
+    def request(self, method, url, body=None, headers=None):
+        """
+        This will send a request to the server using the HTTP request method
+        ``method`` and the selector ``url``. If the ``body`` argument is
+        present, it should be string or bytes object of data to send after the
+        headers are finished. Strings are encoded as UTF-8. To use other
+        encodings, pass a bytes object. The Content-Length header is set to the
+        length of the body field.
+
+        :param method: The request method, e.g. ``'GET'``.
+        :param url: The URL to contact, e.g. ``'/path/segment'``.
+        :param body: (optional) The request body to send. Must be a bytestring
+            or a file-like object.
+        :param headers: (optional) The headers to send on the request.
+        :returns: A stream ID for the request, or ``None`` if the request is
+            made over HTTP/1.1.
+        """
+
+        headers = headers or {}
+
+        try:
+            return self._conn.request(
+                method=method, url=url, body=body, headers=headers
+            )
+        except TLSUpgrade as e:
+            # We upgraded in the NPN/ALPN handshake. We can just go straight to
+            # the world of HTTP/2. Replace the backing object and insert the
+            # socket into it.
+            assert e.negotiated in H2_NPN_PROTOCOLS
+
+            self._conn = HTTP20Connection(
+                self._host, self._port, **self._h2_kwargs
+            )
+            self._conn._sock = e.sock
+
+            # Because we skipped the connecting logic, we need to send the
+            # HTTP/2 preamble.
+            self._conn._send_preamble()
+
+            return self._conn.request(
+                method=method, url=url, body=body, headers=headers
+            )
+
+    def get_response(self, *args, **kwargs):
+        """
+        Returns a response object.
+        """
+        try:
+            return self._conn.get_response(*args, **kwargs)
+        except HTTPUpgrade as e:
+            # We upgraded via the HTTP Upgrade mechanism. We can just
+            # go straight to the world of HTTP/2. Replace the backing object
+            # and insert the socket into it.
+            assert e.negotiated == H2C_PROTOCOL
+
+            self._conn = HTTP20Connection(
+                self._host, self._port, **self._h2_kwargs
+            )
+
+            self._conn._connect_upgrade(e.sock)
+            # stream id 1 is used by the upgrade request and response
+            # and is half-closed by the client
+
+            return self._conn.get_response(1)
+
+    # The following two methods are the implementation of the context manager
+    # protocol.
+    def __enter__(self):  # pragma: no cover
+        return self
+
+    def __exit__(self, type, value, tb):  # pragma: no cover
+        self._conn.close()
+        return False  # Never swallow exceptions.
+
+    # Can anyone say 'proxy object pattern'?
+    def __getattr__(self, name):
+        return getattr(self._conn, name)
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/decoder.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/decoder.py
new file mode 100644
index 00000000000..e86f1f4e09a
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/decoder.py
@@ -0,0 +1,48 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/common/decoder
+~~~~~~~~~~~~~~~~~~~~
+
+Contains hyper's code for handling compressed bodies.
+"""
+import zlib
+
+
+class DeflateDecoder(object):
+    """
+    This is a decoding object that wraps ``zlib`` and is used for decoding
+    deflated content.
+
+    This rationale for the existence of this object is pretty unpleasant.
+    The HTTP RFC specifies that 'deflate' is a valid content encoding. However,
+    the spec _meant_ the zlib encoding form. Unfortunately, people who didn't
+    read the RFC very carefully actually implemented a different form of
+    'deflate'. Insanely, ``zlib`` handles them using two wbits values. This is
+    such a mess it's hard to adequately articulate.
+
+    This class was lovingly borrowed from the excellent urllib3 library under
+    license: see NOTICES. If you ever see @shazow, you should probably buy him
+    a drink or something.
+    """
+    def __init__(self):
+        self._first_try = True
+        self._data = b''
+        self._obj = zlib.decompressobj(zlib.MAX_WBITS)
+
+    def __getattr__(self, name):
+        return getattr(self._obj, name)
+
+    def decompress(self, data):
+        if not self._first_try:
+            return self._obj.decompress(data)
+
+        self._data += data
+        try:
+            return self._obj.decompress(data)
+        except zlib.error:
+            self._first_try = False
+            self._obj = zlib.decompressobj(-zlib.MAX_WBITS)
+            try:
+                return self.decompress(self._data)
+            finally:
+                self._data = None
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/exceptions.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/exceptions.py
new file mode 100644
index 00000000000..268431abcb5
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/exceptions.py
@@ -0,0 +1,73 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/common/exceptions
+~~~~~~~~~~~~~~~~~~~~~~~
+
+Contains hyper's exceptions.
+"""
+
+
+class ChunkedDecodeError(Exception):
+    """
+    An error was encountered while decoding a chunked response.
+    """
+    pass
+
+
+class InvalidResponseError(Exception):
+    """
+    A problem was found with the response that makes it invalid.
+    """
+    pass
+
+
+class SocketError(Exception):
+    """
+    An error occurred during socket operation.
+    """
+    pass
+
+
+class LineTooLongError(Exception):
+    """
+    An attempt to read a line from a socket failed because no newline was
+    found.
+    """
+    pass
+
+
+# Create our own ConnectionResetError.
+try:  # pragma: no cover
+    ConnectionResetError = ConnectionResetError
+except NameError:  # pragma: no cover
+    class ConnectionResetError(Exception):
+        """
+        A HTTP connection was unexpectedly reset.
+        """
+
+
+class TLSUpgrade(Exception):
+    """
+    We upgraded to a new protocol in the NPN/ALPN handshake.
+    """
+    def __init__(self, negotiated, sock):
+        super(TLSUpgrade, self).__init__()
+        self.negotiated = negotiated
+        self.sock = sock
+
+
+class HTTPUpgrade(Exception):
+    """
+    We upgraded to a new protocol via the HTTP Upgrade response.
+    """
+    def __init__(self, negotiated, sock):
+        super(HTTPUpgrade, self).__init__()
+        self.negotiated = negotiated
+        self.sock = sock
+
+
+class MissingCertFile(Exception):
+    """
+    The certificate file could not be found.
+    """
+    pass
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/headers.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/headers.py
new file mode 100644
index 00000000000..655a591ac23
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/headers.py
@@ -0,0 +1,260 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/common/headers
+~~~~~~~~~~~~~~~~~~~~~
+
+Contains hyper's structures for storing and working with HTTP headers.
+"""
+import collections
+
+from hyper.common.util import to_bytestring, to_bytestring_tuple
+
+
+class HTTPHeaderMap(collections.MutableMapping):
+    """
+    A structure that contains HTTP headers.
+
+    HTTP headers are a curious beast. At the surface level they look roughly
+    like a name-value set, but in practice they have many variations that
+    make them tricky:
+
+    - duplicate keys are allowed
+    - keys are compared case-insensitively
+    - duplicate keys are isomorphic to comma-separated values, *except when
+      they aren't*!
+    - they logically contain a form of ordering
+
+    This data structure is an attempt to preserve all of that information
+    while being as user-friendly as possible. It retains all of the mapping
+    convenience methods (allowing by-name indexing), while avoiding using a
+    dictionary for storage.
+
+    When iterated over, this structure returns headers in 'canonical form'.
+    This form is a tuple, where the first entry is the header name (in
+    lower-case), and the second entry is a list of header values (in original
+    case).
+
+    The mapping always emits both names and values in the form of bytestrings:
+    never unicode strings. It can accept names and values in unicode form, and
+    will automatically be encoded to bytestrings using UTF-8. The reason for
+    what appears to be a user-unfriendly decision here is primarily to allow
+    the broadest-possible compatibility (to make it possible to send headers in
+    unusual encodings) while ensuring that users are never confused about what
+    type of data they will receive.
+
+    .. warning:: Note that this data structure makes none of the performance
+                 guarantees of a dictionary. Lookup and deletion is not an O(1)
+                 operation. Inserting a new value *is* O(1), all other
+                 operations are O(n), including *replacing* a header entirely.
+    """
+    def __init__(self, *args, **kwargs):
+        # The meat of the structure. In practice, headers are an ordered list
+        # of tuples. This early version of the data structure simply uses this
+        # directly under the covers.
+        #
+        # An important curiosity here is that the headers are not stored in
+        # 'canonical form', but are instead stored in the form they were
+        # provided in. This is to ensure that it is always possible to
+        # reproduce the original header structure if necessary. This leads to
+        # some unfortunate performance costs on structure access where it is
+        # often necessary to transform the data into canonical form on access.
+        # This cost is judged acceptable in low-level code like `hyper`, but
+        # higher-level abstractions should consider if they really require this
+        # logic.
+        self._items = []
+
+        for arg in args:
+            self._items.extend(map(lambda x: to_bytestring_tuple(*x), arg))
+
+        for k, v in kwargs.items():
+            self._items.append(to_bytestring_tuple(k, v))
+
+    def __getitem__(self, key):
+        """
+        Unlike the dict __getitem__, this returns a list of items in the order
+        they were added. These items are returned in 'canonical form', meaning
+        that comma-separated values are split into multiple values.
+        """
+        key = to_bytestring(key)
+        values = []
+
+        for k, v in self._items:
+            if _keys_equal(k, key):
+                values.extend(x[1] for x in canonical_form(k, v))
+
+        if not values:
+            raise KeyError("Nonexistent header key: {}".format(key))
+
+        return values
+
+    def __setitem__(self, key, value):
+        """
+        Unlike the dict __setitem__, this appends to the list of items.
+        """
+        self._items.append(to_bytestring_tuple(key, value))
+
+    def __delitem__(self, key):
+        """
+        Sadly, __delitem__ is kind of stupid here, but the best we can do is
+        delete all headers with a given key. To correctly achieve the 'KeyError
+        on missing key' logic from dictionaries, we need to do this slowly.
+        """
+        key = to_bytestring(key)
+        indices = []
+        for (i, (k, v)) in enumerate(self._items):
+            if _keys_equal(k, key):
+                indices.append(i)
+
+        if not indices:
+            raise KeyError("Nonexistent header key: {}".format(key))
+
+        for i in indices[::-1]:
+            self._items.pop(i)
+
+    def __iter__(self):
+        """
+        This mapping iterates like the list of tuples it is. The headers are
+        returned in canonical form.
+        """
+        for pair in self._items:
+            for value in canonical_form(*pair):
+                yield value
+
+    def __len__(self):
+        """
+        The length of this mapping is the number of individual headers in
+        canonical form. Sadly, this is a somewhat expensive operation.
+        """
+        size = 0
+        for _ in self:
+            size += 1
+
+        return size
+
+    def __contains__(self, key):
+        """
+        If any header is present with this key, returns True.
+        """
+        key = to_bytestring(key)
+        return any(_keys_equal(key, k) for k, _ in self._items)
+
+    def keys(self):
+        """
+        Returns an iterable of the header keys in the mapping. This explicitly
+        does not filter duplicates, ensuring that it's the same length as
+        len().
+        """
+        for n, _ in self:
+            yield n
+
+    def items(self):
+        """
+        This mapping iterates like the list of tuples it is.
+        """
+        return self.__iter__()
+
+    def values(self):
+        """
+        This is an almost nonsensical query on a header dictionary, but we
+        satisfy it in the exact same way we satisfy 'keys'.
+        """
+        for _, v in self:
+            yield v
+
+    def get(self, name, default=None):
+        """
+        Unlike the dict get, this returns a list of items in the order
+        they were added.
+        """
+        try:
+            return self[name]
+        except KeyError:
+            return default
+
+    def iter_raw(self):
+        """
+        Allows iterating over the headers in 'raw' form: that is, the form in
+        which they were added to the structure. This iteration is in order,
+        and can be used to rebuild the original headers (e.g. to determine
+        exactly what a server sent).
+        """
+        for item in self._items:
+            yield item
+
+    def replace(self, key, value):
+        """
+        Replace existing header with new value. If header doesn't exist this
+        method work like ``__setitem__``. Replacing leads to deletion of all
+        existing headers with the same name.
+        """
+        key, value = to_bytestring_tuple(key, value)
+        indices = []
+        for (i, (k, v)) in enumerate(self._items):
+            if _keys_equal(k, key):
+                indices.append(i)
+
+        # If the key isn't present, this is easy: just append and abort early.
+        if not indices:
+            self._items.append((key, value))
+            return
+
+        # Delete all but the first. I swear, this is the correct slicing
+        # syntax!
+        base_index = indices[0]
+        for i in indices[:0:-1]:
+            self._items.pop(i)
+
+        del self._items[base_index]
+        self._items.insert(base_index, (key, value))
+
+    def merge(self, other):
+        """
+        Merge another header set or any other dict-like into this one.
+        """
+        # Short circuit to avoid infinite loops in case we try to merge into
+        # ourselves.
+        if other is self:
+            return
+
+        if isinstance(other, HTTPHeaderMap):
+            self._items.extend(other.iter_raw())
+            return
+
+        for k, v in other.items():
+            self._items.append(to_bytestring_tuple(k, v))
+
+    def __eq__(self, other):
+        return self._items == other._items
+
+    def __ne__(self, other):
+        return self._items != other._items
+
+    def __str__(self):  # pragma: no cover
+        return 'HTTPHeaderMap(%s)' % self._items
+
+    def __repr__(self):  # pragma: no cover
+        return str(self)
+
+
+def canonical_form(k, v):
+    """
+    Returns an iterable of key-value-pairs corresponding to the header in
+    canonical form. This means that the header is split on commas unless for
+    any reason it's a super-special snowflake (I'm looking at you Set-Cookie).
+    """
+    SPECIAL_SNOWFLAKES = set([b'set-cookie', b'set-cookie2'])
+
+    k = k.lower()
+
+    if k in SPECIAL_SNOWFLAKES:
+        yield k, v
+    else:
+        for sub_val in v.split(b','):
+            yield k, sub_val.strip()
+
+
+def _keys_equal(x, y):
+    """
+    Returns 'True' if the two keys are equal by the laws of HTTP headers.
+    """
+    return x.lower() == y.lower()
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/util.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/util.py
new file mode 100644
index 00000000000..6d199a0cdeb
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/common/util.py
@@ -0,0 +1,59 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/common/util
+~~~~~~~~~~~~~~~~~
+
+General utility functions for use with hyper.
+"""
+from hyper.compat import unicode, bytes, imap
+from ..packages.rfc3986.uri import URIReference
+from ..compat import is_py3
+
+
+def to_bytestring(element):
+    """
+    Converts a single string to a bytestring, encoding via UTF-8 if needed.
+    """
+    if isinstance(element, unicode):
+        return element.encode('utf-8')
+    elif isinstance(element, bytes):
+        return element
+    else:
+        raise ValueError("Non string type.")
+
+
+def to_bytestring_tuple(*x):
+    """
+    Converts the given strings to a bytestring if necessary, returning a
+    tuple. Uses ``to_bytestring``.
+    """
+    return tuple(imap(to_bytestring, x))
+
+
+def to_host_port_tuple(host_port_str, default_port=80):
+    """
+    Converts the given string containing a host and possibly a port
+    to a tuple.
+    """
+    uri = URIReference(
+        scheme=None,
+        authority=host_port_str,
+        path=None,
+        query=None,
+        fragment=None
+    )
+
+    host = uri.host.strip('[]')
+    if not uri.port:
+        port = default_port
+    else:
+        port = int(uri.port)
+
+    return (host, port)
+
+
+def to_native_string(string, encoding='utf-8'):
+    if isinstance(string, str):
+        return string
+
+    return string.decode(encoding) if is_py3 else string.encode(encoding)
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/compat.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/compat.py
new file mode 100644
index 00000000000..368b5fedfd9
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/compat.py
@@ -0,0 +1,84 @@
+# -*- coding: utf-8 -*-
+# flake8: noqa
+"""
+hyper/compat
+~~~~~~~~~~~~
+
+Normalizes the Python 2/3 API for internal use.
+"""
+from contextlib import contextmanager
+import sys
+import zlib
+
+try:
+    from . import ssl_compat
+except ImportError:
+    # TODO log?
+    ssl_compat = None
+
+_ver = sys.version_info
+is_py2 = _ver[0] == 2
+is_py2_7_9_or_later = _ver[0] >= 2 and _ver[1] >= 7 and _ver[2] >= 9
+is_py3 = _ver[0] == 3
+is_py3_3 = is_py3 and _ver[1] == 3
+
+
+@contextmanager
+def ignore_missing():
+    try:
+        yield
+    except (AttributeError, NotImplementedError):  # pragma: no cover
+        pass
+
+if is_py2:
+    if is_py2_7_9_or_later:
+        import ssl
+    else:
+        ssl = ssl_compat
+
+    from urllib import urlencode
+    from urlparse import urlparse, urlsplit
+    from itertools import imap
+
+    def to_byte(char):
+        return ord(char)
+
+    def decode_hex(b):
+        return b.decode('hex')
+
+    def write_to_stdout(data):
+        sys.stdout.write(data + '\n')
+        sys.stdout.flush()
+
+    # The standard zlib.compressobj() accepts only positional arguments.
+    def zlib_compressobj(level=6, method=zlib.DEFLATED, wbits=15, memlevel=8,
+                         strategy=zlib.Z_DEFAULT_STRATEGY):
+        return zlib.compressobj(level, method, wbits, memlevel, strategy)
+
+    unicode = unicode
+    bytes = str
+
+elif is_py3:
+    from urllib.parse import urlencode, urlparse, urlsplit
+
+    imap = map
+
+    def to_byte(char):
+        return char
+
+    def decode_hex(b):
+        return bytes.fromhex(b)
+
+    def write_to_stdout(data):
+        sys.stdout.buffer.write(data + b'\n')
+        sys.stdout.buffer.flush()
+
+    zlib_compressobj = zlib.compressobj
+
+    if is_py3_3:
+        ssl = ssl_compat
+    else:
+        import ssl
+
+    unicode = str
+    bytes = bytes
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/contrib.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/contrib.py
new file mode 100644
index 00000000000..dccec518550
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/contrib.py
@@ -0,0 +1,159 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/contrib
+~~~~~~~~~~~~~
+
+Contains a few utilities for use with other HTTP libraries.
+"""
+try:
+    from requests.adapters import HTTPAdapter
+    from requests.models import Response
+    from requests.structures import CaseInsensitiveDict
+    from requests.utils import get_encoding_from_headers
+    from requests.cookies import extract_cookies_to_jar
+except ImportError:  # pragma: no cover
+    HTTPAdapter = object
+
+from hyper.common.connection import HTTPConnection
+from hyper.compat import urlparse
+from hyper.tls import init_context
+
+
+class HTTP20Adapter(HTTPAdapter):
+    """
+    A Requests Transport Adapter that uses hyper to send requests over
+    HTTP/2. This implements some degree of connection pooling to maximise the
+    HTTP/2 gain.
+    """
+    def __init__(self, *args, **kwargs):
+        #: A mapping between HTTP netlocs and ``HTTP20Connection`` objects.
+        self.connections = {}
+
+    def get_connection(self, host, port, scheme, cert=None):
+        """
+        Gets an appropriate HTTP/2 connection object based on
+        host/port/scheme/cert tuples.
+        """
+        secure = (scheme == 'https')
+
+        if port is None:  # pragma: no cover
+            port = 80 if not secure else 443
+
+        ssl_context = None
+        if cert is not None:
+            ssl_context = init_context(cert=cert)
+
+        try:
+            conn = self.connections[(host, port, scheme, cert)]
+        except KeyError:
+            conn = HTTPConnection(
+                host,
+                port,
+                secure=secure,
+                ssl_context=ssl_context)
+            self.connections[(host, port, scheme, cert)] = conn
+
+        return conn
+
+    def send(self, request, stream=False, cert=None, **kwargs):
+        """
+        Sends a HTTP message to the server.
+        """
+        parsed = urlparse(request.url)
+        conn = self.get_connection(
+            parsed.hostname,
+            parsed.port,
+            parsed.scheme,
+            cert=cert)
+
+        # Build the selector.
+        selector = parsed.path
+        selector += '?' + parsed.query if parsed.query else ''
+        selector += '#' + parsed.fragment if parsed.fragment else ''
+
+        conn.request(
+            request.method,
+            selector,
+            request.body,
+            request.headers
+        )
+        resp = conn.get_response()
+
+        r = self.build_response(request, resp)
+
+        if not stream:
+            r.content
+
+        return r
+
+    def build_response(self, request, resp):
+        """
+        Builds a Requests' response object.  This emulates most of the logic of
+        the standard fuction but deals with the lack of the ``.headers``
+        property on the HTTP20Response object.
+
+        Additionally, this function builds in a number of features that are
+        purely for HTTPie. This is to allow maximum compatibility with what
+        urllib3 does, so that HTTPie doesn't fall over when it uses us.
+        """
+        response = Response()
+
+        response.status_code = resp.status
+        response.headers = CaseInsensitiveDict(resp.headers.iter_raw())
+        response.raw = resp
+        response.reason = resp.reason
+        response.encoding = get_encoding_from_headers(response.headers)
+
+        extract_cookies_to_jar(response.cookies, request, response)
+        response.url = request.url
+
+        response.request = request
+        response.connection = self
+
+        # First horrible patch: Requests expects its raw responses to have a
+        # release_conn method, which I don't. We should monkeypatch a no-op on.
+        resp.release_conn = lambda: None
+
+        # Next, add the things HTTPie needs. It needs the following things:
+        #
+        # - The `raw` object has a property called `_original_response` that is
+        #   a `httplib` response object.
+        # - `raw._original_response` has three simple properties: `version`,
+        #   `status`, `reason`.
+        # - `raw._original_response.version` has one of three values: `9`,
+        #   `10`, `11`.
+        # - `raw._original_response.msg` exists.
+        # - `raw._original_response.msg._headers` exists and is an iterable of
+        #   two-tuples.
+        #
+        # We fake this out. Most of this exists on our response object already,
+        # and the rest can be faked.
+        #
+        # All of this exists for httpie, which I don't have any tests for,
+        # so I'm not going to bother adding test coverage for it.
+        class FakeOriginalResponse(object):  # pragma: no cover
+            def __init__(self, headers):
+                self._headers = headers
+
+            def get_all(self, name, default=None):
+                values = []
+
+                for n, v in self._headers:
+                    if n == name.lower():
+                        values.append(v)
+
+                if not values:
+                    return default
+
+                return values
+
+            def getheaders(self, name):
+                return self.get_all(name, [])
+
+        response.raw._original_response = orig = FakeOriginalResponse(None)
+        orig.version = 20
+        orig.status = resp.status
+        orig.reason = resp.reason
+        orig.msg = FakeOriginalResponse(resp.headers.iter_raw())
+
+        return response
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/__init__.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/__init__.py
new file mode 100755
index 00000000000..00f22d9623b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/__init__.py
@@ -0,0 +1,8 @@
+# -*- coding: utf-8 -*-
+"""
+h2
+~~
+
+A HTTP/2 implementation.
+"""
+__version__ = '2.6.2'
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/config.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/config.py
new file mode 100755
index 00000000000..f3c6df744fa
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/config.py
@@ -0,0 +1,146 @@
+# -*- coding: utf-8 -*-
+"""
+h2/config
+~~~~~~~~~
+
+Objects for controlling the configuration of the HTTP/2 stack.
+"""
+
+
+class _BooleanConfigOption(object):
+    """
+    Descriptor for handling a boolean config option.  This will block
+    attempts to set boolean config options to non-bools.
+    """
+    def __init__(self, name):
+        self.name = name
+        self.attr_name = '_%s' % self.name
+
+    def __get__(self, instance, owner):
+        return getattr(instance, self.attr_name)
+
+    def __set__(self, instance, value):
+        if not isinstance(value, bool):
+            raise ValueError("%s must be a bool" % self.name)
+        setattr(instance, self.attr_name, value)
+
+
+class DummyLogger(object):
+    """
+    An Logger object that does not actual logging, hence a DummyLogger.
+
+    For the class the log operation is merely a no-op.  The intent is to avoid
+    conditionals being sprinkled throughout the hyper-h2 code for calls to
+    logging functions when no logger is passed into the corresponding object.
+    """
+    def __init__(self, *vargs):
+        pass
+
+    def debug(self, *vargs, **kwargs):
+        """
+        No-op logging. Only level needed for now.
+        """
+        pass
+
+
+class H2Configuration(object):
+    """
+    An object that controls the way a single HTTP/2 connection behaves.
+
+    This object allows the users to customize behaviour. In particular, it
+    allows users to enable or disable optional features, or to otherwise handle
+    various unusual behaviours.
+
+    This object has very little behaviour of its own: it mostly just ensures
+    that configuration is self-consistent.
+
+    :param client_side: Whether this object is to be used on the client side of
+        a connection, or on the server side. Affects the logic used by the
+        state machine, the default settings values, the allowable stream IDs,
+        and several other properties. Defaults to ``True``.
+    :type client_side: ``bool``
+
+    :param header_encoding: Controls whether the headers emitted by this object
+        in events are transparently decoded to ``unicode`` strings, and what
+        encoding is used to do that decoding. For historical reasons, this
+        defaults to ``'utf-8'``. To prevent the decoding of headers (that is,
+        to force them to be returned as bytestrings), this can be set to
+        ``False`` or the empty string.
+    :type header_encoding: ``str``, ``False``, or ``None``
+
+    :param validate_outbound_headers: Controls whether the headers emitted
+        by this object are validated against the rules in RFC 7540.
+        Disabling this setting will cause outbound header validation to
+        be skipped, and allow the object to emit headers that may be illegal
+        according to RFC 7540. Defaults to ``True``.
+    :type validate_outbound_headers: ``bool``
+
+    :param normalize_outbound_headers: Controls whether the headers emitted
+        by this object are normalized before sending.  Disabling this setting
+        will cause outbound header normalization to be skipped, and allow
+        the object to emit headers that may be illegal according to
+        RFC 7540. Defaults to ``True``.
+    :type normalize_outbound_headers: ``bool``
+
+    :param validate_inbound_headers: Controls whether the headers received
+        by this object are validated against the rules in RFC 7540.
+        Disabling this setting will cause inbound header validation to
+        be skipped, and allow the object to receive headers that may be illegal
+        according to RFC 7540. Defaults to ``True``.
+    :type validate_inbound_headers: ``bool``
+
+    :param logger: A logger that conforms to the requirements for this module,
+        those being no I/O and no context switches, which is needed in order
+        to run in asynchronous operation.
+
+        .. versionadded:: 2.6.0
+
+    :type logger: ``logging.Logger``
+    """
+    client_side = _BooleanConfigOption('client_side')
+    validate_outbound_headers = _BooleanConfigOption(
+        'validate_outbound_headers'
+    )
+    normalize_outbound_headers = _BooleanConfigOption(
+        'normalize_outbound_headers'
+    )
+    validate_inbound_headers = _BooleanConfigOption(
+        'validate_inbound_headers'
+    )
+
+    def __init__(self,
+                 client_side=True,
+                 header_encoding='utf-8',
+                 validate_outbound_headers=True,
+                 normalize_outbound_headers=True,
+                 validate_inbound_headers=True,
+                 logger=None):
+        self.client_side = client_side
+        self.header_encoding = header_encoding
+        self.validate_outbound_headers = validate_outbound_headers
+        self.normalize_outbound_headers = normalize_outbound_headers
+        self.validate_inbound_headers = validate_inbound_headers
+        self.logger = logger or DummyLogger(__name__)
+
+    @property
+    def header_encoding(self):
+        """
+        Controls whether the headers emitted by this object in events are
+        transparently decoded to ``unicode`` strings, and what encoding is used
+        to do that decoding. For historical reasons, this defaults to
+        ``'utf-8'``. To prevent the decoding of headers (that is, to force them
+        to be returned as bytestrings), this can be set to ``False`` or the
+        empty string.
+        """
+        return self._header_encoding
+
+    @header_encoding.setter
+    def header_encoding(self, value):
+        """
+        Enforces constraints on the value of header encoding.
+        """
+        if not isinstance(value, (bool, str, type(None))):
+            raise ValueError("header_encoding must be bool, string, or None")
+        if value is True:
+            raise ValueError("header_encoding cannot be True")
+        self._header_encoding = value
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/connection.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/connection.py
new file mode 100755
index 00000000000..37dc6365470
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/connection.py
@@ -0,0 +1,2074 @@
+# -*- coding: utf-8 -*-
+"""
+h2/connection
+~~~~~~~~~~~~~
+
+An implementation of a HTTP/2 connection.
+"""
+import base64
+
+from enum import Enum, IntEnum
+
+from hyperframe.exceptions import InvalidPaddingError
+from hyperframe.frame import (
+    GoAwayFrame, WindowUpdateFrame, HeadersFrame, DataFrame, PingFrame,
+    PushPromiseFrame, SettingsFrame, RstStreamFrame, PriorityFrame,
+    ContinuationFrame, AltSvcFrame
+)
+from hpack.hpack import Encoder, Decoder
+from hpack.exceptions import HPACKError
+
+from .config import H2Configuration
+from .errors import ErrorCodes, _error_code_from_int
+from .events import (
+    WindowUpdated, RemoteSettingsChanged, PingAcknowledged,
+    SettingsAcknowledged, ConnectionTerminated, PriorityUpdated,
+    AlternativeServiceAvailable,
+)
+from .exceptions import (
+    ProtocolError, NoSuchStreamError, FlowControlError, FrameTooLargeError,
+    TooManyStreamsError, StreamClosedError, StreamIDTooLowError,
+    NoAvailableStreamIDError, RFC1122Error, DenialOfServiceError
+)
+from .frame_buffer import FrameBuffer
+from .settings import Settings, SettingCodes
+from .stream import H2Stream, StreamClosedBy
+from .utilities import guard_increment_window
+from .windows import WindowManager
+
+try:
+    from hpack.exceptions import OversizedHeaderListError
+except ImportError:  # Platform-specific: HPACK < 2.3.0
+    # If the exception doesn't exist, it cannot possibly be thrown. Define a
+    # placeholder name, but don't otherwise worry about it.
+    class OversizedHeaderListError(Exception):
+        pass
+
+
+try:
+    from hyperframe.frame import ExtensionFrame
+except ImportError:  # Platform-specific: Hyperframe < 5.0.0
+    # If the frame doesn't exist, that's just fine: we'll define it ourselves
+    # and the method will just never be called.
+    class ExtensionFrame(object):
+        pass
+
+
+class ConnectionState(Enum):
+    IDLE = 0
+    CLIENT_OPEN = 1
+    SERVER_OPEN = 2
+    CLOSED = 3
+
+
+class ConnectionInputs(Enum):
+    SEND_HEADERS = 0
+    SEND_PUSH_PROMISE = 1
+    SEND_DATA = 2
+    SEND_GOAWAY = 3
+    SEND_WINDOW_UPDATE = 4
+    SEND_PING = 5
+    SEND_SETTINGS = 6
+    SEND_RST_STREAM = 7
+    SEND_PRIORITY = 8
+    RECV_HEADERS = 9
+    RECV_PUSH_PROMISE = 10
+    RECV_DATA = 11
+    RECV_GOAWAY = 12
+    RECV_WINDOW_UPDATE = 13
+    RECV_PING = 14
+    RECV_SETTINGS = 15
+    RECV_RST_STREAM = 16
+    RECV_PRIORITY = 17
+    SEND_ALTERNATIVE_SERVICE = 18  # Added in 2.3.0
+    RECV_ALTERNATIVE_SERVICE = 19  # Added in 2.3.0
+
+
+class AllowedStreamIDs(IntEnum):
+    EVEN = 0
+    ODD = 1
+
+
+class H2ConnectionStateMachine(object):
+    """
+    A single HTTP/2 connection state machine.
+
+    This state machine, while defined in its own class, is logically part of
+    the H2Connection class also defined in this file. The state machine itself
+    maintains very little state directly, instead focusing entirely on managing
+    state transitions.
+    """
+    # For the purposes of this state machine we treat HEADERS and their
+    # associated CONTINUATION frames as a single jumbo frame. The protocol
+    # allows/requires this by preventing other frames from being interleved in
+    # between HEADERS/CONTINUATION frames.
+    #
+    # The _transitions dictionary contains a mapping of tuples of
+    # (state, input) to tuples of (side_effect_function, end_state). This map
+    # contains all allowed transitions: anything not in this map is invalid
+    # and immediately causes a transition to ``closed``.
+
+    _transitions = {
+        # State: idle
+        (ConnectionState.IDLE, ConnectionInputs.SEND_HEADERS):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.IDLE, ConnectionInputs.RECV_HEADERS):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.IDLE, ConnectionInputs.SEND_SETTINGS):
+            (None, ConnectionState.IDLE),
+        (ConnectionState.IDLE, ConnectionInputs.RECV_SETTINGS):
+            (None, ConnectionState.IDLE),
+        (ConnectionState.IDLE, ConnectionInputs.SEND_WINDOW_UPDATE):
+            (None, ConnectionState.IDLE),
+        (ConnectionState.IDLE, ConnectionInputs.RECV_WINDOW_UPDATE):
+            (None, ConnectionState.IDLE),
+        (ConnectionState.IDLE, ConnectionInputs.SEND_PING):
+            (None, ConnectionState.IDLE),
+        (ConnectionState.IDLE, ConnectionInputs.RECV_PING):
+            (None, ConnectionState.IDLE),
+        (ConnectionState.IDLE, ConnectionInputs.SEND_GOAWAY):
+            (None, ConnectionState.CLOSED),
+        (ConnectionState.IDLE, ConnectionInputs.RECV_GOAWAY):
+            (None, ConnectionState.CLOSED),
+        (ConnectionState.IDLE, ConnectionInputs.SEND_PRIORITY):
+            (None, ConnectionState.IDLE),
+        (ConnectionState.IDLE, ConnectionInputs.RECV_PRIORITY):
+            (None, ConnectionState.IDLE),
+        (ConnectionState.IDLE, ConnectionInputs.SEND_ALTERNATIVE_SERVICE):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.IDLE, ConnectionInputs.RECV_ALTERNATIVE_SERVICE):
+            (None, ConnectionState.CLIENT_OPEN),
+
+        # State: open, client side.
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_HEADERS):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_DATA):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_GOAWAY):
+            (None, ConnectionState.CLOSED),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_WINDOW_UPDATE):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_PING):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_SETTINGS):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_PRIORITY):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_HEADERS):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_PUSH_PROMISE):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_DATA):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_GOAWAY):
+            (None, ConnectionState.CLOSED),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_WINDOW_UPDATE):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_PING):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_SETTINGS):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_RST_STREAM):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_RST_STREAM):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_PRIORITY):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN,
+            ConnectionInputs.RECV_ALTERNATIVE_SERVICE):
+                (None, ConnectionState.CLIENT_OPEN),
+
+        # State: open, server side.
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_HEADERS):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_PUSH_PROMISE):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_DATA):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_GOAWAY):
+            (None, ConnectionState.CLOSED),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_WINDOW_UPDATE):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_PING):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_SETTINGS):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_PRIORITY):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_HEADERS):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_DATA):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_GOAWAY):
+            (None, ConnectionState.CLOSED),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_WINDOW_UPDATE):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_PING):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_SETTINGS):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_PRIORITY):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_RST_STREAM):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_RST_STREAM):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN,
+            ConnectionInputs.SEND_ALTERNATIVE_SERVICE):
+                (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN,
+            ConnectionInputs.RECV_ALTERNATIVE_SERVICE):
+                (None, ConnectionState.SERVER_OPEN),
+
+        # State: closed
+        (ConnectionState.CLOSED, ConnectionInputs.SEND_GOAWAY):
+            (None, ConnectionState.CLOSED),
+        (ConnectionState.CLOSED, ConnectionInputs.RECV_GOAWAY):
+            (None, ConnectionState.CLOSED),
+    }
+
+    def __init__(self):
+        self.state = ConnectionState.IDLE
+
+    def process_input(self, input_):
+        """
+        Process a specific input in the state machine.
+        """
+        if not isinstance(input_, ConnectionInputs):
+            raise ValueError("Input must be an instance of ConnectionInputs")
+
+        try:
+            func, target_state = self._transitions[(self.state, input_)]
+        except KeyError:
+            old_state = self.state
+            self.state = ConnectionState.CLOSED
+            raise ProtocolError(
+                "Invalid input %s in state %s" % (input_, old_state)
+            )
+        else:
+            self.state = target_state
+            if func is not None:  # pragma: no cover
+                return func()
+
+            return []
+
+
+class H2Connection(object):
+    """
+    A low-level HTTP/2 connection object. This handles building and receiving
+    frames and maintains both connection and per-stream state for all streams
+    on this connection.
+
+    This wraps a HTTP/2 Connection state machine implementation, ensuring that
+    frames can only be sent/received when the connection is in a valid state.
+    It also builds stream state machines on demand to ensure that the
+    constraints of those state machines are met as well. Attempts to create
+    frames that cannot be sent will raise a ``ProtocolError``.
+
+    .. versionchanged:: 2.3.0
+       Added the ``header_encoding`` keyword argument.
+
+    .. versionchanged:: 2.5.0
+       Added the ``config`` keyword argument. Deprecated the ``client_side``
+       and ``header_encoding`` parameters.
+
+    :param client_side: Whether this object is to be used on the client side of
+        a connection, or on the server side. Affects the logic used by the
+        state machine, the default settings values, the allowable stream IDs,
+        and several other properties. Defaults to ``True``.
+
+        .. deprecated:: 2.5.0
+
+    :type client_side: ``bool``
+
+    :param header_encoding: Controls whether the headers emitted by this object
+        in events are transparently decoded to ``unicode`` strings, and what
+        encoding is used to do that decoding. For historical reason, this
+        defaults to ``'utf-8'``. To prevent the decoding of headers (that is,
+        to force them to be returned as bytestrings), this can be set to
+        ``False`` or the empty string.
+
+        .. deprecated:: 2.5.0
+
+    :type header_encoding: ``str`` or ``False``
+
+    :param config: The configuration for the HTTP/2 connection. If provided,
+        supersedes the deprecated ``client_side`` and ``header_encoding``
+        values.
+
+        .. versionadded:: 2.5.0
+
+    :type config: :class:`H2Configuration <h2.config.H2Configuration>`
+    """
+    # The initial maximum outbound frame size. This can be changed by receiving
+    # a settings frame.
+    DEFAULT_MAX_OUTBOUND_FRAME_SIZE = 65535
+
+    # The initial maximum inbound frame size. This is somewhat arbitrarily
+    # chosen.
+    DEFAULT_MAX_INBOUND_FRAME_SIZE = 2**24
+
+    # The highest acceptable stream ID.
+    HIGHEST_ALLOWED_STREAM_ID = 2**31 - 1
+
+    # The largest acceptable window increment.
+    MAX_WINDOW_INCREMENT = 2**31 - 1
+
+    # The initial default value of SETTINGS_MAX_HEADER_LIST_SIZE.
+    DEFAULT_MAX_HEADER_LIST_SIZE = 2**16
+
+    def __init__(self, client_side=True, header_encoding='utf-8', config=None):
+        self.state_machine = H2ConnectionStateMachine()
+        self.streams = {}
+        self.highest_inbound_stream_id = 0
+        self.highest_outbound_stream_id = 0
+        self.encoder = Encoder()
+        self.decoder = Decoder()
+
+        # This won't always actually do anything: for versions of HPACK older
+        # than 2.3.0 it does nothing. However, we have to try!
+        self.decoder.max_header_list_size = self.DEFAULT_MAX_HEADER_LIST_SIZE
+
+        #: The configuration for this HTTP/2 connection object.
+        #:
+        #: .. versionadded:: 2.5.0
+        self.config = config
+        if self.config is None:
+            self.config = H2Configuration(
+                client_side=client_side,
+                header_encoding=header_encoding,
+            )
+
+        # Objects that store settings, including defaults.
+        #
+        # We set the MAX_CONCURRENT_STREAMS value to 100 because its default is
+        # unbounded, and that's a dangerous default because it allows
+        # essentially unbounded resources to be allocated regardless of how
+        # they will be used. 100 should be suitable for the average
+        # application. This default obviously does not apply to the remote
+        # peer's settings: the remote peer controls them!
+        #
+        # We also set MAX_HEADER_LIST_SIZE to a reasonable value. This is to
+        # advertise our defence against CVE-2016-6581. However, not all
+        # versions of HPACK will let us do it. That's ok: we should at least
+        # suggest that we're not vulnerable.
+        self.local_settings = Settings(
+            client=self.config.client_side,
+            initial_values={
+                SettingCodes.MAX_CONCURRENT_STREAMS: 100,
+                SettingCodes.MAX_HEADER_LIST_SIZE:
+                    self.DEFAULT_MAX_HEADER_LIST_SIZE,
+            }
+        )
+        self.remote_settings = Settings(client=not self.config.client_side)
+
+        # The curent value of the connection flow control windows on the
+        # connection.
+        self.outbound_flow_control_window = (
+            self.remote_settings.initial_window_size
+        )
+
+        #: The maximum size of a frame that can be emitted by this peer, in
+        #: bytes.
+        self.max_outbound_frame_size = self.remote_settings.max_frame_size
+
+        #: The maximum size of a frame that can be received by this peer, in
+        #: bytes.
+        self.max_inbound_frame_size = self.local_settings.max_frame_size
+
+        # Buffer for incoming data.
+        self.incoming_buffer = FrameBuffer(server=not self.config.client_side)
+
+        # A private variable to store a sequence of received header frames
+        # until completion.
+        self._header_frames = []
+
+        # Data that needs to be sent.
+        self._data_to_send = b''
+
+        # Keeps track of how streams are closed.
+        # Used to ensure that we don't blow up in the face of frames that were
+        # in flight when a RST_STREAM was sent.
+        # Also used to determine whether we should consider a frame received
+        # while a stream is closed as either a stream error or a connection
+        # error.
+        self._closed_streams = {}
+
+        # The flow control window manager for the connection.
+        self._inbound_flow_control_window_manager = WindowManager(
+            max_window_size=self.local_settings.initial_window_size
+        )
+
+        # When in doubt use dict-dispatch.
+        self._frame_dispatch_table = {
+            HeadersFrame: self._receive_headers_frame,
+            PushPromiseFrame: self._receive_push_promise_frame,
+            SettingsFrame: self._receive_settings_frame,
+            DataFrame: self._receive_data_frame,
+            WindowUpdateFrame: self._receive_window_update_frame,
+            PingFrame: self._receive_ping_frame,
+            RstStreamFrame: self._receive_rst_stream_frame,
+            PriorityFrame: self._receive_priority_frame,
+            GoAwayFrame: self._receive_goaway_frame,
+            ContinuationFrame: self._receive_naked_continuation,
+            AltSvcFrame: self._receive_alt_svc_frame,
+            ExtensionFrame: self._receive_unknown_frame
+        }
+
+    def _prepare_for_sending(self, frames):
+        if not frames:
+            return
+        self._data_to_send += b''.join(f.serialize() for f in frames)
+        assert all(f.body_len <= self.max_outbound_frame_size for f in frames)
+
+    def _open_streams(self, remainder):
+        """
+        A common method of counting number of open streams. Returns the number
+        of streams that are open *and* that have (stream ID % 2) == remainder.
+        While it iterates, also deletes any closed streams.
+        """
+        count = 0
+        to_delete = []
+
+        for stream_id, stream in self.streams.items():
+            if stream.open and (stream_id % 2 == remainder):
+                count += 1
+            elif stream.closed:
+                to_delete.append(stream_id)
+
+        for stream_id in to_delete:
+            stream = self.streams.pop(stream_id)
+            self._closed_streams[stream_id] = stream.closed_by
+
+        return count
+
+    @property
+    def open_outbound_streams(self):
+        """
+        The current number of open outbound streams.
+        """
+        outbound_numbers = int(self.config.client_side)
+        return self._open_streams(outbound_numbers)
+
+    @property
+    def open_inbound_streams(self):
+        """
+        The current number of open inbound streams.
+        """
+        inbound_numbers = int(not self.config.client_side)
+        return self._open_streams(inbound_numbers)
+
+    @property
+    def header_encoding(self):
+        """
+        Controls whether the headers emitted by this object in events are
+        transparently decoded to ``unicode`` strings, and what encoding is used
+        to do that decoding. For historical reason, this defaults to
+        ``'utf-8'``. To prevent the decoding of headers (that is, to force them
+        to be returned as bytestrings), this can be set to ``False`` or the
+        empty string.
+
+        .. versionadded:: 2.3.0
+
+        .. deprecated:: 2.5.0
+           Use :data:`config <h2.connection.H2Connection.config>` instead.
+        """
+        return self.config.header_encoding
+
+    @header_encoding.setter
+    def header_encoding(self, value):
+        """
+        Setter for header encoding config value.
+        """
+        self.config.header_encoding = value
+
+    @property
+    def client_side(self):
+        """
+        Whether this object is to be used on the client side of a connection,
+        or on the server side. Affects the logic used by the state machine, the
+        default settings values, the allowable stream IDs, and several other
+        properties. Defaults to ``True``.
+
+        .. deprecated:: 2.5.0
+           Use :data:`config <h2.connection.H2Connection.config>` instead.
+        """
+        return self.config.client_side
+
+    @property
+    def inbound_flow_control_window(self):
+        """
+        The size of the inbound flow control window for the connection. This is
+        rarely publicly useful: instead, use :meth:`remote_flow_control_window
+        <h2.connection.H2Connection.remote_flow_control_window>`. This
+        shortcut is largely present to provide a shortcut to this data.
+        """
+        return self._inbound_flow_control_window_manager.current_window_size
+
+    def _begin_new_stream(self, stream_id, allowed_ids):
+        """
+        Initiate a new stream.
+
+        .. versionchanged:: 2.0.0
+           Removed this function from the public API.
+
+        :param stream_id: The ID of the stream to open.
+        :param allowed_ids: What kind of stream ID is allowed.
+        """
+        self.config.logger.debug(
+            "Attempting to initiate stream ID %d", stream_id
+        )
+        outbound = self._stream_id_is_outbound(stream_id)
+        highest_stream_id = (
+            self.highest_outbound_stream_id if outbound else
+            self.highest_inbound_stream_id
+        )
+
+        if stream_id <= highest_stream_id:
+            raise StreamIDTooLowError(stream_id, highest_stream_id)
+
+        if (stream_id % 2) != int(allowed_ids):
+            raise ProtocolError(
+                "Invalid stream ID for peer."
+            )
+
+        s = H2Stream(
+            stream_id,
+            config=self.config,
+            inbound_window_size=self.local_settings.initial_window_size,
+            outbound_window_size=self.remote_settings.initial_window_size
+        )
+        self.config.logger.debug("Stream ID %d created", stream_id)
+        s.max_inbound_frame_size = self.max_inbound_frame_size
+        s.max_outbound_frame_size = self.max_outbound_frame_size
+
+        self.streams[stream_id] = s
+        self.config.logger.debug("Current streams: %s", self.streams.keys())
+
+        if outbound:
+            self.highest_outbound_stream_id = stream_id
+        else:
+            self.highest_inbound_stream_id = stream_id
+
+        return s
+
+    def initiate_connection(self):
+        """
+        Provides any data that needs to be sent at the start of the connection.
+        Must be called for both clients and servers.
+        """
+        self.config.logger.debug("Initializing connection")
+        self.state_machine.process_input(ConnectionInputs.SEND_SETTINGS)
+        if self.config.client_side:
+            preamble = b'PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n'
+        else:
+            preamble = b''
+
+        f = SettingsFrame(0)
+        for setting, value in self.local_settings.items():
+            f.settings[setting] = value
+        self.config.logger.debug(
+            "Send Settings frame: %s", self.local_settings
+        )
+
+        self._data_to_send += preamble + f.serialize()
+
+    def initiate_upgrade_connection(self, settings_header=None):
+        """
+        Call to initialise the connection object for use with an upgraded
+        HTTP/2 connection (i.e. a connection negotiated using the
+        ``Upgrade: h2c`` HTTP header).
+
+        This method differs from :meth:`initiate_connection
+        <h2.connection.H2Connection.initiate_connection>` in several ways.
+        Firstly, it handles the additional SETTINGS frame that is sent in the
+        ``HTTP2-Settings`` header field. When called on a client connection,
+        this method will return a bytestring that the caller can put in the
+        ``HTTP2-Settings`` field they send on their initial request. When
+        called on a server connection, the user **must** provide the value they
+        received from the client in the ``HTTP2-Settings`` header field to the
+        ``settings_header`` argument, which will be used appropriately.
+
+        Additionally, this method sets up stream 1 in a half-closed state
+        appropriate for this side of the connection, to reflect the fact that
+        the request is already complete.
+
+        Finally, this method also prepares the appropriate preamble to be sent
+        after the upgrade.
+
+        .. versionadded:: 2.3.0
+
+        :param settings_header: (optional, server-only): The value of the
+             ``HTTP2-Settings`` header field received from the client.
+        :type settings_header: ``bytes``
+
+        :returns: For clients, a bytestring to put in the ``HTTP2-Settings``.
+            For servers, returns nothing.
+        :rtype: ``bytes`` or ``None``
+        """
+        self.config.logger.debug(
+            "Upgrade connection. Current settings: %s", self.local_settings
+        )
+
+        frame_data = None
+        # Begin by getting the preamble in place.
+        self.initiate_connection()
+
+        if self.config.client_side:
+            f = SettingsFrame(0)
+            for setting, value in self.local_settings.items():
+                f.settings[setting] = value
+
+            frame_data = f.serialize_body()
+            frame_data = base64.urlsafe_b64encode(frame_data)
+        elif settings_header:
+            # We have a settings header from the client. This needs to be
+            # applied, but we want to throw away the ACK. We do this by
+            # inserting the data into a Settings frame and then passing it to
+            # the state machine, but ignoring the return value.
+            settings_header = base64.urlsafe_b64decode(settings_header)
+            f = SettingsFrame(0)
+            f.parse_body(settings_header)
+            self._receive_settings_frame(f)
+
+        # Set up appropriate state. Stream 1 in a half-closed state:
+        # half-closed(local) for clients, half-closed(remote) for servers.
+        # Additionally, we need to set up the Connection state machine.
+        connection_input = (
+            ConnectionInputs.SEND_HEADERS if self.config.client_side
+            else ConnectionInputs.RECV_HEADERS
+        )
+        self.config.logger.debug("Process input %s", connection_input)
+        self.state_machine.process_input(connection_input)
+
+        # Set up stream 1.
+        self._begin_new_stream(stream_id=1, allowed_ids=AllowedStreamIDs.ODD)
+        self.streams[1].upgrade(self.config.client_side)
+        return frame_data
+
+    def _get_or_create_stream(self, stream_id, allowed_ids):
+        """
+        Gets a stream by its stream ID. Will create one if one does not already
+        exist. Use allowed_ids to circumvent the usual stream ID rules for
+        clients and servers.
+
+        .. versionchanged:: 2.0.0
+           Removed this function from the public API.
+        """
+        try:
+            return self.streams[stream_id]
+        except KeyError:
+            return self._begin_new_stream(stream_id, allowed_ids)
+
+    def _get_stream_by_id(self, stream_id):
+        """
+        Gets a stream by its stream ID. Raises NoSuchStreamError if the stream
+        ID does not correspond to a known stream and is higher than the current
+        maximum: raises if it is lower than the current maximum.
+
+        .. versionchanged:: 2.0.0
+           Removed this function from the public API.
+        """
+        try:
+            return self.streams[stream_id]
+        except KeyError:
+            outbound = self._stream_id_is_outbound(stream_id)
+            highest_stream_id = (
+                self.highest_outbound_stream_id if outbound else
+                self.highest_inbound_stream_id
+            )
+
+            if stream_id > highest_stream_id:
+                raise NoSuchStreamError(stream_id)
+            else:
+                raise StreamClosedError(stream_id)
+
+    def get_next_available_stream_id(self):
+        """
+        Returns an integer suitable for use as the stream ID for the next
+        stream created by this endpoint. For server endpoints, this stream ID
+        will be even. For client endpoints, this stream ID will be odd. If no
+        stream IDs are available, raises :class:`NoAvailableStreamIDError
+        <h2.exceptions.NoAvailableStreamIDError>`.
+
+        .. warning:: The return value from this function does not change until
+                     the stream ID has actually been used by sending or pushing
+                     headers on that stream. For that reason, it should be
+                     called as close as possible to the actual use of the
+                     stream ID.
+
+        .. versionadded:: 2.0.0
+
+        :raises: :class:`NoAvailableStreamIDError
+            <h2.exceptions.NoAvailableStreamIDError>`
+        :returns: The next free stream ID this peer can use to initiate a
+            stream.
+        :rtype: ``int``
+        """
+        # No streams have been opened yet, so return the lowest allowed stream
+        # ID.
+        if not self.highest_outbound_stream_id:
+            next_stream_id = 1 if self.config.client_side else 2
+        else:
+            next_stream_id = self.highest_outbound_stream_id + 2
+        self.config.logger.debug(
+            "Next available stream ID %d", next_stream_id
+        )
+        if next_stream_id > self.HIGHEST_ALLOWED_STREAM_ID:
+            raise NoAvailableStreamIDError("Exhausted allowed stream IDs")
+
+        return next_stream_id
+
+    def send_headers(self, stream_id, headers, end_stream=False,
+                     priority_weight=None, priority_depends_on=None,
+                     priority_exclusive=None):
+        """
+        Send headers on a given stream.
+
+        This function can be used to send request or response headers: the kind
+        that are sent depends on whether this connection has been opened as a
+        client or server connection, and whether the stream was opened by the
+        remote peer or not.
+
+        If this is a client connection, calling ``send_headers`` will send the
+        headers as a request. It will also implicitly open the stream being
+        used. If this is a client connection and ``send_headers`` has *already*
+        been called, this will send trailers instead.
+
+        If this is a server connection, calling ``send_headers`` will send the
+        headers as a response. It is a protocol error for a server to open a
+        stream by sending headers. If this is a server connection and
+        ``send_headers`` has *already* been called, this will send trailers
+        instead.
+
+        When acting as a server, you may call ``send_headers`` any number of
+        times allowed by the following rules, in this order:
+
+        - zero or more times with ``(':status', '1XX')`` (where ``1XX`` is a
+          placeholder for any 100-level status code).
+        - once with any other status header.
+        - zero or one time for trailers.
+
+        That is, you are allowed to send as many informational responses as you
+        like, followed by one complete response and zero or one HTTP trailer
+        blocks.
+
+        Clients may send one or two header blocks: one request block, and
+        optionally one trailer block.
+
+        If it is important to send HPACK "never indexed" header fields (as
+        defined in `RFC 7451 Section 7.1.3
+        <https://tools.ietf.org/html/rfc7541#section-7.1.3>`_), the user may
+        instead provide headers using the HPACK library's :class:`HeaderTuple
+        <hpack:hpack.HeaderTuple>` and :class:`NeverIndexedHeaderTuple
+        <hpack:hpack.NeverIndexedHeaderTuple>` objects.
+
+        This method also allows users to prioritize the stream immediately,
+        by sending priority information on the HEADERS frame directly. To do
+        this, any one of ``priority_weight``, ``priority_depends_on``, or
+        ``priority_exclusive`` must be set to a value that is not ``None``. For
+        more information on the priority fields, see :meth:`prioritize
+        <h2.connection.H2Connection.prioritize>`.
+
+        .. warning:: In HTTP/2, it is mandatory that all the HTTP/2 special
+            headers (that is, ones whose header keys begin with ``:``) appear
+            at the start of the header block, before any normal headers.
+            If you pass a dictionary to the ``headers`` parameter, it is
+            unlikely that they will iterate in that order, and your connection
+            may fail. For this reason, passing a ``dict`` to ``headers`` is
+            *deprecated*, and will be removed in 3.0.
+
+        .. versionchanged:: 2.3.0
+           Added support for using :class:`HeaderTuple
+           <hpack:hpack.HeaderTuple>` objects to store headers.
+
+        .. versionchanged:: 2.4.0
+           Added the ability to provide priority keyword arguments:
+           ``priority_weight``, ``priority_depends_on``, and
+           ``priority_exclusive``.
+
+        :param stream_id: The stream ID to send the headers on. If this stream
+            does not currently exist, it will be created.
+        :type stream_id: ``int``
+
+        :param headers: The request/response headers to send.
+        :type headers: An iterable of two tuples of bytestrings or
+            :class:`HeaderTuple <hpack:hpack.HeaderTuple>` objects.
+
+        :param end_stream: Whether this headers frame should end the stream
+            immediately (that is, whether no more data will be sent after this
+            frame). Defaults to ``False``.
+        :type end_stream: ``bool``
+
+        :param priority_weight: Sets the priority weight of the stream. See
+            :meth:`prioritize <h2.connection.H2Connection.prioritize>` for more
+            about how this field works. Defaults to ``None``, which means that
+            no priority information will be sent.
+        :type priority_weight: ``int`` or ``None``
+
+        :param priority_depends_on: Sets which stream this one depends on for
+            priority purposes. See :meth:`prioritize
+            <h2.connection.H2Connection.prioritize>` for more about how this
+            field works. Defaults to ``None``, which means that no priority
+            information will be sent.
+        :type priority_depends_on: ``int`` or ``None``
+
+        :param priority_exclusive: Sets whether this stream exclusively depends
+            on the stream given in ``priority_depends_on`` for priority
+            purposes. See :meth:`prioritize
+            <h2.connection.H2Connection.prioritize>` for more about how this
+            field workds. Defaults to ``None``, which means that no priority
+            information will be sent.
+        :type priority_depends_on: ``bool`` or ``None``
+
+        :returns: Nothing
+        """
+        self.config.logger.debug(
+            "Send headers on stream ID %d", stream_id
+        )
+
+        # Check we can open the stream.
+        if stream_id not in self.streams:
+            max_open_streams = self.remote_settings.max_concurrent_streams
+            if (self.open_outbound_streams + 1) > max_open_streams:
+                raise TooManyStreamsError(
+                    "Max outbound streams is %d, %d open" %
+                    (max_open_streams, self.open_outbound_streams)
+                )
+
+        self.state_machine.process_input(ConnectionInputs.SEND_HEADERS)
+        stream = self._get_or_create_stream(
+            stream_id, AllowedStreamIDs(self.config.client_side)
+        )
+        frames = stream.send_headers(
+            headers, self.encoder, end_stream
+        )
+
+        # We may need to send priority information.
+        priority_present = (
+            (priority_weight is not None) or
+            (priority_depends_on is not None) or
+            (priority_exclusive is not None)
+        )
+
+        if priority_present:
+            if not self.config.client_side:
+                raise RFC1122Error("Servers SHOULD NOT prioritize streams.")
+
+            headers_frame = frames[0]
+            headers_frame.flags.add('PRIORITY')
+            frames[0] = _add_frame_priority(
+                headers_frame,
+                priority_weight,
+                priority_depends_on,
+                priority_exclusive
+            )
+
+        self._prepare_for_sending(frames)
+
+    def send_data(self, stream_id, data, end_stream=False, pad_length=None):
+        """
+        Send data on a given stream.
+
+        This method does no breaking up of data: if the data is larger than the
+        value returned by :meth:`local_flow_control_window
+        <h2.connection.H2Connection.local_flow_control_window>` for this stream
+        then a :class:`FlowControlError <h2.exceptions.FlowControlError>` will
+        be raised. If the data is larger than :data:`max_outbound_frame_size
+        <h2.connection.H2Connection.max_outbound_frame_size>` then a
+        :class:`FrameTooLargeError <h2.exceptions.FrameTooLargeError>` will be
+        raised.
+
+        Hyper-h2 does this to avoid buffering the data internally. If the user
+        has more data to send than hyper-h2 will allow, consider breaking it up
+        and buffering it externally.
+
+        :param stream_id: The ID of the stream on which to send the data.
+        :type stream_id: ``int``
+        :param data: The data to send on the stream.
+        :type data: ``bytes``
+        :param end_stream: (optional) Whether this is the last data to be sent
+            on the stream. Defaults to ``False``.
+        :type end_stream: ``bool``
+        :param pad_length: (optional) Length of the padding to apply to the
+            data frame. Defaults to ``None`` for no use of padding. Note that
+            a value of ``0`` results in padding of length ``0``
+            (with the "padding" flag set on the frame).
+
+            .. versionadded:: 2.6.0
+
+        :type pad_length: ``int``
+        :returns: Nothing
+        """
+        self.config.logger.debug(
+            "Send data on stream ID %d with len %d", stream_id, len(data)
+        )
+        frame_size = len(data)
+        if pad_length is not None:
+            if not isinstance(pad_length, int):
+                raise TypeError("pad_length must be an int")
+            if pad_length < 0 or pad_length > 255:
+                raise ValueError("pad_length must be within range: [0, 255]")
+            # Account for padding bytes plus the 1-byte padding length field.
+            frame_size += pad_length + 1
+        self.config.logger.debug(
+            "Frame size on stream ID %d is %d", stream_id, frame_size
+        )
+
+        if frame_size > self.local_flow_control_window(stream_id):
+            raise FlowControlError(
+                "Cannot send %d bytes, flow control window is %d." %
+                (frame_size, self.local_flow_control_window(stream_id))
+            )
+        elif frame_size > self.max_outbound_frame_size:
+            raise FrameTooLargeError(
+                "Cannot send frame size %d, max frame size is %d" %
+                (frame_size, self.max_outbound_frame_size)
+            )
+
+        self.state_machine.process_input(ConnectionInputs.SEND_DATA)
+        frames = self.streams[stream_id].send_data(
+            data, end_stream, pad_length=pad_length
+        )
+
+        self._prepare_for_sending(frames)
+
+        self.outbound_flow_control_window -= frame_size
+        self.config.logger.debug(
+            "Outbound flow control window size is %d",
+            self.outbound_flow_control_window
+        )
+        assert self.outbound_flow_control_window >= 0
+
+    def end_stream(self, stream_id):
+        """
+        Cleanly end a given stream.
+
+        This method ends a stream by sending an empty DATA frame on that stream
+        with the ``END_STREAM`` flag set.
+
+        :param stream_id: The ID of the stream to end.
+        :type stream_id: ``int``
+        :returns: Nothing
+        """
+        self.config.logger.debug("End stream ID %d", stream_id)
+        self.state_machine.process_input(ConnectionInputs.SEND_DATA)
+        frames = self.streams[stream_id].end_stream()
+        self._prepare_for_sending(frames)
+
+    def increment_flow_control_window(self, increment, stream_id=None):
+        """
+        Increment a flow control window, optionally for a single stream. Allows
+        the remote peer to send more data.
+
+        .. versionchanged:: 2.0.0
+           Rejects attempts to increment the flow control window by out of
+           range values with a ``ValueError``.
+
+        :param increment: The amount to increment the flow control window by.
+        :type increment: ``int``
+        :param stream_id: (optional) The ID of the stream that should have its
+            flow control window opened. If not present or ``None``, the
+            connection flow control window will be opened instead.
+        :type stream_id: ``int`` or ``None``
+        :returns: Nothing
+        :raises: ``ValueError``
+        """
+        if not (1 <= increment <= self.MAX_WINDOW_INCREMENT):
+            raise ValueError(
+                "Flow control increment must be between 1 and %d" %
+                self.MAX_WINDOW_INCREMENT
+            )
+
+        self.state_machine.process_input(ConnectionInputs.SEND_WINDOW_UPDATE)
+
+        if stream_id is not None:
+            stream = self.streams[stream_id]
+            frames = stream.increase_flow_control_window(
+                increment
+            )
+        else:
+            self._inbound_flow_control_window_manager.window_opened(increment)
+            f = WindowUpdateFrame(0)
+            f.window_increment = increment
+            frames = [f]
+
+        self.config.logger.debug(
+            "Increase stream ID %d flow control window by %d",
+            stream_id, increment
+        )
+        self._prepare_for_sending(frames)
+
+    def push_stream(self, stream_id, promised_stream_id, request_headers):
+        """
+        Push a response to the client by sending a PUSH_PROMISE frame.
+
+        If it is important to send HPACK "never indexed" header fields (as
+        defined in `RFC 7451 Section 7.1.3
+        <https://tools.ietf.org/html/rfc7541#section-7.1.3>`_), the user may
+        instead provide headers using the HPACK library's :class:`HeaderTuple
+        <hpack:hpack.HeaderTuple>` and :class:`NeverIndexedHeaderTuple
+        <hpack:hpack.NeverIndexedHeaderTuple>` objects.
+
+        :param stream_id: The ID of the stream that this push is a response to.
+        :type stream_id: ``int``
+        :param promised_stream_id: The ID of the stream that the pushed
+            response will be sent on.
+        :type promised_stream_id: ``int``
+        :param request_headers: The headers of the request that the pushed
+            response will be responding to.
+        :type request_headers: An iterable of two tuples of bytestrings or
+            :class:`HeaderTuple <hpack:hpack.HeaderTuple>` objects.
+        :returns: Nothing
+        """
+        self.config.logger.debug(
+            "Send Push Promise frame on stream ID %d", stream_id
+        )
+
+        if not self.remote_settings.enable_push:
+            raise ProtocolError("Remote peer has disabled stream push")
+
+        self.state_machine.process_input(ConnectionInputs.SEND_PUSH_PROMISE)
+        stream = self._get_stream_by_id(stream_id)
+
+        # We need to prevent users pushing streams in response to streams that
+        # they themselves have already pushed: see #163 and RFC 7540 § 6.6. The
+        # easiest way to do that is to assert that the stream_id is not even:
+        # this shortcut works because only servers can push and the state
+        # machine will enforce this.
+        if (stream_id % 2) == 0:
+            raise ProtocolError("Cannot recursively push streams.")
+
+        new_stream = self._begin_new_stream(
+            promised_stream_id, AllowedStreamIDs.EVEN
+        )
+        self.streams[promised_stream_id] = new_stream
+
+        frames = stream.push_stream_in_band(
+            promised_stream_id, request_headers, self.encoder
+        )
+        new_frames = new_stream.locally_pushed()
+        self._prepare_for_sending(frames + new_frames)
+
+    def ping(self, opaque_data):
+        """
+        Send a PING frame.
+
+        :param opaque_data: A bytestring of length 8 that will be sent in the
+                            PING frame.
+        :returns: Nothing
+        """
+        self.config.logger.debug("Send Ping frame")
+
+        if not isinstance(opaque_data, bytes) or len(opaque_data) != 8:
+            raise ValueError("Invalid value for ping data: %r" % opaque_data)
+
+        self.state_machine.process_input(ConnectionInputs.SEND_PING)
+        f = PingFrame(0)
+        f.opaque_data = opaque_data
+        self._prepare_for_sending([f])
+
+    def reset_stream(self, stream_id, error_code=0):
+        """
+        Reset a stream.
+
+        This method forcibly closes a stream by sending a RST_STREAM frame for
+        a given stream. This is not a graceful closure. To gracefully end a
+        stream, try the :meth:`end_stream
+        <h2.connection.H2Connection.end_stream>` method.
+
+        :param stream_id: The ID of the stream to reset.
+        :type stream_id: ``int``
+        :param error_code: (optional) The error code to use to reset the
+            stream. Defaults to :data:`ErrorCodes.NO_ERROR
+            <h2.errors.ErrorCodes.NO_ERROR>`.
+        :type error_code: ``int``
+        :returns: Nothing
+        """
+        self.config.logger.debug("Reset stream ID %d", stream_id)
+        self.state_machine.process_input(ConnectionInputs.SEND_RST_STREAM)
+        stream = self._get_stream_by_id(stream_id)
+        frames = stream.reset_stream(error_code)
+        self._prepare_for_sending(frames)
+
+    def close_connection(self, error_code=0, additional_data=None,
+                         last_stream_id=None):
+
+        """
+        Close a connection, emitting a GOAWAY frame.
+
+        .. versionchanged:: 2.4.0
+           Added ``additional_data`` and ``last_stream_id`` arguments.
+
+        :param error_code: (optional) The error code to send in the GOAWAY
+            frame.
+        :param additional_data: (optional) Additional debug data indicating
+            a reason for closing the connection. Must be a bytestring.
+        :param last_stream_id: (optional) The last stream which was processed
+            by the sender. Defaults to ``highest_inbound_stream_id``.
+        :returns: Nothing
+        """
+        self.config.logger.debug("Close connection")
+        self.state_machine.process_input(ConnectionInputs.SEND_GOAWAY)
+
+        # Additional_data must be bytes
+        if additional_data is not None:
+            assert isinstance(additional_data, bytes)
+
+        if last_stream_id is None:
+            last_stream_id = self.highest_inbound_stream_id
+
+        f = GoAwayFrame(
+            stream_id=0,
+            last_stream_id=last_stream_id,
+            error_code=error_code,
+            additional_data=(additional_data or b'')
+        )
+        self._prepare_for_sending([f])
+
+    def update_settings(self, new_settings):
+        """
+        Update the local settings. This will prepare and emit the appropriate
+        SETTINGS frame.
+
+        :param new_settings: A dictionary of {setting: new value}
+        """
+        self.config.logger.debug(
+            "Update connection settings to %s", new_settings
+        )
+        self.state_machine.process_input(ConnectionInputs.SEND_SETTINGS)
+        self.local_settings.update(new_settings)
+        s = SettingsFrame(0)
+        s.settings = new_settings
+        self._prepare_for_sending([s])
+
+    def advertise_alternative_service(self,
+                                      field_value,
+                                      origin=None,
+                                      stream_id=None):
+        """
+        Notify a client about an available Alternative Service.
+
+        An Alternative Service is defined in `RFC 7838
+        <https://tools.ietf.org/html/rfc7838>`_. An Alternative Service
+        notification informs a client that a given origin is also available
+        elsewhere.
+
+        Alternative Services can be advertised in two ways. Firstly, they can
+        be advertised explicitly: that is, a server can say "origin X is also
+        available at Y". To advertise like this, set the ``origin`` argument
+        and not the ``stream_id`` argument. Alternatively, they can be
+        advertised implicitly: that is, a server can say "the origin you're
+        contacting on stream X is also available at Y". To advertise like this,
+        set the ``stream_id`` argument and not the ``origin`` argument.
+
+        The explicit method of advertising can be done as long as the
+        connection is active. The implicit method can only be done after the
+        client has sent the request headers and before the server has sent the
+        response headers: outside of those points, Hyper-h2 will forbid sending
+        the Alternative Service advertisement by raising a ProtocolError.
+
+        The ``field_value`` parameter is specified in RFC 7838. Hyper-h2 does
+        not validate or introspect this argument: the user is required to
+        ensure that it's well-formed. ``field_value`` corresponds to RFC 7838's
+        "Alternative Service Field Value".
+
+        .. note:: It is strongly preferred to use the explicit method of
+                  advertising Alternative Services. The implicit method of
+                  advertising Alternative Services has a number of subtleties
+                  and can lead to inconsistencies between the server and
+                  client. Hyper-h2 allows both mechanisms, but caution is
+                  strongly advised.
+
+        .. versionadded:: 2.3.0
+
+        :param field_value: The RFC 7838 Alternative Service Field Value. This
+            argument is not introspected by Hyper-h2: the user is responsible
+            for ensuring that it is well-formed.
+        :type field_value: ``bytes``
+
+        :param origin: The origin/authority to which the Alternative Service
+            being advertised applies. Must not be provided at the same time as
+            ``stream_id``.
+        :type origin: ``bytes`` or ``None``
+
+        :param stream_id: The ID of the stream which was sent to the authority
+            for which this Alternative Service advertisement applies. Must not
+            be provided at the same time as ``origin``.
+        :type stream_id: ``int`` or ``None``
+
+        :returns: Nothing.
+        """
+        if not isinstance(field_value, bytes):
+            raise ValueError("Field must be bytestring.")
+
+        if origin is not None and stream_id is not None:
+            raise ValueError("Must not provide both origin and stream_id")
+
+        self.state_machine.process_input(
+            ConnectionInputs.SEND_ALTERNATIVE_SERVICE
+        )
+
+        if origin is not None:
+            # This ALTSVC is sent on stream zero.
+            f = AltSvcFrame(stream_id=0)
+            f.origin = origin
+            f.field = field_value
+            frames = [f]
+        else:
+            stream = self._get_stream_by_id(stream_id)
+            frames = stream.advertise_alternative_service(field_value)
+
+        self._prepare_for_sending(frames)
+
+    def prioritize(self, stream_id, weight=None, depends_on=None,
+                   exclusive=None):
+        """
+        Notify a server about the priority of a stream.
+
+        Stream priorities are a form of guidance to a remote server: they
+        inform the server about how important a given response is, so that the
+        server may allocate its resources (e.g. bandwidth, CPU time, etc.)
+        accordingly. This exists to allow clients to ensure that the most
+        important data arrives earlier, while less important data does not
+        starve out the more important data.
+
+        Stream priorities are explained in depth in `RFC 7540 Section 5.3
+        <https://tools.ietf.org/html/rfc7540#section-5.3>`_.
+
+        This method updates the priority information of a single stream. It may
+        be called well before a stream is actively in use, or well after a
+        stream is closed.
+
+        .. warning:: RFC 7540 allows for servers to change the priority of
+                     streams. However, hyper-h2 **does not** allow server
+                     stacks to do this. This is because most clients do not
+                     adequately know how to respond when provided conflicting
+                     priority information, and relatively little utility is
+                     provided by making that functionality available.
+
+        .. note:: hyper-h2 **does not** maintain any information about the
+                  RFC 7540 priority tree. That means that hyper-h2 does not
+                  prevent incautious users from creating invalid priority
+                  trees, particularly by creating priority loops. While some
+                  basic error checking is provided by hyper-h2, users are
+                  strongly recommended to understand their prioritisation
+                  strategies before using the priority tools here.
+
+        .. note:: Priority information is strictly advisory. Servers are
+                  allowed to disregard it entirely. Avoid relying on the idea
+                  that your priority signaling will definitely be obeyed.
+
+        .. versionadded:: 2.4.0
+
+        :param stream_id: The ID of the stream to prioritize.
+        :type stream_id: ``int``
+
+        :param weight: The weight to give the stream. Defaults to ``16``, the
+             default weight of any stream. May be any value between ``1`` and
+             ``256`` inclusive. The relative weight of a stream indicates what
+             proportion of available resources will be allocated to that
+             stream.
+        :type weight: ``int``
+
+        :param depends_on: The ID of the stream on which this stream depends.
+             This stream will only be progressed if it is impossible to
+             progress the parent stream (the one on which this one depends).
+             Passing the value ``0`` means that this stream does not depend on
+             any other. Defaults to ``0``.
+        :type depends_on: ``int``
+
+        :param exclusive: Whether this stream is an exclusive dependency of its
+            "parent" stream (i.e. the stream given by ``depends_on``). If a
+            stream is an exclusive dependency of another, that means that all
+            previously-set children of the parent are moved to become children
+            of the new exclusively-dependent stream. Defaults to ``False``.
+        :type exclusive: ``bool``
+        """
+        if not self.config.client_side:
+            raise RFC1122Error("Servers SHOULD NOT prioritize streams.")
+
+        self.state_machine.process_input(
+            ConnectionInputs.SEND_PRIORITY
+        )
+
+        frame = PriorityFrame(stream_id)
+        frame = _add_frame_priority(frame, weight, depends_on, exclusive)
+
+        self._prepare_for_sending([frame])
+
+    def local_flow_control_window(self, stream_id):
+        """
+        Returns the maximum amount of data that can be sent on stream
+        ``stream_id``.
+
+        This value will never be larger than the total data that can be sent on
+        the connection: even if the given stream allows more data, the
+        connection window provides a logical maximum to the amount of data that
+        can be sent.
+
+        The maximum data that can be sent in a single data frame on a stream
+        is either this value, or the maximum frame size, whichever is
+        *smaller*.
+
+        :param stream_id: The ID of the stream whose flow control window is
+            being queried.
+        :type stream_id: ``int``
+        :returns: The amount of data in bytes that can be sent on the stream
+            before the flow control window is exhausted.
+        :rtype: ``int``
+        """
+        stream = self._get_stream_by_id(stream_id)
+        return min(
+            self.outbound_flow_control_window,
+            stream.outbound_flow_control_window
+        )
+
+    def remote_flow_control_window(self, stream_id):
+        """
+        Returns the maximum amount of data the remote peer can send on stream
+        ``stream_id``.
+
+        This value will never be larger than the total data that can be sent on
+        the connection: even if the given stream allows more data, the
+        connection window provides a logical maximum to the amount of data that
+        can be sent.
+
+        The maximum data that can be sent in a single data frame on a stream
+        is either this value, or the maximum frame size, whichever is
+        *smaller*.
+
+        :param stream_id: The ID of the stream whose flow control window is
+            being queried.
+        :type stream_id: ``int``
+        :returns: The amount of data in bytes that can be received on the
+            stream before the flow control window is exhausted.
+        :rtype: ``int``
+        """
+        stream = self._get_stream_by_id(stream_id)
+        return min(
+            self.inbound_flow_control_window,
+            stream.inbound_flow_control_window
+        )
+
+    def acknowledge_received_data(self, acknowledged_size, stream_id):
+        """
+        Inform the :class:`H2Connection <h2.connection.H2Connection>` that a
+        certain number of flow-controlled bytes have been processed, and that
+        the space should be handed back to the remote peer at an opportune
+        time.
+
+        .. versionadded:: 2.5.0
+
+        :param acknowledged_size: The total *flow-controlled size* of the data
+            that has been processed. Note that this must include the amount of
+            padding that was sent with that data.
+        :type acknowledged_size: ``int``
+        :param stream_id: The ID of the stream on which this data was received.
+        :type stream_id: ``int``
+        :returns: Nothing
+        :rtype: ``None``
+        """
+        self.config.logger.debug(
+            "Ack received data on stream ID %d with size %d",
+            stream_id, acknowledged_size
+        )
+        if stream_id <= 0:
+            raise ValueError(
+                "Stream ID %d is not valid for acknowledge_received_data" %
+                stream_id
+            )
+        if acknowledged_size < 0:
+            raise ValueError("Cannot acknowledge negative data")
+
+        frames = []
+
+        conn_manager = self._inbound_flow_control_window_manager
+        conn_increment = conn_manager.process_bytes(acknowledged_size)
+        if conn_increment:
+            f = WindowUpdateFrame(0)
+            f.window_increment = conn_increment
+            frames.append(f)
+
+        try:
+            stream = self._get_stream_by_id(stream_id)
+        except StreamClosedError:
+            # The stream is already gone. We're not worried about incrementing
+            # the window in this case.
+            pass
+        else:
+            # No point incrementing the windows of closed streams.
+            if stream.open:
+                frames.extend(
+                    stream.acknowledge_received_data(acknowledged_size)
+                )
+
+        self._prepare_for_sending(frames)
+
+    def data_to_send(self, amt=None):
+        """
+        Returns some data for sending out of the internal data buffer.
+
+        This method is analogous to ``read`` on a file-like object, but it
+        doesn't block. Instead, it returns as much data as the user asks for,
+        or less if that much data is not available. It does not perform any
+        I/O, and so uses a different name.
+
+        :param amt: (optional) The maximum amount of data to return. If not
+            set, or set to ``None``, will return as much data as possible.
+        :type amt: ``int``
+        :returns: A bytestring containing the data to send on the wire.
+        :rtype: ``bytes``
+        """
+        if amt is None:
+            data = self._data_to_send
+            self._data_to_send = b''
+            return data
+        else:
+            data = self._data_to_send[:amt]
+            self._data_to_send = self._data_to_send[amt:]
+            return data
+
+    def clear_outbound_data_buffer(self):
+        """
+        Clears the outbound data buffer, such that if this call was immediately
+        followed by a call to
+        :meth:`data_to_send <h2.connection.H2Connection.data_to_send>`, that
+        call would return no data.
+
+        This method should not normally be used, but is made available to avoid
+        exposing implementation details.
+        """
+        self._data_to_send = b''
+
+    def _acknowledge_settings(self):
+        """
+        Acknowledge settings that have been received.
+
+        .. versionchanged:: 2.0.0
+           Removed from public API, removed useless ``event`` parameter, made
+           automatic.
+
+        :returns: Nothing
+        """
+        self.state_machine.process_input(ConnectionInputs.SEND_SETTINGS)
+
+        changes = self.remote_settings.acknowledge()
+
+        if SettingCodes.INITIAL_WINDOW_SIZE in changes:
+            setting = changes[SettingCodes.INITIAL_WINDOW_SIZE]
+            self._flow_control_change_from_settings(
+                setting.original_value,
+                setting.new_value,
+            )
+
+        # HEADER_TABLE_SIZE changes by the remote part affect our encoder: cf.
+        # RFC 7540 Section 6.5.2.
+        if SettingCodes.HEADER_TABLE_SIZE in changes:
+            setting = changes[SettingCodes.HEADER_TABLE_SIZE]
+            self.encoder.header_table_size = setting.new_value
+
+        if SettingCodes.MAX_FRAME_SIZE in changes:
+            setting = changes[SettingCodes.MAX_FRAME_SIZE]
+            self.max_outbound_frame_size = setting.new_value
+            for stream in self.streams.values():
+                stream.max_outbound_frame_size = setting.new_value
+
+        f = SettingsFrame(0)
+        f.flags.add('ACK')
+        return [f]
+
+    def _flow_control_change_from_settings(self, old_value, new_value):
+        """
+        Update flow control windows in response to a change in the value of
+        SETTINGS_INITIAL_WINDOW_SIZE.
+
+        When this setting is changed, it automatically updates all flow control
+        windows by the delta in the settings values. Note that it does not
+        increment the *connection* flow control window, per section 6.9.2 of
+        RFC 7540.
+        """
+        delta = new_value - old_value
+
+        for stream in self.streams.values():
+            stream.outbound_flow_control_window = guard_increment_window(
+                stream.outbound_flow_control_window,
+                delta
+            )
+
+    def _inbound_flow_control_change_from_settings(self, old_value, new_value):
+        """
+        Update remote flow control windows in response to a change in the value
+        of SETTINGS_INITIAL_WINDOW_SIZE.
+
+        When this setting is changed, it automatically updates all remote flow
+        control windows by the delta in the settings values.
+        """
+        delta = new_value - old_value
+
+        for stream in self.streams.values():
+            stream._inbound_flow_control_change_from_settings(delta)
+
+    def receive_data(self, data):
+        """
+        Pass some received HTTP/2 data to the connection for handling.
+
+        :param data: The data received from the remote peer on the network.
+        :type data: ``bytes``
+        :returns: A list of events that the remote peer triggered by sending
+            this data.
+        """
+        self.config.logger.debug(
+            "Process received data on connection. Received data: %r", data
+        )
+
+        events = []
+        self.incoming_buffer.add_data(data)
+        self.incoming_buffer.max_frame_size = self.max_inbound_frame_size
+
+        try:
+            for frame in self.incoming_buffer:
+                events.extend(self._receive_frame(frame))
+        except InvalidPaddingError:
+            self._terminate_connection(ErrorCodes.PROTOCOL_ERROR)
+            raise ProtocolError("Received frame with invalid padding.")
+        except ProtocolError as e:
+            # For whatever reason, receiving the frame caused a protocol error.
+            # We should prepare to emit a GoAway frame before throwing the
+            # exception up further. No need for an event: the exception will
+            # do fine.
+            self._terminate_connection(e.error_code)
+            raise
+
+        return events
+
+    def _receive_frame(self, frame):
+        """
+        Handle a frame received on the connection.
+
+        .. versionchanged:: 2.0.0
+           Removed from the public API.
+        """
+        try:
+            # I don't love using __class__ here, maybe reconsider it.
+            frames, events = self._frame_dispatch_table[frame.__class__](frame)
+        except StreamClosedError as e:
+            # If the stream was closed by RST_STREAM, we just send a RST_STREAM
+            # to the remote peer. Otherwise, this is a connection error, and so
+            # we will re-raise to trigger one.
+            if self._stream_is_closed_by_reset(e.stream_id):
+                f = RstStreamFrame(e.stream_id)
+                f.error_code = e.error_code
+                self._prepare_for_sending([f])
+                events = e._events
+            else:
+                raise
+        except StreamIDTooLowError as e:
+            # The stream ID seems invalid. This may happen when the closed
+            # stream has been cleaned up, or when the remote peer has opened a
+            # new stream with a higher stream ID than this one, forcing it
+            # closed implicitly.
+            #
+            # Check how the stream was closed: depending on the mechanism, it
+            # is either a stream error or a connection error.
+            if self._stream_is_closed_by_reset(e.stream_id):
+                # Closed by RST_STREAM is a stream error.
+                f = RstStreamFrame(e.stream_id)
+                f.error_code = ErrorCodes.STREAM_CLOSED
+                self._prepare_for_sending([f])
+                events = []
+            elif self._stream_is_closed_by_end(e.stream_id):
+                # Closed by END_STREAM is a connection error.
+                raise StreamClosedError(e.stream_id)
+            else:
+                # Closed implicitly, also a connection error, but of type
+                # PROTOCOL_ERROR.
+                raise
+        else:
+            self._prepare_for_sending(frames)
+
+        return events
+
+    def _terminate_connection(self, error_code):
+        """
+        Terminate the connection early. Used in error handling blocks to send
+        GOAWAY frames.
+        """
+        f = GoAwayFrame(0)
+        f.last_stream_id = self.highest_inbound_stream_id
+        f.error_code = error_code
+        self.state_machine.process_input(ConnectionInputs.SEND_GOAWAY)
+        self._prepare_for_sending([f])
+
+    def _receive_headers_frame(self, frame):
+        """
+        Receive a headers frame on the connection.
+        """
+        # If necessary, check we can open the stream. Also validate that the
+        # stream ID is valid.
+        if frame.stream_id not in self.streams:
+            max_open_streams = self.local_settings.max_concurrent_streams
+            if (self.open_inbound_streams + 1) > max_open_streams:
+                raise TooManyStreamsError(
+                    "Max outbound streams is %d, %d open" %
+                    (max_open_streams, self.open_outbound_streams)
+                )
+
+        # Let's decode the headers. We handle headers as bytes internally up
+        # until we hang them off the event, at which point we may optionally
+        # convert them to unicode.
+        headers = _decode_headers(self.decoder, frame.data)
+
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_HEADERS
+        )
+        stream = self._get_or_create_stream(
+            frame.stream_id, AllowedStreamIDs(not self.config.client_side)
+        )
+        frames, stream_events = stream.receive_headers(
+            headers,
+            'END_STREAM' in frame.flags,
+            self.config.header_encoding
+        )
+
+        if 'PRIORITY' in frame.flags:
+            p_frames, p_events = self._receive_priority_frame(frame)
+            stream_events[0].priority_updated = p_events[0]
+            stream_events.extend(p_events)
+            assert not p_frames
+
+        return frames, events + stream_events
+
+    def _receive_push_promise_frame(self, frame):
+        """
+        Receive a push-promise frame on the connection.
+        """
+        if not self.local_settings.enable_push:
+            raise ProtocolError("Received pushed stream")
+
+        pushed_headers = _decode_headers(self.decoder, frame.data)
+
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_PUSH_PROMISE
+        )
+
+        try:
+            stream = self._get_stream_by_id(frame.stream_id)
+        except NoSuchStreamError:
+            # We need to check if the parent stream was reset by us. If it was
+            # then we presume that the PUSH_PROMISE was in flight when we reset
+            # the parent stream. Rather than accept the new stream, just reset
+            # it.
+            #
+            # If this was closed naturally, however, we should call this a
+            # PROTOCOL_ERROR: pushing a stream on a naturally closed stream is
+            # a real problem because it creates a brand new stream that the
+            # remote peer now believes exists.
+            if (self._stream_closed_by(frame.stream_id) ==
+                    StreamClosedBy.SEND_RST_STREAM):
+                f = RstStreamFrame(frame.promised_stream_id)
+                f.error_code = ErrorCodes.REFUSED_STREAM
+                return [f], events
+
+            raise ProtocolError("Attempted to push on closed stream.")
+
+        # We need to prevent peers pushing streams in response to streams that
+        # they themselves have already pushed: see #163 and RFC 7540 § 6.6. The
+        # easiest way to do that is to assert that the stream_id is not even:
+        # this shortcut works because only servers can push and the state
+        # machine will enforce this.
+        if (frame.stream_id % 2) == 0:
+            raise ProtocolError("Cannot recursively push streams.")
+
+        try:
+            frames, stream_events = stream.receive_push_promise_in_band(
+                frame.promised_stream_id,
+                pushed_headers,
+                self.config.header_encoding,
+            )
+        except StreamClosedError:
+            # The parent stream was reset by us, so we presume that
+            # PUSH_PROMISE was in flight when we reset the parent stream.
+            # So we just reset the new stream.
+            f = RstStreamFrame(frame.promised_stream_id)
+            f.error_code = ErrorCodes.REFUSED_STREAM
+            return [f], events
+
+        new_stream = self._begin_new_stream(
+            frame.promised_stream_id, AllowedStreamIDs.EVEN
+        )
+        self.streams[frame.promised_stream_id] = new_stream
+        new_stream.remotely_pushed(pushed_headers)
+
+        return frames, events + stream_events
+
+    def _receive_data_frame(self, frame):
+        """
+        Receive a data frame on the connection.
+        """
+        flow_controlled_length = frame.flow_controlled_length
+
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_DATA
+        )
+        self._inbound_flow_control_window_manager.window_consumed(
+            flow_controlled_length
+        )
+        stream = self._get_stream_by_id(frame.stream_id)
+        frames, stream_events = stream.receive_data(
+            frame.data,
+            'END_STREAM' in frame.flags,
+            flow_controlled_length
+        )
+        return frames, events + stream_events
+
+    def _receive_settings_frame(self, frame):
+        """
+        Receive a SETTINGS frame on the connection.
+        """
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_SETTINGS
+        )
+
+        # This is an ack of the local settings.
+        if 'ACK' in frame.flags:
+            changed_settings = self._local_settings_acked()
+            ack_event = SettingsAcknowledged()
+            ack_event.changed_settings = changed_settings
+            events.append(ack_event)
+            return [], events
+
+        # Add the new settings.
+        self.remote_settings.update(frame.settings)
+        events.append(
+            RemoteSettingsChanged.from_settings(
+                self.remote_settings, frame.settings
+            )
+        )
+        frames = self._acknowledge_settings()
+
+        return frames, events
+
+    def _receive_window_update_frame(self, frame):
+        """
+        Receive a WINDOW_UPDATE frame on the connection.
+        """
+        # Validate the frame.
+        if not (1 <= frame.window_increment <= self.MAX_WINDOW_INCREMENT):
+            raise ProtocolError(
+                "Flow control increment must be between 1 and %d, received %d"
+                % (self.MAX_WINDOW_INCREMENT, frame.window_increment)
+            )
+
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_WINDOW_UPDATE
+        )
+
+        if frame.stream_id:
+            stream = self._get_stream_by_id(frame.stream_id)
+            frames, stream_events = stream.receive_window_update(
+                frame.window_increment
+            )
+        else:
+            # Increment our local flow control window.
+            self.outbound_flow_control_window = guard_increment_window(
+                self.outbound_flow_control_window,
+                frame.window_increment
+            )
+
+            # FIXME: Should we split this into one event per active stream?
+            window_updated_event = WindowUpdated()
+            window_updated_event.stream_id = 0
+            window_updated_event.delta = frame.window_increment
+            stream_events = [window_updated_event]
+            frames = []
+
+        return frames, events + stream_events
+
+    def _receive_ping_frame(self, frame):
+        """
+        Receive a PING frame on the connection.
+        """
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_PING
+        )
+        flags = []
+
+        if 'ACK' in frame.flags:
+            evt = PingAcknowledged()
+            evt.ping_data = frame.opaque_data
+            events.append(evt)
+        else:
+            f = PingFrame(0)
+            f.flags = {'ACK'}
+            f.opaque_data = frame.opaque_data
+            flags.append(f)
+
+        return flags, events
+
+    def _receive_rst_stream_frame(self, frame):
+        """
+        Receive a RST_STREAM frame on the connection.
+        """
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_RST_STREAM
+        )
+        try:
+            stream = self._get_stream_by_id(frame.stream_id)
+        except NoSuchStreamError:
+            # The stream is missing. That's ok, we just do nothing here.
+            stream_frames = []
+            stream_events = []
+        else:
+            stream_frames, stream_events = stream.stream_reset(frame)
+
+        return stream_frames, events + stream_events
+
+    def _receive_priority_frame(self, frame):
+        """
+        Receive a PRIORITY frame on the connection.
+        """
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_PRIORITY
+        )
+
+        event = PriorityUpdated()
+        event.stream_id = frame.stream_id
+        event.depends_on = frame.depends_on
+        event.exclusive = frame.exclusive
+
+        # Weight is an integer between 1 and 256, but the byte only allows
+        # 0 to 255: add one.
+        event.weight = frame.stream_weight + 1
+
+        # A stream may not depend on itself.
+        if event.depends_on == frame.stream_id:
+            raise ProtocolError(
+                "Stream %d may not depend on itself" % frame.stream_id
+            )
+        events.append(event)
+
+        return [], events
+
+    def _receive_goaway_frame(self, frame):
+        """
+        Receive a GOAWAY frame on the connection.
+        """
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_GOAWAY
+        )
+
+        # Clear the outbound data buffer: we cannot send further data now.
+        self.clear_outbound_data_buffer()
+
+        # Fire an appropriate ConnectionTerminated event.
+        new_event = ConnectionTerminated()
+        new_event.error_code = _error_code_from_int(frame.error_code)
+        new_event.last_stream_id = frame.last_stream_id
+        new_event.additional_data = (frame.additional_data
+                                     if frame.additional_data else None)
+        events.append(new_event)
+
+        return [], events
+
+    def _receive_naked_continuation(self, frame):
+        """
+        A naked CONTINUATION frame has been received. This is always an error,
+        but the type of error it is depends on the state of the stream and must
+        transition the state of the stream, so we need to pass it to the
+        appropriate stream.
+        """
+        stream = self._get_stream_by_id(frame.stream_id)
+        stream.receive_continuation()
+        assert False, "Should not be reachable"
+
+    def _receive_alt_svc_frame(self, frame):
+        """
+        An ALTSVC frame has been received. This frame, specified in RFC 7838,
+        is used to advertise alternative places where the same service can be
+        reached.
+
+        This frame can optionally be received either on a stream or on stream
+        0, and its semantics are different in each case.
+        """
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_ALTERNATIVE_SERVICE
+        )
+        frames = []
+
+        if frame.stream_id:
+            # Given that it makes no sense to receive ALTSVC on a stream
+            # before that stream has been opened with a HEADERS frame, the
+            # ALTSVC frame cannot create a stream. If the stream is not
+            # present, we simply ignore the frame.
+            try:
+                stream = self._get_stream_by_id(frame.stream_id)
+            except (NoSuchStreamError, StreamClosedError):
+                pass
+            else:
+                stream_frames, stream_events = stream.receive_alt_svc(frame)
+                frames.extend(stream_frames)
+                events.extend(stream_events)
+        else:
+            # This frame is sent on stream 0. The origin field on the frame
+            # must be present, though if it isn't it's not a ProtocolError
+            # (annoyingly), we just need to ignore it.
+            if not frame.origin:
+                return frames, events
+
+            # If we're a server, we want to ignore this (RFC 7838 says so).
+            if not self.config.client_side:
+                return frames, events
+
+            event = AlternativeServiceAvailable()
+            event.origin = frame.origin
+            event.field_value = frame.field
+            events.append(event)
+
+        return frames, events
+
+    def _receive_unknown_frame(self, frame):
+        """
+        We have received a frame that we do not understand. This is almost
+        certainly an extension frame, though it's impossible to be entirely
+        sure.
+
+        RFC 7540 § 5.5 says that we MUST ignore unknown frame types: so we
+        do.
+        """
+        # All we do here is log.
+        self.config.logger.debug(
+            "Received unknown extension frame (ID %d)", frame.stream_id
+        )
+        return [], []
+
+    def _local_settings_acked(self):
+        """
+        Handle the local settings being ACKed, update internal state.
+        """
+        changes = self.local_settings.acknowledge()
+
+        if SettingCodes.INITIAL_WINDOW_SIZE in changes:
+            setting = changes[SettingCodes.INITIAL_WINDOW_SIZE]
+            self._inbound_flow_control_change_from_settings(
+                setting.original_value,
+                setting.new_value,
+            )
+
+        if SettingCodes.MAX_HEADER_LIST_SIZE in changes:
+            setting = changes[SettingCodes.MAX_HEADER_LIST_SIZE]
+            self.decoder.max_header_list_size = setting.new_value
+
+        if SettingCodes.MAX_FRAME_SIZE in changes:
+            setting = changes[SettingCodes.MAX_FRAME_SIZE]
+            self.max_inbound_frame_size = setting.new_value
+
+        if SettingCodes.HEADER_TABLE_SIZE in changes:
+            setting = changes[SettingCodes.HEADER_TABLE_SIZE]
+            # This is safe across all hpack versions: some versions just won't
+            # respect it.
+            self.decoder.max_allowed_table_size = setting.new_value
+
+        return changes
+
+    def _stream_id_is_outbound(self, stream_id):
+        """
+        Returns ``True`` if the stream ID corresponds to an outbound stream
+        (one initiated by this peer), returns ``False`` otherwise.
+        """
+        return (stream_id % 2 == int(self.config.client_side))
+
+    def _stream_closed_by(self, stream_id):
+        """
+        Returns how the stream was closed.
+
+        The return value will be either a member of
+        ``h2.stream.StreamClosedBy`` or ``None``. If ``None``, the stream was
+        closed implicitly by the peer opening a stream with a higher stream ID
+        before opening this one.
+        """
+        if stream_id in self.streams:
+            return self.streams[stream_id].closed_by
+        if stream_id in self._closed_streams:
+            return self._closed_streams[stream_id]
+        return None
+
+    def _stream_is_closed_by_reset(self, stream_id):
+        """
+        Returns ``True`` if the stream was closed by sending or receiving a
+        RST_STREAM frame. Returns ``False`` otherwise.
+        """
+        return self._stream_closed_by(stream_id) in (
+            StreamClosedBy.RECV_RST_STREAM, StreamClosedBy.SEND_RST_STREAM
+        )
+
+    def _stream_is_closed_by_end(self, stream_id):
+        """
+        Returns ``True`` if the stream was closed by sending or receiving an
+        END_STREAM flag in a HEADERS or DATA frame. Returns ``False``
+        otherwise.
+        """
+        return self._stream_closed_by(stream_id) in (
+            StreamClosedBy.RECV_END_STREAM, StreamClosedBy.SEND_END_STREAM
+        )
+
+
+def _add_frame_priority(frame, weight=None, depends_on=None, exclusive=None):
+    """
+    Adds priority data to a given frame. Does not change any flags set on that
+    frame: if the caller is adding priority information to a HEADERS frame they
+    must set that themselves.
+
+    This method also deliberately sets defaults for anything missing.
+
+    This method validates the input values.
+    """
+    # A stream may not depend on itself.
+    if depends_on == frame.stream_id:
+        raise ProtocolError(
+            "Stream %d may not depend on itself" % frame.stream_id
+        )
+
+    # Weight must be between 1 and 256.
+    if weight is not None:
+        if weight > 256 or weight < 1:
+            raise ProtocolError(
+                "Weight must be between 1 and 256, not %d" % weight
+            )
+        else:
+            # Weight is an integer between 1 and 256, but the byte only allows
+            # 0 to 255: subtract one.
+            weight -= 1
+
+    # Set defaults for anything not provided.
+    weight = weight if weight is not None else 15
+    depends_on = depends_on if depends_on is not None else 0
+    exclusive = exclusive if exclusive is not None else False
+
+    frame.stream_weight = weight
+    frame.depends_on = depends_on
+    frame.exclusive = exclusive
+
+    return frame
+
+
+def _decode_headers(decoder, encoded_header_block):
+    """
+    Decode a HPACK-encoded header block, translating HPACK exceptions into
+    sensible hyper-h2 errors.
+
+    This only ever returns bytestring headers: hyper-h2 may emit them as
+    unicode later, but internally it processes them as bytestrings only.
+    """
+    try:
+        return decoder.decode(encoded_header_block, raw=True)
+    except OversizedHeaderListError as e:
+        # This is a symptom of a HPACK bomb attack: the user has
+        # disregarded our requirements on how large a header block we'll
+        # accept.
+        raise DenialOfServiceError("Oversized header block: %s" % e)
+    except (HPACKError, IndexError, TypeError, UnicodeDecodeError) as e:
+        # We should only need HPACKError here, but versions of HPACK older
+        # than 2.1.0 throw all three others as well. For maximum
+        # compatibility, catch all of them.
+        raise ProtocolError("Error decoding header block: %s" % e)
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/errors.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/errors.py
new file mode 100755
index 00000000000..1198b3b8a84
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/errors.py
@@ -0,0 +1,183 @@
+# -*- coding: utf-8 -*-
+"""
+h2/errors
+~~~~~~~~~~~~~~~~~~~
+
+Global error code registry containing the established HTTP/2 error codes.
+
+The current registry is available at:
+https://tools.ietf.org/html/rfc7540#section-11.4
+"""
+import enum
+
+
+class ErrorCodes(enum.IntEnum):
+    """
+    All known HTTP/2 error codes.
+
+    .. versionadded:: 2.5.0
+    """
+    #: Graceful shutdown.
+    NO_ERROR = 0x0
+
+    #: Protocol error detected.
+    PROTOCOL_ERROR = 0x1
+
+    #: Implementation fault.
+    INTERNAL_ERROR = 0x2
+
+    #: Flow-control limits exceeded.
+    FLOW_CONTROL_ERROR = 0x3
+
+    #: Settings not acknowledged.
+    SETTINGS_TIMEOUT = 0x4
+
+    #: Frame received for closed stream.
+    STREAM_CLOSED = 0x5
+
+    #: Frame size incorrect.
+    FRAME_SIZE_ERROR = 0x6
+
+    #: Stream not processed.
+    REFUSED_STREAM = 0x7
+
+    #: Stream cancelled.
+    CANCEL = 0x8
+
+    #: Compression state not updated.
+    COMPRESSION_ERROR = 0x9
+
+    #: TCP connection error for CONNECT method.
+    CONNECT_ERROR = 0xa
+
+    #: Processing capacity exceeded.
+    ENHANCE_YOUR_CALM = 0xb
+
+    #: Negotiated TLS parameters not acceptable.
+    INADEQUATE_SECURITY = 0xc
+
+    #: Use HTTP/1.1 for the request.
+    HTTP_1_1_REQUIRED = 0xd
+
+
+def _error_code_from_int(code):
+    """
+    Given an integer error code, returns either one of :class:`ErrorCodes
+    <h2.errors.ErrorCodes>` or, if not present in the known set of codes,
+    returns the integer directly.
+    """
+    try:
+        return ErrorCodes(code)
+    except ValueError:
+        return code
+
+
+#: Graceful shutdown.
+#:
+#: .. deprecated:: 2.5.0
+#:    Deprecated in favour of :class:`ErrorCodes.NO_ERROR
+#:    <h2.errors.ErrorCodes.NO_ERROR>`.
+NO_ERROR = ErrorCodes.NO_ERROR
+
+#: Protocol error detected.
+#:
+#: .. deprecated:: 2.5.0
+#:    Deprecated in favour of :class:`ErrorCodes.PROTOCOL_ERROR
+#:    <h2.errors.ErrorCodes.PROTOCOL_ERROR>`.
+PROTOCOL_ERROR = ErrorCodes.PROTOCOL_ERROR
+
+#: Implementation fault.
+#:
+#: .. deprecated:: 2.5.0
+#:    Deprecated in favour of :class:`ErrorCodes.INTERNAL_ERROR
+#:    <h2.errors.ErrorCodes.INTERNAL_ERROR>`.
+INTERNAL_ERROR = ErrorCodes.INTERNAL_ERROR
+
+#: Flow-control limits exceeded.
+#:
+#: .. deprecated:: 2.5.0
+#:    Deprecated in favour of :class:`ErrorCodes.FLOW_CONTROL_ERROR
+#:    <h2.errors.ErrorCodes.FLOW_CONTROL_ERROR>`.
+FLOW_CONTROL_ERROR = ErrorCodes.FLOW_CONTROL_ERROR
+
+#: Settings not acknowledged.
+#:
+#: .. deprecated:: 2.5.0
+#:    Deprecated in favour of :class:`ErrorCodes.SETTINGS_TIMEOUT
+#:    <h2.errors.ErrorCodes.SETTINGS_TIMEOUT>`.
+SETTINGS_TIMEOUT = ErrorCodes.SETTINGS_TIMEOUT
+
+#: Frame received for closed stream.
+#:
+#: .. deprecated:: 2.5.0
+#:    Deprecated in favour of :class:`ErrorCodes.STREAM_CLOSED
+#:    <h2.errors.ErrorCodes.STREAM_CLOSED>`.
+STREAM_CLOSED = ErrorCodes.STREAM_CLOSED
+
+#: Frame size incorrect.
+#:
+#: .. deprecated:: 2.5.0
+#:    Deprecated in favour of :class:`ErrorCodes.FRAME_SIZE_ERROR
+#:    <h2.errors.ErrorCodes.FRAME_SIZE_ERROR>`.
+FRAME_SIZE_ERROR = ErrorCodes.FRAME_SIZE_ERROR
+
+#: Stream not processed.
+#:
+#: .. deprecated:: 2.5.0
+#:    Deprecated in favour of :class:`ErrorCodes.REFUSED_STREAM
+#:    <h2.errors.ErrorCodes.REFUSED_STREAM>`.
+REFUSED_STREAM = ErrorCodes.REFUSED_STREAM
+
+#: Stream cancelled.
+#:
+#: .. deprecated:: 2.5.0
+#:    Deprecated in favour of :class:`ErrorCodes.CANCEL
+#:    <h2.errors.ErrorCodes.CANCEL>`.
+CANCEL = ErrorCodes.CANCEL
+
+#: Compression state not updated.
+#:
+#: .. deprecated:: 2.5.0
+#:    Deprecated in favour of :class:`ErrorCodes.COMPRESSION_ERROR
+#:    <h2.errors.ErrorCodes.COMPRESSION_ERROR>`.
+COMPRESSION_ERROR = ErrorCodes.COMPRESSION_ERROR
+
+#: TCP connection error for CONNECT method.
+#:
+#: .. deprecated:: 2.5.0
+#:    Deprecated in favour of :class:`ErrorCodes.CONNECT_ERROR
+#:    <h2.errors.ErrorCodes.CONNECT_ERROR>`.
+CONNECT_ERROR = ErrorCodes.CONNECT_ERROR
+
+#: Processing capacity exceeded.
+#:
+#: .. deprecated:: 2.5.0
+#:    Deprecated in favour of :class:`ErrorCodes.ENHANCE_YOUR_CALM
+#:    <h2.errors.ErrorCodes.ENHANCE_YOUR_CALM>`.
+ENHANCE_YOUR_CALM = ErrorCodes.ENHANCE_YOUR_CALM
+
+#: Negotiated TLS parameters not acceptable.
+#:
+#: .. deprecated:: 2.5.0
+#:    Deprecated in favour of :class:`ErrorCodes.INADEQUATE_SECURITY
+#:    <h2.errors.ErrorCodes.INADEQUATE_SECURITY>`.
+INADEQUATE_SECURITY = ErrorCodes.INADEQUATE_SECURITY
+
+#: Use HTTP/1.1 for the request.
+#:
+#: .. deprecated:: 2.5.0
+#:    Deprecated in favour of :class:`ErrorCodes.HTTP_1_1_REQUIRED
+#:    <h2.errors.ErrorCodes.HTTP_1_1_REQUIRED>`.
+HTTP_1_1_REQUIRED = ErrorCodes.HTTP_1_1_REQUIRED
+
+#: All known HTTP/2 error codes.
+#:
+#: .. deprecated:: 2.5.0
+#:    Deprecated in favour of :class:`ErrorCodes <h2.errors.ErrorCodes>`.
+H2_ERRORS = list(ErrorCodes)
+
+__all__ = ['H2_ERRORS', 'NO_ERROR', 'PROTOCOL_ERROR', 'INTERNAL_ERROR',
+           'FLOW_CONTROL_ERROR', 'SETTINGS_TIMEOUT', 'STREAM_CLOSED',
+           'FRAME_SIZE_ERROR', 'REFUSED_STREAM', 'CANCEL', 'COMPRESSION_ERROR',
+           'CONNECT_ERROR', 'ENHANCE_YOUR_CALM', 'INADEQUATE_SECURITY',
+           'HTTP_1_1_REQUIRED', 'ErrorCodes']
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/events.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/events.py
new file mode 100755
index 00000000000..55f20218354
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/events.py
@@ -0,0 +1,597 @@
+# -*- coding: utf-8 -*-
+"""
+h2/events
+~~~~~~~~~
+
+Defines Event types for HTTP/2.
+
+Events are returned by the H2 state machine to allow implementations to keep
+track of events triggered by receiving data. Each time data is provided to the
+H2 state machine it processes the data and returns a list of Event objects.
+"""
+import binascii
+
+from .settings import ChangedSetting, _setting_code_from_int
+
+
+class Event(object):
+    """
+    Base class for h2 events.
+    """
+    pass
+
+
+class RequestReceived(Event):
+    """
+    The RequestReceived event is fired whenever request headers are received.
+    This event carries the HTTP headers for the given request and the stream ID
+    of the new stream.
+
+    .. versionchanged:: 2.3.0
+       Changed the type of ``headers`` to :class:`HeaderTuple
+       <hpack:hpack.HeaderTuple>`. This has no effect on current users.
+
+    .. versionchanged:: 2.4.0
+       Added ``stream_ended`` and ``priority_updated`` properties.
+    """
+    def __init__(self):
+        #: The Stream ID for the stream this request was made on.
+        self.stream_id = None
+
+        #: The request headers.
+        self.headers = None
+
+        #: If this request also ended the stream, the associated
+        #: :class:`StreamEnded <h2.events.StreamEnded>` event will be available
+        #: here.
+        #:
+        #: .. versionadded:: 2.4.0
+        self.stream_ended = None
+
+        #: If this request also had associated priority information, the
+        #: associated :class:`PriorityUpdated <h2.events.PriorityUpdated>`
+        #: event will be available here.
+        #:
+        #: .. versionadded:: 2.4.0
+        self.priority_updated = None
+
+    def __repr__(self):
+        return "<RequestReceived stream_id:%s, headers:%s>" % (
+            self.stream_id, self.headers
+        )
+
+
+class ResponseReceived(Event):
+    """
+    The ResponseReceived event is fired whenever response headers are received.
+    This event carries the HTTP headers for the given response and the stream
+    ID of the new stream.
+
+    .. versionchanged:: 2.3.0
+       Changed the type of ``headers`` to :class:`HeaderTuple
+       <hpack:hpack.HeaderTuple>`. This has no effect on current users.
+
+   .. versionchanged:: 2.4.0
+      Added ``stream_ended`` and ``priority_updated`` properties.
+    """
+    def __init__(self):
+        #: The Stream ID for the stream this response was made on.
+        self.stream_id = None
+
+        #: The response headers.
+        self.headers = None
+
+        #: If this response also ended the stream, the associated
+        #: :class:`StreamEnded <h2.events.StreamEnded>` event will be available
+        #: here.
+        #:
+        #: .. versionadded:: 2.4.0
+        self.stream_ended = None
+
+        #: If this response also had associated priority information, the
+        #: associated :class:`PriorityUpdated <h2.events.PriorityUpdated>`
+        #: event will be available here.
+        #:
+        #: .. versionadded:: 2.4.0
+        self.priority_updated = None
+
+    def __repr__(self):
+        return "<ResponseReceived stream_id:%s, headers:%s>" % (
+            self.stream_id, self.headers
+        )
+
+
+class TrailersReceived(Event):
+    """
+    The TrailersReceived event is fired whenever trailers are received on a
+    stream. Trailers are a set of headers sent after the body of the
+    request/response, and are used to provide information that wasn't known
+    ahead of time (e.g. content-length). This event carries the HTTP header
+    fields that form the trailers and the stream ID of the stream on which they
+    were received.
+
+    .. versionchanged:: 2.3.0
+       Changed the type of ``headers`` to :class:`HeaderTuple
+       <hpack:hpack.HeaderTuple>`. This has no effect on current users.
+
+    .. versionchanged:: 2.4.0
+       Added ``stream_ended`` and ``priority_updated`` properties.
+    """
+    def __init__(self):
+        #: The Stream ID for the stream on which these trailers were received.
+        self.stream_id = None
+
+        #: The trailers themselves.
+        self.headers = None
+
+        #: Trailers always end streams. This property has the associated
+        #: :class:`StreamEnded <h2.events.StreamEnded>` in it.
+        #:
+        #: .. versionadded:: 2.4.0
+        self.stream_ended = None
+
+        #: If the trailers also set associated priority information, the
+        #: associated :class:`PriorityUpdated <h2.events.PriorityUpdated>`
+        #: event will be available here.
+        #:
+        #: .. versionadded:: 2.4.0
+        self.priority_updated = None
+
+    def __repr__(self):
+        return "<TrailersReceived stream_id:%s, headers:%s>" % (
+            self.stream_id, self.headers
+        )
+
+
+class _HeadersSent(Event):
+    """
+    The _HeadersSent event is fired whenever headers are sent.
+
+    This is an internal event, used to determine validation steps on
+    outgoing header blocks.
+    """
+    pass
+
+
+class _ResponseSent(_HeadersSent):
+    """
+    The _ResponseSent event is fired whenever response headers are sent
+    on a stream.
+
+    This is an internal event, used to determine validation steps on
+    outgoing header blocks.
+    """
+    pass
+
+
+class _RequestSent(_HeadersSent):
+    """
+    The _RequestSent event is fired whenever request headers are sent
+    on a stream.
+
+    This is an internal event, used to determine validation steps on
+    outgoing header blocks.
+    """
+    pass
+
+
+class _TrailersSent(_HeadersSent):
+    """
+    The _TrailersSent event is fired whenever trailers are sent on a
+    stream. Trailers are a set of headers sent after the body of the
+    request/response, and are used to provide information that wasn't known
+    ahead of time (e.g. content-length).
+
+    This is an internal event, used to determine validation steps on
+    outgoing header blocks.
+    """
+    pass
+
+
+class _PushedRequestSent(_HeadersSent):
+    """
+    The _PushedRequestSent event is fired whenever pushed request headers are
+    sent.
+
+    This is an internal event, used to determine validation steps on outgoing
+    header blocks.
+    """
+    pass
+
+
+class InformationalResponseReceived(Event):
+    """
+    The InformationalResponseReceived event is fired when an informational
+    response (that is, one whose status code is a 1XX code) is received from
+    the remote peer.
+
+    The remote peer may send any number of these, from zero upwards. These
+    responses are most commonly sent in response to requests that have the
+    ``expect: 100-continue`` header field present. Most users can safely
+    ignore this event unless you are intending to use the
+    ``expect: 100-continue`` flow, or are for any reason expecting a different
+    1XX status code.
+
+    .. versionadded:: 2.2.0
+
+    .. versionchanged:: 2.3.0
+       Changed the type of ``headers`` to :class:`HeaderTuple
+       <hpack:hpack.HeaderTuple>`. This has no effect on current users.
+
+    .. versionchanged:: 2.4.0
+       Added ``priority_updated`` property.
+    """
+    def __init__(self):
+        #: The Stream ID for the stream this informational response was made
+        #: on.
+        self.stream_id = None
+
+        #: The headers for this informational response.
+        self.headers = None
+
+        #: If this response also had associated priority information, the
+        #: associated :class:`PriorityUpdated <h2.events.PriorityUpdated>`
+        #: event will be available here.
+        #:
+        #: .. versionadded:: 2.4.0
+        self.priority_updated = None
+
+    def __repr__(self):
+        return "<InformationalResponseReceived stream_id:%s, headers:%s>" % (
+            self.stream_id, self.headers
+        )
+
+
+class DataReceived(Event):
+    """
+    The DataReceived event is fired whenever data is received on a stream from
+    the remote peer. The event carries the data itself, and the stream ID on
+    which the data was received.
+
+    .. versionchanged:: 2.4.0
+       Added ``stream_ended`` property.
+    """
+    def __init__(self):
+        #: The Stream ID for the stream this data was received on.
+        self.stream_id = None
+
+        #: The data itself.
+        self.data = None
+
+        #: The amount of data received that counts against the flow control
+        #: window. Note that padding counts against the flow control window, so
+        #: when adjusting flow control you should always use this field rather
+        #: than ``len(data)``.
+        self.flow_controlled_length = None
+
+        #: If this data chunk also completed the stream, the associated
+        #: :class:`StreamEnded <h2.events.StreamEnded>` event will be available
+        #: here.
+        #:
+        #: .. versionadded:: 2.4.0
+        self.stream_ended = None
+
+    def __repr__(self):
+        return (
+            "<DataReceived stream_id:%s, "
+            "flow_controlled_length:%s, "
+            "data:%s>" % (
+                self.stream_id,
+                self.flow_controlled_length,
+                _bytes_representation(self.data[:20]),
+            )
+        )
+
+
+class WindowUpdated(Event):
+    """
+    The WindowUpdated event is fired whenever a flow control window changes
+    size. HTTP/2 defines flow control windows for connections and streams: this
+    event fires for both connections and streams. The event carries the ID of
+    the stream to which it applies (set to zero if the window update applies to
+    the connection), and the delta in the window size.
+    """
+    def __init__(self):
+        #: The Stream ID of the stream whose flow control window was changed.
+        #: May be ``0`` if the connection window was changed.
+        self.stream_id = None
+
+        #: The window delta.
+        self.delta = None
+
+    def __repr__(self):
+        return "<WindowUpdated stream_id:%s, delta:%s>" % (
+            self.stream_id, self.delta
+        )
+
+
+class RemoteSettingsChanged(Event):
+    """
+    The RemoteSettingsChanged event is fired whenever the remote peer changes
+    its settings. It contains a complete inventory of changed settings,
+    including their previous values.
+
+    In HTTP/2, settings changes need to be acknowledged. hyper-h2 automatically
+    acknowledges settings changes for efficiency. However, it is possible that
+    the caller may not be happy with the changed setting.
+
+    When this event is received, the caller should confirm that the new
+    settings are acceptable. If they are not acceptable, the user should close
+    the connection with the error code :data:`PROTOCOL_ERROR
+    <h2.errors.ErrorCodes.PROTOCOL_ERROR>`.
+
+    .. versionchanged:: 2.0.0
+       Prior to this version the user needed to acknowledge settings changes.
+       This is no longer the case: hyper-h2 now automatically acknowledges
+       them.
+    """
+    def __init__(self):
+        #: A dictionary of setting byte to
+        #: :class:`ChangedSetting <h2.settings.ChangedSetting>`, representing
+        #: the changed settings.
+        self.changed_settings = {}
+
+    @classmethod
+    def from_settings(cls, old_settings, new_settings):
+        """
+        Build a RemoteSettingsChanged event from a set of changed settings.
+
+        :param old_settings: A complete collection of old settings, in the form
+                             of a dictionary of ``{setting: value}``.
+        :param new_settings: All the changed settings and their new values, in
+                             the form of a dictionary of ``{setting: value}``.
+        """
+        e = cls()
+        for setting, new_value in new_settings.items():
+            setting = _setting_code_from_int(setting)
+            original_value = old_settings.get(setting)
+            change = ChangedSetting(setting, original_value, new_value)
+            e.changed_settings[setting] = change
+
+        return e
+
+    def __repr__(self):
+        return "<RemoteSettingsChanged changed_settings:{%s}>" % (
+            ", ".join(repr(cs) for cs in self.changed_settings.values()),
+        )
+
+
+class PingAcknowledged(Event):
+    """
+    The PingAcknowledged event is fired whenever a user-emitted PING is
+    acknowledged. This contains the data in the ACK'ed PING, allowing the
+    user to correlate PINGs and calculate RTT.
+    """
+    def __init__(self):
+        #: The data included on the ping.
+        self.ping_data = None
+
+    def __repr__(self):
+        return "<PingAcknowledged ping_data:%s>" % (
+            _bytes_representation(self.ping_data),
+        )
+
+
+class StreamEnded(Event):
+    """
+    The StreamEnded event is fired whenever a stream is ended by a remote
+    party. The stream may not be fully closed if it has not been closed
+    locally, but no further data or headers should be expected on that stream.
+    """
+    def __init__(self):
+        #: The Stream ID of the stream that was closed.
+        self.stream_id = None
+
+    def __repr__(self):
+        return "<StreamEnded stream_id:%s>" % self.stream_id
+
+
+class StreamReset(Event):
+    """
+    The StreamReset event is fired in two situations. The first is when the
+    remote party forcefully resets the stream. The second is when the remote
+    party has made a protocol error which only affects a single stream. In this
+    case, Hyper-h2 will terminate the stream early and return this event.
+
+    .. versionchanged:: 2.0.0
+       This event is now fired when Hyper-h2 automatically resets a stream.
+    """
+    def __init__(self):
+        #: The Stream ID of the stream that was reset.
+        self.stream_id = None
+
+        #: The error code given. Either one of :class:`ErrorCodes
+        #: <h2.errors.ErrorCodes>` or ``int``
+        self.error_code = None
+
+        #: Whether the remote peer sent a RST_STREAM or we did.
+        self.remote_reset = True
+
+    def __repr__(self):
+        return "<StreamReset stream_id:%s, error_code:%s, remote_reset:%s>" % (
+            self.stream_id, self.error_code, self.remote_reset
+        )
+
+
+class PushedStreamReceived(Event):
+    """
+    The PushedStreamReceived event is fired whenever a pushed stream has been
+    received from a remote peer. The event carries on it the new stream ID, the
+    ID of the parent stream, and the request headers pushed by the remote peer.
+    """
+    def __init__(self):
+        #: The Stream ID of the stream created by the push.
+        self.pushed_stream_id = None
+
+        #: The Stream ID of the stream that the push is related to.
+        self.parent_stream_id = None
+
+        #: The request headers, sent by the remote party in the push.
+        self.headers = None
+
+    def __repr__(self):
+        return (
+            "<PushedStreamReceived pushed_stream_id:%s, parent_stream_id:%s, "
+            "headers:%s>" % (
+                self.pushed_stream_id,
+                self.parent_stream_id,
+                self.headers,
+            )
+        )
+
+
+class SettingsAcknowledged(Event):
+    """
+    The SettingsAcknowledged event is fired whenever a settings ACK is received
+    from the remote peer. The event carries on it the settings that were
+    acknowedged, in the same format as
+    :class:`h2.events.RemoteSettingsChanged`.
+    """
+    def __init__(self):
+        #: A dictionary of setting byte to
+        #: :class:`ChangedSetting <h2.settings.ChangedSetting>`, representing
+        #: the changed settings.
+        self.changed_settings = {}
+
+    def __repr__(self):
+        return "<SettingsAcknowledged changed_settings:{%s}>" % (
+            ", ".join(repr(cs) for cs in self.changed_settings.values()),
+        )
+
+
+class PriorityUpdated(Event):
+    """
+    The PriorityUpdated event is fired whenever a stream sends updated priority
+    information. This can occur when the stream is opened, or at any time
+    during the stream lifetime.
+
+    This event is purely advisory, and does not need to be acted on.
+
+    .. versionadded:: 2.0.0
+    """
+    def __init__(self):
+        #: The ID of the stream whose priority information is being updated.
+        self.stream_id = None
+
+        #: The new stream weight. May be the same as the original stream
+        #: weight. An integer between 1 and 256.
+        self.weight = None
+
+        #: The stream ID this stream now depends on. May be ``0``.
+        self.depends_on = None
+
+        #: Whether the stream *exclusively* depends on the parent stream. If it
+        #: does, this stream should inherit the current children of its new
+        #: parent.
+        self.exclusive = None
+
+    def __repr__(self):
+        return (
+            "<PriorityUpdated stream_id:%s, weight:%s, depends_on:%s, "
+            "exclusive:%s>" % (
+                self.stream_id,
+                self.weight,
+                self.depends_on,
+                self.exclusive
+            )
+        )
+
+
+class ConnectionTerminated(Event):
+    """
+    The ConnectionTerminated event is fired when a connection is torn down by
+    the remote peer using a GOAWAY frame. Once received, no further action may
+    be taken on the connection: a new connection must be established.
+    """
+    def __init__(self):
+        #: The error code cited when tearing down the connection. Should be
+        #: one of :class:`ErrorCodes <h2.errors.ErrorCodes>`, but may not be if
+        #: unknown HTTP/2 extensions are being used.
+        self.error_code = None
+
+        #: The stream ID of the last stream the remote peer saw. This can
+        #: provide an indication of what data, if any, never reached the remote
+        #: peer and so can safely be resent.
+        self.last_stream_id = None
+
+        #: Additional debug data that can be appended to GOAWAY frame.
+        self.additional_data = None
+
+    def __repr__(self):
+        return (
+            "<ConnectionTerminated error_code:%s, last_stream_id:%s, "
+            "additional_data:%s>" % (
+                self.error_code,
+                self.last_stream_id,
+                _bytes_representation(
+                    self.additional_data[:20]
+                    if self.additional_data else None)
+            )
+        )
+
+
+class AlternativeServiceAvailable(Event):
+    """
+    The AlternativeServiceAvailable event is fired when the remote peer
+    advertises an `RFC 7838 <https://tools.ietf.org/html/rfc7838>`_ Alternative
+    Service using an ALTSVC frame.
+
+    This event always carries the origin to which the ALTSVC information
+    applies. That origin is either supplied by the server directly, or inferred
+    by hyper-h2 from the ``:authority`` pseudo-header field that was sent by
+    the user when initiating a given stream.
+
+    This event also carries what RFC 7838 calls the "Alternative Service Field
+    Value", which is formatted like a HTTP header field and contains the
+    relevant alternative service information. Hyper-h2 does not parse or in any
+    way modify that information: the user is required to do that.
+
+    This event can only be fired on the client end of a connection.
+
+    .. versionadded:: 2.3.0
+    """
+    def __init__(self):
+        #: The origin to which the alternative service field value applies.
+        #: This field is either supplied by the server directly, or inferred by
+        #: hyper-h2 from the ``:authority`` pseudo-header field that was sent
+        #: by the user when initiating the stream on which the frame was
+        #: received.
+        self.origin = None
+
+        #: The ALTSVC field value. This contains information about the HTTP
+        #: alternative service being advertised by the server. Hyper-h2 does
+        #: not parse this field: it is left exactly as sent by the server. The
+        #: structure of the data in this field is given by `RFC 7838 Section 3
+        #: <https://tools.ietf.org/html/rfc7838#section-3>`_.
+        self.field_value = None
+
+    def __repr__(self):
+        return (
+            "<AlternativeServiceAvailable origin:%s, field_value:%s>" % (
+                self.origin.decode('utf-8', 'ignore'),
+                self.field_value.decode('utf-8', 'ignore'),
+            )
+        )
+
+
+def _bytes_representation(data):
+    """
+    Converts a bytestring into something that is safe to print on all Python
+    platforms.
+
+    This function is relatively expensive, so it should not be called on the
+    mainline of the code. It's safe to use in things like object repr methods
+    though.
+    """
+    if data is None:
+        return None
+
+    hex = binascii.hexlify(data)
+
+    # This is moderately clever: on all Python versions hexlify returns a byte
+    # string. On Python 3 we want an actual string, so we just check whether
+    # that's what we have.
+    if not isinstance(hex, str):  # pragma: no cover
+        hex = hex.decode('ascii')
+
+    return hex
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/exceptions.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/exceptions.py
new file mode 100755
index 00000000000..388f9e9a389
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/exceptions.py
@@ -0,0 +1,186 @@
+# -*- coding: utf-8 -*-
+"""
+h2/exceptions
+~~~~~~~~~~~~~
+
+Exceptions for the HTTP/2 module.
+"""
+import h2.errors
+
+
+class H2Error(Exception):
+    """
+    The base class for all exceptions for the HTTP/2 module.
+    """
+
+
+class ProtocolError(H2Error):
+    """
+    An action was attempted in violation of the HTTP/2 protocol.
+    """
+    #: The error code corresponds to this kind of Protocol Error.
+    error_code = h2.errors.ErrorCodes.PROTOCOL_ERROR
+
+
+class FrameTooLargeError(ProtocolError):
+    """
+    The frame that we tried to send or that we received was too large.
+    """
+    #: This error code that corresponds to this kind of Protocol Error.
+    error_code = h2.errors.ErrorCodes.FRAME_SIZE_ERROR
+
+
+class FrameDataMissingError(ProtocolError):
+    """
+    The frame that we received is missing some data.
+
+    .. versionadded:: 2.0.0
+    """
+    #: The error code that corresponds to this kind of Protocol Error
+    error_code = h2.errors.ErrorCodes.FRAME_SIZE_ERROR
+
+
+class TooManyStreamsError(ProtocolError):
+    """
+    An attempt was made to open a stream that would lead to too many concurrent
+    streams.
+    """
+    pass
+
+
+class FlowControlError(ProtocolError):
+    """
+    An attempted action violates flow control constraints.
+    """
+    #: The error code that corresponds to this kind of
+    #: :class:`ProtocolError <h2.exceptions.ProtocolError>`
+    error_code = h2.errors.ErrorCodes.FLOW_CONTROL_ERROR
+
+
+class StreamIDTooLowError(ProtocolError):
+    """
+    An attempt was made to open a stream that had an ID that is lower than the
+    highest ID we have seen on this connection.
+    """
+    def __init__(self, stream_id, max_stream_id):
+        #: The ID of the stream that we attempted to open.
+        self.stream_id = stream_id
+
+        #: The current highest-seen stream ID.
+        self.max_stream_id = max_stream_id
+
+    def __str__(self):
+        return "StreamIDTooLowError: %d is lower than %d" % (
+            self.stream_id, self.max_stream_id
+        )
+
+
+class NoAvailableStreamIDError(ProtocolError):
+    """
+    There are no available stream IDs left to the connection. All stream IDs
+    have been exhausted.
+
+    .. versionadded:: 2.0.0
+    """
+    pass
+
+
+class NoSuchStreamError(ProtocolError):
+    """
+    A stream-specific action referenced a stream that does not exist.
+
+    .. versionchanged:: 2.0.0
+       Became a subclass of :class:`ProtocolError
+       <h2.exceptions.ProtocolError>`
+    """
+    def __init__(self, stream_id):
+        #: The stream ID that corresponds to the non-existent stream.
+        self.stream_id = stream_id
+
+
+class StreamClosedError(NoSuchStreamError):
+    """
+    A more specific form of
+    :class:`NoSuchStreamError <h2.exceptions.NoSuchStreamError>`. Indicates
+    that the stream has since been closed, and that all state relating to that
+    stream has been removed.
+    """
+    def __init__(self, stream_id):
+        #: The stream ID that corresponds to the nonexistent stream.
+        self.stream_id = stream_id
+
+        #: The relevant HTTP/2 error code.
+        self.error_code = h2.errors.ErrorCodes.STREAM_CLOSED
+
+        # Any events that internal code may need to fire. Not relevant to
+        # external users that may receive a StreamClosedError.
+        self._events = []
+
+
+class InvalidSettingsValueError(ProtocolError, ValueError):
+    """
+    An attempt was made to set an invalid Settings value.
+
+    .. versionadded:: 2.0.0
+    """
+    def __init__(self, msg, error_code):
+        super(InvalidSettingsValueError, self).__init__(msg)
+        self.error_code = error_code
+
+
+class InvalidBodyLengthError(ProtocolError):
+    """
+    The remote peer sent more or less data that the Content-Length header
+    indicated.
+
+    .. versionadded:: 2.0.0
+    """
+    def __init__(self, expected, actual):
+        self.expected_length = expected
+        self.actual_length = actual
+
+    def __str__(self):
+        return "InvalidBodyLengthError: Expected %d bytes, received %d" % (
+            self.expected_length, self.actual_length
+        )
+
+
+class UnsupportedFrameError(ProtocolError, KeyError):
+    """
+    The remote peer sent a frame that is unsupported in this context.
+
+    .. versionadded:: 2.1.0
+    """
+    # TODO: Remove the KeyError in 3.0.0
+    pass
+
+
+class RFC1122Error(H2Error):
+    """
+    Emitted when users attempt to do something that is literally allowed by the
+    relevant RFC, but is sufficiently ill-defined that it's unwise to allow
+    users to actually do it.
+
+    While there is some disagreement about whether or not we should be liberal
+    in what accept, it is a truth universally acknowledged that we should be
+    conservative in what emit.
+
+    .. versionadded:: 2.4.0
+    """
+    # shazow says I'm going to regret naming the exception this way. If that
+    # turns out to be true, TELL HIM NOTHING.
+    pass
+
+
+class DenialOfServiceError(ProtocolError):
+    """
+    Emitted when the remote peer exhibits a behaviour that is likely to be an
+    attempt to perform a Denial of Service attack on the implementation. This
+    is a form of ProtocolError that carries a different error code, and allows
+    more easy detection of this kind of behaviour.
+
+    .. versionadded:: 2.5.0
+    """
+    #: The error code that corresponds to this kind of
+    #: :class:`ProtocolError <h2.exceptions.ProtocolError>`
+    error_code = h2.errors.ErrorCodes.ENHANCE_YOUR_CALM
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/frame_buffer.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/frame_buffer.py
new file mode 100755
index 00000000000..bc1f7ca4e8f
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/frame_buffer.py
@@ -0,0 +1,184 @@
+# -*- coding: utf-8 -*-
+"""
+h2/frame_buffer
+~~~~~~~~~~~~~~~
+
+A data structure that provides a way to iterate over a byte buffer in terms of
+frames.
+"""
+from hyperframe.exceptions import UnknownFrameError, InvalidFrameError
+from hyperframe.frame import (
+    Frame, HeadersFrame, ContinuationFrame, PushPromiseFrame
+)
+
+from .exceptions import (
+    ProtocolError, FrameTooLargeError, FrameDataMissingError
+)
+
+# To avoid a DOS attack based on sending loads of continuation frames, we limit
+# the maximum number we're perpared to receive. In this case, we'll set the
+# limit to 64, which means the largest encoded header block we can receive by
+# default is 262144 bytes long, and the largest possible *at all* is 1073741760
+# bytes long.
+#
+# This value seems reasonable for now, but in future we may want to evaluate
+# making it configurable.
+CONTINUATION_BACKLOG = 64
+
+
+class FrameBuffer(object):
+    """
+    This is a data structure that expects to act as a buffer for HTTP/2 data
+    that allows iteraton in terms of H2 frames.
+    """
+    def __init__(self, server=False):
+        self.data = b''
+        self.max_frame_size = 0
+        self._preamble = b'PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n' if server else b''
+        self._preamble_len = len(self._preamble)
+        self._headers_buffer = []
+
+    def add_data(self, data):
+        """
+        Add more data to the frame buffer.
+
+        :param data: A bytestring containing the byte buffer.
+        """
+        if self._preamble_len:
+            data_len = len(data)
+            of_which_preamble = min(self._preamble_len, data_len)
+
+            if self._preamble[:of_which_preamble] != data[:of_which_preamble]:
+                raise ProtocolError("Invalid HTTP/2 preamble.")
+
+            data = data[of_which_preamble:]
+            self._preamble_len -= of_which_preamble
+            self._preamble = self._preamble[of_which_preamble:]
+
+        self.data += data
+
+    def _parse_frame_header(self, data):
+        """
+        Parses the frame header from the data. Either returns a tuple of
+        (frame, length), or throws an exception. The returned frame may be None
+        if the frame is of unknown type.
+        """
+        try:
+            frame, length = Frame.parse_frame_header(data[:9])
+        except UnknownFrameError as e:  # Platform-specific: Hyperframe < 5.0
+            # Here we do something a bit odd. We want to consume the frame data
+            # as consistently as possible, but we also don't ever want to yield
+            # None. Instead, we make sure that, if there is no frame, we
+            # recurse into ourselves.
+            # This can only happen now on older versions of hyperframe.
+            # TODO: Remove in 3.0
+            length = e.length
+            frame = None
+        except ValueError as e:
+            # The frame header is invalid. This is a ProtocolError
+            raise ProtocolError("Invalid frame header received: %s" % str(e))
+
+        return frame, length
+
+    def _validate_frame_length(self, length):
+        """
+        Confirm that the frame is an appropriate length.
+        """
+        if length > self.max_frame_size:
+            raise FrameTooLargeError(
+                "Received overlong frame: length %d, max %d" %
+                (length, self.max_frame_size)
+            )
+
+    def _update_header_buffer(self, f):
+        """
+        Updates the internal header buffer. Returns a frame that should replace
+        the current one. May throw exceptions if this frame is invalid.
+        """
+        # Check if we're in the middle of a headers block. If we are, this
+        # frame *must* be a CONTINUATION frame with the same stream ID as the
+        # leading HEADERS or PUSH_PROMISE frame. Anything else is a
+        # ProtocolError. If the frame *is* valid, append it to the header
+        # buffer.
+        if self._headers_buffer:
+            stream_id = self._headers_buffer[0].stream_id
+            valid_frame = (
+                f is not None and
+                isinstance(f, ContinuationFrame) and
+                f.stream_id == stream_id
+            )
+            if not valid_frame:
+                raise ProtocolError("Invalid frame during header block.")
+
+            # Append the frame to the buffer.
+            self._headers_buffer.append(f)
+            if len(self._headers_buffer) > CONTINUATION_BACKLOG:
+                raise ProtocolError("Too many continuation frames received.")
+
+            # If this is the end of the header block, then we want to build a
+            # mutant HEADERS frame that's massive. Use the original one we got,
+            # then set END_HEADERS and set its data appopriately. If it's not
+            # the end of the block, lose the current frame: we can't yield it.
+            if 'END_HEADERS' in f.flags:
+                f = self._headers_buffer[0]
+                f.flags.add('END_HEADERS')
+                f.data = b''.join(x.data for x in self._headers_buffer)
+                self._headers_buffer = []
+            else:
+                f = None
+        elif (isinstance(f, (HeadersFrame, PushPromiseFrame)) and
+                'END_HEADERS' not in f.flags):
+            # This is the start of a headers block! Save the frame off and then
+            # act like we didn't receive one.
+            self._headers_buffer.append(f)
+            f = None
+
+        return f
+
+    # The methods below support the iterator protocol.
+    def __iter__(self):
+        return self
+
+    def next(self):  # Python 2
+        # First, check that we have enough data to successfully parse the
+        # next frame header. If not, bail. Otherwise, parse it.
+        if len(self.data) < 9:
+            raise StopIteration()
+
+        try:
+            f, length = self._parse_frame_header(self.data)
+        except InvalidFrameError:  # pragma: no cover
+            raise ProtocolError("Received frame with invalid frame header.")
+
+        # Next, check that we have enough length to parse the frame body. If
+        # not, bail, leaving the frame header data in the buffer for next time.
+        if len(self.data) < length + 9:
+            raise StopIteration()
+
+        # Confirm the frame has an appropriate length.
+        self._validate_frame_length(length)
+
+        # Don't try to parse the body if we didn't get a frame we know about:
+        # there's nothing we can do with it anyway.
+        if f is not None:
+            try:
+                f.parse_body(memoryview(self.data[9:9+length]))
+            except InvalidFrameError:
+                raise FrameDataMissingError("Frame data missing or invalid")
+
+        # At this point, as we know we'll use or discard the entire frame, we
+        # can update the data.
+        self.data = self.data[9+length:]
+
+        # Pass the frame through the header buffer.
+        f = self._update_header_buffer(f)
+
+        # If we got a frame we didn't understand or shouldn't yield, rather
+        # than return None it'd be better if we just tried to get the next
+        # frame in the sequence instead. Recurse back into ourselves to do
+        # that. This is safe because the amount of work we have to do here is
+        # strictly bounded by the length of the buffer.
+        return f if f is not None else self.next()
+
+    def __next__(self):  # Python 3
+        return self.next()
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/settings.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/settings.py
new file mode 100755
index 00000000000..fedc5e3c445
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/settings.py
@@ -0,0 +1,376 @@
+# -*- coding: utf-8 -*-
+"""
+h2/settings
+~~~~~~~~~~~
+
+This module contains a HTTP/2 settings object. This object provides a simple
+API for manipulating HTTP/2 settings, keeping track of both the current active
+state of the settings and the unacknowledged future values of the settings.
+"""
+import collections
+import enum
+
+from hyperframe.frame import SettingsFrame
+
+from h2.errors import ErrorCodes
+from h2.exceptions import InvalidSettingsValueError
+
+
+class SettingCodes(enum.IntEnum):
+    """
+    All known HTTP/2 setting codes.
+
+    .. versionadded:: 2.6.0
+    """
+
+    #: Allows the sender to inform the remote endpoint of the maximum size of
+    #: the header compression table used to decode header blocks, in octets.
+    HEADER_TABLE_SIZE = SettingsFrame.HEADER_TABLE_SIZE
+
+    #: This setting can be used to disable server push. To disable server push
+    #: on a client, set this to 0.
+    ENABLE_PUSH = SettingsFrame.ENABLE_PUSH
+
+    #: Indicates the maximum number of concurrent streams that the sender will
+    #: allow.
+    MAX_CONCURRENT_STREAMS = SettingsFrame.MAX_CONCURRENT_STREAMS
+
+    #: Indicates the sender's initial window size (in octets) for stream-level
+    #: flow control.
+    INITIAL_WINDOW_SIZE = SettingsFrame.INITIAL_WINDOW_SIZE
+
+    try:  # Platform-specific: Hyperframe < 4.0.0
+        _max_frame_size = SettingsFrame.SETTINGS_MAX_FRAME_SIZE
+    except AttributeError:  # Platform-specific: Hyperframe >= 4.0.0
+        _max_frame_size = SettingsFrame.MAX_FRAME_SIZE
+
+    #: Indicates the size of the largest frame payload that the sender is
+    #: willing to receive, in octets.
+    MAX_FRAME_SIZE = _max_frame_size
+
+    try:  # Platform-specific: Hyperframe < 4.0.0
+        _max_header_list_size = SettingsFrame.SETTINGS_MAX_HEADER_LIST_SIZE
+    except AttributeError:  # Platform-specific: Hyperframe >= 4.0.0
+        _max_header_list_size = SettingsFrame.MAX_HEADER_LIST_SIZE
+
+    #: This advisory setting informs a peer of the maximum size of header list
+    #: that the sender is prepared to accept, in octets.  The value is based on
+    #: the uncompressed size of header fields, including the length of the name
+    #: and value in octets plus an overhead of 32 octets for each header field.
+    MAX_HEADER_LIST_SIZE = _max_header_list_size
+
+
+def _setting_code_from_int(code):
+    """
+    Given an integer setting code, returns either one of :class:`SettingCodes
+    <h2.settings.SettingCodes>` or, if not present in the known set of codes,
+    returns the integer directly.
+    """
+    try:
+        return SettingCodes(code)
+    except ValueError:
+        return code
+
+
+# Aliases for all the settings values.
+
+#: Allows the sender to inform the remote endpoint of the maximum size of the
+#: header compression table used to decode header blocks, in octets.
+#:
+#: .. deprecated:: 2.6.0
+#:    Deprecated in favour of :data:`SettingCodes.HEADER_TABLE_SIZE
+#:    <h2.settings.SettingCodes.HEADER_TABLE_SIZE>`.
+HEADER_TABLE_SIZE = SettingCodes.HEADER_TABLE_SIZE
+
+#: This setting can be used to disable server push. To disable server push on
+#: a client, set this to 0.
+#:
+#: .. deprecated:: 2.6.0
+#:    Deprecated in favour of :data:`SettingCodes.ENABLE_PUSH
+#:    <h2.settings.SettingCodes.ENABLE_PUSH>`.
+ENABLE_PUSH = SettingCodes.ENABLE_PUSH
+
+#: Indicates the maximum number of concurrent streams that the sender will
+#: allow.
+#:
+#: .. deprecated:: 2.6.0
+#:    Deprecated in favour of :data:`SettingCodes.MAX_CONCURRENT_STREAMS
+#:    <h2.settings.SettingCodes.MAX_CONCURRENT_STREAMS>`.
+MAX_CONCURRENT_STREAMS = SettingCodes.MAX_CONCURRENT_STREAMS
+
+#: Indicates the sender's initial window size (in octets) for stream-level flow
+#: control.
+#:
+#: .. deprecated:: 2.6.0
+#:    Deprecated in favour of :data:`SettingCodes.INITIAL_WINDOW_SIZE
+#:    <h2.settings.SettingCodes.INITIAL_WINDOW_SIZE>`.
+INITIAL_WINDOW_SIZE = SettingCodes.INITIAL_WINDOW_SIZE
+
+#: Indicates the size of the largest frame payload that the sender is willing
+#: to receive, in octets.
+#:
+#: .. deprecated:: 2.6.0
+#:    Deprecated in favour of :data:`SettingCodes.MAX_FRAME_SIZE
+#:    <h2.settings.SettingCodes.MAX_FRAME_SIZE>`.
+MAX_FRAME_SIZE = SettingCodes.MAX_FRAME_SIZE
+
+#: This advisory setting informs a peer of the maximum size of header list that
+#: the sender is prepared to accept, in octets.  The value is based on the
+#: uncompressed size of header fields, including the length of the name and
+#: value in octets plus an overhead of 32 octets for each header field.
+#:
+#: .. deprecated:: 2.6.0
+#:    Deprecated in favour of :data:`SettingCodes.MAX_HEADER_LIST_SIZE
+#:    <h2.settings.SettingCodes.MAX_HEADER_LIST_SIZE>`.
+MAX_HEADER_LIST_SIZE = SettingCodes.MAX_HEADER_LIST_SIZE
+
+
+class ChangedSetting:
+
+    def __init__(self, setting, original_value, new_value):
+        #: The setting code given. Either one of :class:`SettingCodes
+        #: <h2.settings.SettingCodes>` or ``int``
+        #:
+        #: .. versionchanged:: 2.6.0
+        self.setting = setting
+
+        #: The original value before being changed.
+        self.original_value = original_value
+
+        #: The new value after being changed.
+        self.new_value = new_value
+
+    def __repr__(self):
+        return (
+            "ChangedSetting(setting=%s, original_value=%s, "
+            "new_value=%s)"
+        ) % (
+            self.setting,
+            self.original_value,
+            self.new_value
+        )
+
+
+class Settings(collections.MutableMapping):
+    """
+    An object that encapsulates HTTP/2 settings state.
+
+    HTTP/2 Settings are a complex beast. Each party, remote and local, has its
+    own settings and a view of the other party's settings. When a settings
+    frame is emitted by a peer it cannot assume that the new settings values
+    are in place until the remote peer acknowledges the setting. In principle,
+    multiple settings changes can be "in flight" at the same time, all with
+    different values.
+
+    This object encapsulates this mess. It provides a dict-like interface to
+    settings, which return the *current* values of the settings in question.
+    Additionally, it keeps track of the stack of proposed values: each time an
+    acknowledgement is sent/received, it updates the current values with the
+    stack of proposed values. On top of all that, it validates the values to
+    make sure they're allowed, and raises :class:`InvalidSettingsValueError
+    <h2.exceptions.InvalidSettingsValueError>` if they are not.
+
+    Finally, this object understands what the default values of the HTTP/2
+    settings are, and sets those defaults appropriately.
+
+    .. versionchanged:: 2.2.0
+       Added the ``initial_values`` parameter.
+
+    .. versionchanged:: 2.5.0
+       Added the ``max_header_list_size`` property.
+
+    :param client: (optional) Whether these settings should be defaulted for a
+        client implementation or a server implementation. Defaults to ``True``.
+    :type client: ``bool``
+    :param initial_values: (optional) Any initial values the user would like
+        set, rather than RFC 7540's defaults.
+    :type initial_vales: ``MutableMapping``
+    """
+    def __init__(self, client=True, initial_values=None):
+        # Backing object for the settings. This is a dictionary of
+        # (setting: [list of values]), where the first value in the list is the
+        # current value of the setting. Strictly this doesn't use lists but
+        # instead uses collections.deque to avoid repeated memory allocations.
+        #
+        # This contains the default values for HTTP/2.
+        self._settings = {
+            SettingCodes.HEADER_TABLE_SIZE: collections.deque([4096]),
+            SettingCodes.ENABLE_PUSH: collections.deque([int(client)]),
+            SettingCodes.INITIAL_WINDOW_SIZE: collections.deque([65535]),
+            SettingCodes.MAX_FRAME_SIZE: collections.deque([16384]),
+        }
+        if initial_values is not None:
+            for key, value in initial_values.items():
+                invalid = _validate_setting(key, value)
+                if invalid:
+                    raise InvalidSettingsValueError(
+                        "Setting %d has invalid value %d" % (key, value),
+                        error_code=invalid
+                    )
+                self._settings[key] = collections.deque([value])
+
+    def acknowledge(self):
+        """
+        The settings have been acknowledged, either by the user (remote
+        settings) or by the remote peer (local settings).
+
+        :returns: A dict of {setting: ChangedSetting} that were applied.
+        """
+        changed_settings = {}
+
+        # If there is more than one setting in the list, we have a setting
+        # value outstanding. Update them.
+        for k, v in self._settings.items():
+            if len(v) > 1:
+                old_setting = v.popleft()
+                new_setting = v[0]
+                changed_settings[k] = ChangedSetting(
+                    k, old_setting, new_setting
+                )
+
+        return changed_settings
+
+    # Provide easy-access to well known settings.
+    @property
+    def header_table_size(self):
+        """
+        The current value of the :data:`HEADER_TABLE_SIZE
+        <h2.settings.SettingCodes.HEADER_TABLE_SIZE>` setting.
+        """
+        return self[SettingCodes.HEADER_TABLE_SIZE]
+
+    @header_table_size.setter
+    def header_table_size(self, value):
+        self[SettingCodes.HEADER_TABLE_SIZE] = value
+
+    @property
+    def enable_push(self):
+        """
+        The current value of the :data:`ENABLE_PUSH
+        <h2.settings.SettingCodes.ENABLE_PUSH>` setting.
+        """
+        return self[SettingCodes.ENABLE_PUSH]
+
+    @enable_push.setter
+    def enable_push(self, value):
+        self[SettingCodes.ENABLE_PUSH] = value
+
+    @property
+    def initial_window_size(self):
+        """
+        The current value of the :data:`INITIAL_WINDOW_SIZE
+        <h2.settings.SettingCodes.INITIAL_WINDOW_SIZE>` setting.
+        """
+        return self[SettingCodes.INITIAL_WINDOW_SIZE]
+
+    @initial_window_size.setter
+    def initial_window_size(self, value):
+        self[SettingCodes.INITIAL_WINDOW_SIZE] = value
+
+    @property
+    def max_frame_size(self):
+        """
+        The current value of the :data:`MAX_FRAME_SIZE
+        <h2.settings.SettingCodes.MAX_FRAME_SIZE>` setting.
+        """
+        return self[SettingCodes.MAX_FRAME_SIZE]
+
+    @max_frame_size.setter
+    def max_frame_size(self, value):
+        self[SettingCodes.MAX_FRAME_SIZE] = value
+
+    @property
+    def max_concurrent_streams(self):
+        """
+        The current value of the :data:`MAX_CONCURRENT_STREAMS
+        <h2.settings.SettingCodes.MAX_CONCURRENT_STREAMS>` setting.
+        """
+        return self.get(SettingCodes.MAX_CONCURRENT_STREAMS, 2**32+1)
+
+    @max_concurrent_streams.setter
+    def max_concurrent_streams(self, value):
+        self[SettingCodes.MAX_CONCURRENT_STREAMS] = value
+
+    @property
+    def max_header_list_size(self):
+        """
+        The current value of the :data:`MAX_HEADER_LIST_SIZE
+        <h2.settings.SettingCodes.MAX_HEADER_LIST_SIZE>` setting. If not set,
+        returns ``None``, which means unlimited.
+
+        .. versionadded:: 2.5.0
+        """
+        return self.get(SettingCodes.MAX_HEADER_LIST_SIZE, None)
+
+    @max_header_list_size.setter
+    def max_header_list_size(self, value):
+        self[SettingCodes.MAX_HEADER_LIST_SIZE] = value
+
+    # Implement the MutableMapping API.
+    def __getitem__(self, key):
+        val = self._settings[key][0]
+
+        # Things that were created when a setting was received should stay
+        # KeyError'd.
+        if val is None:
+            raise KeyError
+
+        return val
+
+    def __setitem__(self, key, value):
+        invalid = _validate_setting(key, value)
+        if invalid:
+            raise InvalidSettingsValueError(
+                "Setting %d has invalid value %d" % (key, value),
+                error_code=invalid
+            )
+
+        try:
+            items = self._settings[key]
+        except KeyError:
+            items = collections.deque([None])
+            self._settings[key] = items
+
+        items.append(value)
+
+    def __delitem__(self, key):
+        del self._settings[key]
+
+    def __iter__(self):
+        return self._settings.__iter__()
+
+    def __len__(self):
+        return len(self._settings)
+
+    def __eq__(self, other):
+        if isinstance(other, Settings):
+            return self._settings == other._settings
+        else:
+            return NotImplemented
+
+    def __ne__(self, other):
+        if isinstance(other, Settings):
+            return not self == other
+        else:
+            return NotImplemented
+
+
+def _validate_setting(setting, value):
+    """
+    Confirms that a specific setting has a well-formed value. If the setting is
+    invalid, returns an error code. Otherwise, returns 0 (NO_ERROR).
+    """
+    if setting == SettingCodes.ENABLE_PUSH:
+        if value not in (0, 1):
+            return ErrorCodes.PROTOCOL_ERROR
+    elif setting == SettingCodes.INITIAL_WINDOW_SIZE:
+        if not 0 <= value <= 2147483647:  # 2^31 - 1
+            return ErrorCodes.FLOW_CONTROL_ERROR
+    elif setting == SettingCodes.MAX_FRAME_SIZE:
+        if not 16384 <= value <= 16777215:  # 2^14 and 2^24 - 1
+            return ErrorCodes.PROTOCOL_ERROR
+    elif setting == SettingCodes.MAX_HEADER_LIST_SIZE:
+        if value < 0:
+            return ErrorCodes.PROTOCOL_ERROR
+
+    return 0
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/stream.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/stream.py
new file mode 100755
index 00000000000..1b1e0b54232
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/stream.py
@@ -0,0 +1,1399 @@
+# -*- coding: utf-8 -*-
+"""
+h2/stream
+~~~~~~~~~
+
+An implementation of a HTTP/2 stream.
+"""
+import warnings
+
+from enum import Enum, IntEnum
+from hpack import HeaderTuple
+from hyperframe.frame import (
+    HeadersFrame, ContinuationFrame, DataFrame, WindowUpdateFrame,
+    RstStreamFrame, PushPromiseFrame, AltSvcFrame
+)
+
+from .errors import ErrorCodes, _error_code_from_int
+from .events import (
+    RequestReceived, ResponseReceived, DataReceived, WindowUpdated,
+    StreamEnded, PushedStreamReceived, StreamReset, TrailersReceived,
+    InformationalResponseReceived, AlternativeServiceAvailable,
+    _ResponseSent, _RequestSent, _TrailersSent, _PushedRequestSent
+)
+from .exceptions import (
+    ProtocolError, StreamClosedError, InvalidBodyLengthError, FlowControlError
+)
+from .utilities import (
+    guard_increment_window, is_informational_response, authority_from_headers,
+    validate_headers, validate_outbound_headers, normalize_outbound_headers,
+    HeaderValidationFlags, extract_method_header
+)
+from .windows import WindowManager
+
+
+class StreamState(IntEnum):
+    IDLE = 0
+    RESERVED_REMOTE = 1
+    RESERVED_LOCAL = 2
+    OPEN = 3
+    HALF_CLOSED_REMOTE = 4
+    HALF_CLOSED_LOCAL = 5
+    CLOSED = 6
+
+
+class StreamInputs(Enum):
+    SEND_HEADERS = 0
+    SEND_PUSH_PROMISE = 1
+    SEND_RST_STREAM = 2
+    SEND_DATA = 3
+    SEND_WINDOW_UPDATE = 4
+    SEND_END_STREAM = 5
+    RECV_HEADERS = 6
+    RECV_PUSH_PROMISE = 7
+    RECV_RST_STREAM = 8
+    RECV_DATA = 9
+    RECV_WINDOW_UPDATE = 10
+    RECV_END_STREAM = 11
+    RECV_CONTINUATION = 12  # Added in 2.0.0
+    SEND_INFORMATIONAL_HEADERS = 13  # Added in 2.2.0
+    RECV_INFORMATIONAL_HEADERS = 14  # Added in 2.2.0
+    SEND_ALTERNATIVE_SERVICE = 15  # Added in 2.3.0
+    RECV_ALTERNATIVE_SERVICE = 16  # Added in 2.3.0
+    UPGRADE_CLIENT = 17  # Added 2.3.0
+    UPGRADE_SERVER = 18  # Added 2.3.0
+
+
+class StreamClosedBy(Enum):
+    SEND_END_STREAM = 0
+    RECV_END_STREAM = 1
+    SEND_RST_STREAM = 2
+    RECV_RST_STREAM = 3
+
+
+# This array is initialized once, and is indexed by the stream states above.
+# It indicates whether a stream in the given state is open. The reason we do
+# this is that we potentially check whether a stream in a given state is open
+# quite frequently: given that we check so often, we should do so in the
+# fastest and most performant way possible.
+STREAM_OPEN = [False for _ in range(0, len(StreamState))]
+STREAM_OPEN[StreamState.OPEN] = True
+STREAM_OPEN[StreamState.HALF_CLOSED_LOCAL] = True
+STREAM_OPEN[StreamState.HALF_CLOSED_REMOTE] = True
+
+
+class H2StreamStateMachine(object):
+    """
+    A single HTTP/2 stream state machine.
+
+    This stream object implements basically the state machine described in
+    RFC 7540 section 5.1.
+
+    :param stream_id: The stream ID of this stream. This is stored primarily
+        for logging purposes.
+    """
+    def __init__(self, stream_id):
+        self.state = StreamState.IDLE
+        self.stream_id = stream_id
+
+        #: Whether this peer is the client side of this stream.
+        self.client = None
+
+        # Whether trailers have been sent/received on this stream or not.
+        self.headers_sent = None
+        self.trailers_sent = None
+        self.headers_received = None
+        self.trailers_received = None
+
+        # How the stream was closed. One of StreamClosedBy.
+        self.stream_closed_by = None
+
+    def process_input(self, input_):
+        """
+        Process a specific input in the state machine.
+        """
+        if not isinstance(input_, StreamInputs):
+            raise ValueError("Input must be an instance of StreamInputs")
+
+        try:
+            func, target_state = _transitions[(self.state, input_)]
+        except KeyError:
+            old_state = self.state
+            self.state = StreamState.CLOSED
+            raise ProtocolError(
+                "Invalid input %s in state %s" % (input_, old_state)
+            )
+        else:
+            previous_state = self.state
+            self.state = target_state
+            if func is not None:
+                try:
+                    return func(self, previous_state)
+                except ProtocolError:
+                    self.state = StreamState.CLOSED
+                    raise
+                except AssertionError as e:  # pragma: no cover
+                    self.state = StreamState.CLOSED
+                    raise ProtocolError(e)
+
+            return []
+
+    def request_sent(self, previous_state):
+        """
+        Fires when a request is sent.
+        """
+        self.client = True
+        self.headers_sent = True
+        event = _RequestSent()
+
+        return [event]
+
+    def response_sent(self, previous_state):
+        """
+        Fires when something that should be a response is sent. This 'response'
+        may actually be trailers.
+        """
+        if not self.headers_sent:
+            if self.client is True or self.client is None:
+                raise ProtocolError("Client cannot send responses.")
+            self.headers_sent = True
+            event = _ResponseSent()
+        else:
+            assert not self.trailers_sent
+            self.trailers_sent = True
+            event = _TrailersSent()
+
+        return [event]
+
+    def request_received(self, previous_state):
+        """
+        Fires when a request is received.
+        """
+        assert not self.headers_received
+        assert not self.trailers_received
+
+        self.client = False
+        self.headers_received = True
+        event = RequestReceived()
+
+        event.stream_id = self.stream_id
+        return [event]
+
+    def response_received(self, previous_state):
+        """
+        Fires when a response is received. Also disambiguates between responses
+        and trailers.
+        """
+        if not self.headers_received:
+            assert self.client is True
+            self.headers_received = True
+            event = ResponseReceived()
+        else:
+            assert not self.trailers_received
+            self.trailers_received = True
+            event = TrailersReceived()
+
+        event.stream_id = self.stream_id
+        return [event]
+
+    def data_received(self, previous_state):
+        """
+        Fires when data is received.
+        """
+        event = DataReceived()
+        event.stream_id = self.stream_id
+        return [event]
+
+    def window_updated(self, previous_state):
+        """
+        Fires when a window update frame is received.
+        """
+        event = WindowUpdated()
+        event.stream_id = self.stream_id
+        return [event]
+
+    def stream_half_closed(self, previous_state):
+        """
+        Fires when an END_STREAM flag is received in the OPEN state,
+        transitioning this stream to a HALF_CLOSED_REMOTE state.
+        """
+        event = StreamEnded()
+        event.stream_id = self.stream_id
+        return [event]
+
+    def stream_ended(self, previous_state):
+        """
+        Fires when a stream is cleanly ended.
+        """
+        self.stream_closed_by = StreamClosedBy.RECV_END_STREAM
+        event = StreamEnded()
+        event.stream_id = self.stream_id
+        return [event]
+
+    def stream_reset(self, previous_state):
+        """
+        Fired when a stream is forcefully reset.
+        """
+        self.stream_closed_by = StreamClosedBy.RECV_RST_STREAM
+        event = StreamReset()
+        event.stream_id = self.stream_id
+        return [event]
+
+    def send_new_pushed_stream(self, previous_state):
+        """
+        Fires on the newly pushed stream, when pushed by the local peer.
+
+        No event here, but definitionally this peer must be a server.
+        """
+        assert self.client is None
+        self.client = False
+        self.headers_received = True
+        return []
+
+    def recv_new_pushed_stream(self, previous_state):
+        """
+        Fires on the newly pushed stream, when pushed by the remote peer.
+
+        No event here, but definitionally this peer must be a client.
+        """
+        assert self.client is None
+        self.client = True
+        self.headers_sent = True
+        return []
+
+    def send_push_promise(self, previous_state):
+        """
+        Fires on the already-existing stream when a PUSH_PROMISE frame is sent.
+        We may only send PUSH_PROMISE frames if we're a server.
+        """
+        if self.client is True:
+            raise ProtocolError("Cannot push streams from client peers.")
+
+        event = _PushedRequestSent()
+        return [event]
+
+    def recv_push_promise(self, previous_state):
+        """
+        Fires on the already-existing stream when a PUSH_PROMISE frame is
+        received. We may only receive PUSH_PROMISE frames if we're a client.
+
+        Fires a PushedStreamReceived event.
+        """
+        if not self.client:
+            if self.client is None:  # pragma: no cover
+                msg = "Idle streams cannot receive pushes"
+            else:  # pragma: no cover
+                msg = "Cannot receive pushed streams as a server"
+            raise ProtocolError(msg)
+
+        event = PushedStreamReceived()
+        event.parent_stream_id = self.stream_id
+        return [event]
+
+    def send_end_stream(self, previous_state):
+        """
+        Called when an attempt is made to send END_STREAM in the
+        HALF_CLOSED_REMOTE state.
+        """
+        self.stream_closed_by = StreamClosedBy.SEND_END_STREAM
+
+    def send_reset_stream(self, previous_state):
+        """
+        Called when an attempt is made to send RST_STREAM in a non-closed
+        stream state.
+        """
+        self.stream_closed_by = StreamClosedBy.SEND_RST_STREAM
+
+    def reset_stream_on_error(self, previous_state):
+        """
+        Called when we need to forcefully emit another RST_STREAM frame on
+        behalf of the state machine.
+
+        If this is the first time we've done this, we should also hang an event
+        off the StreamClosedError so that the user can be informed. We know
+        it's the first time we've done this if the stream is currently in a
+        state other than CLOSED.
+        """
+        self.stream_closed_by = StreamClosedBy.SEND_RST_STREAM
+
+        error = StreamClosedError(self.stream_id)
+
+        event = StreamReset()
+        event.stream_id = self.stream_id
+        event.error_code = ErrorCodes.STREAM_CLOSED
+        event.remote_reset = False
+        error._events = [event]
+        raise error
+
+    def recv_on_closed_stream(self, previous_state):
+        """
+        Called when an unexpected frame is received on an already-closed
+        stream.
+
+        An endpoint that receives an unexpected frame should treat it as
+        a stream error or connection error with type STREAM_CLOSED, depending
+        on the specific frame. The error handling is done at a higher level:
+        this just raises the appropriate error.
+        """
+        raise StreamClosedError(self.stream_id)
+
+    def send_on_closed_stream(self, previous_state):
+        """
+        Called when an attempt is made to send data on an already-closed
+        stream.
+
+        This essentially overrides the standard logic by throwing a
+        more-specific error: StreamClosedError. This is a ProtocolError, so it
+        matches the standard API of the state machine, but provides more detail
+        to the user.
+        """
+        raise StreamClosedError(self.stream_id)
+
+    def recv_push_on_closed_stream(self, previous_state):
+        """
+        Called when a PUSH_PROMISE frame is received on a full stop
+        stream.
+
+        If the stream was closed by us sending a RST_STREAM frame, then we
+        presume that the PUSH_PROMISE was in flight when we reset the parent
+        stream. Rathen than accept the new stream, we just reset it.
+        Otherwise, we should call this a PROTOCOL_ERROR: pushing a stream on a
+        naturally closed stream is a real problem because it creates a brand
+        new stream that the remote peer now believes exists.
+        """
+        assert self.stream_closed_by is not None
+
+        if self.stream_closed_by == StreamClosedBy.SEND_RST_STREAM:
+            raise StreamClosedError(self.stream_id)
+        else:
+            raise ProtocolError("Attempted to push on closed stream.")
+
+    def send_push_on_closed_stream(self, previous_state):
+        """
+        Called when an attempt is made to push on an already-closed stream.
+
+        This essentially overrides the standard logic by providing a more
+        useful error message. It's necessary because simply indicating that the
+        stream is closed is not enough: there is now a new stream that is not
+        allowed to be there. The only recourse is to tear the whole connection
+        down.
+        """
+        raise ProtocolError("Attempted to push on closed stream.")
+
+    def window_on_closed_stream(self, previous_state):
+        """
+        Called when a WINDOW_UPDATE frame is received on an already-closed
+        stream.
+
+        If we sent an END_STREAM frame, we just ignore the frame, as instructed
+        in RFC 7540 Section 5.1. Technically we should eventually consider
+        WINDOW_UPDATE in this state an error, but we don't have access to a
+        clock so we just always allow it. If we closed the stream for any other
+        reason, we behave as we do for receiving any other frame on a closed
+        stream.
+        """
+        assert self.stream_closed_by is not None
+
+        if self.stream_closed_by == StreamClosedBy.SEND_END_STREAM:
+            return []
+        return self.recv_on_closed_stream(previous_state)
+
+    def reset_on_closed_stream(self, previous_state):
+        """
+        Called when a RST_STREAM frame is received on an already-closed stream.
+
+        If we sent an END_STREAM frame, we just ignore the frame, as instructed
+        in RFC 7540 Section 5.1. Technically we should eventually consider
+        RST_STREAM in this state an error, but we don't have access to a clock
+        so we just always allow it. If we closed the stream for any other
+        reason, we behave as we do for receiving any other frame on a closed
+        stream.
+        """
+        assert self.stream_closed_by is not None
+
+        if self.stream_closed_by is StreamClosedBy.SEND_END_STREAM:
+            return []
+        return self.recv_on_closed_stream(previous_state)
+
+    def send_informational_response(self, previous_state):
+        """
+        Called when an informational header block is sent (that is, a block
+        where the :status header has a 1XX value).
+
+        Only enforces that these are sent *before* final headers are sent.
+        """
+        if self.headers_sent:
+            raise ProtocolError("Information response after final response")
+
+        event = _ResponseSent()
+        return [event]
+
+    def recv_informational_response(self, previous_state):
+        """
+        Called when an informational header block is received (that is, a block
+        where the :status header has a 1XX value).
+        """
+        if self.headers_received:
+            raise ProtocolError("Informational response after final response")
+
+        event = InformationalResponseReceived()
+        event.stream_id = self.stream_id
+        return [event]
+
+    def recv_alt_svc(self, previous_state):
+        """
+        Called when receiving an ALTSVC frame.
+
+        RFC 7838 allows us to receive ALTSVC frames at any stream state, which
+        is really absurdly overzealous. For that reason, we want to limit the
+        states in which we can actually receive it. It's really only sensible
+        to receive it after we've sent our own headers and before the server
+        has sent its header block: the server can't guarantee that we have any
+        state around after it completes its header block, and the server
+        doesn't know what origin we're talking about before we've sent ours.
+
+        For that reason, this function applies a few extra checks on both state
+        and some of the little state variables we keep around. If those suggest
+        an unreasonable situation for the ALTSVC frame to have been sent in,
+        we quietly ignore it (as RFC 7838 suggests).
+
+        This function is also *not* always called by the state machine. In some
+        states (IDLE, RESERVED_LOCAL, CLOSED) we don't bother to call it,
+        because we know the frame cannot be valid in that state (IDLE because
+        the server cannot know what origin the stream applies to, CLOSED
+        because the server cannot assume we still have state around,
+        RESERVED_LOCAL because by definition if we're in the RESERVED_LOCAL
+        state then *we* are the server).
+        """
+        # Servers can't receive ALTSVC frames, but RFC 7838 tells us to ignore
+        # them.
+        if self.client is False:
+            return []
+
+        # If we've received the response headers from the server they can't
+        # guarantee we still have any state around. Other implementations
+        # (like nghttp2) ignore ALTSVC in this state, so we will too.
+        if self.headers_received:
+            return []
+
+        # Otherwise, this is a sensible enough frame to have received. Return
+        # the event and let it get populated.
+        return [AlternativeServiceAvailable()]
+
+    def send_alt_svc(self, previous_state):
+        """
+        Called when sending an ALTSVC frame on this stream.
+
+        For consistency with the restrictions we apply on receiving ALTSVC
+        frames in ``recv_alt_svc``, we want to restrict when users can send
+        ALTSVC frames to the situations when we ourselves would accept them.
+
+        That means: when we are a server, when we have received the request
+        headers, and when we have not yet sent our own response headers.
+        """
+        # We should not send ALTSVC after we've sent response headers, as the
+        # client may have disposed of its state.
+        if self.headers_sent:
+            raise ProtocolError(
+                "Cannot send ALTSVC after sending response headers."
+            )
+
+        return
+
+
+# STATE MACHINE
+#
+# The stream state machine is defined here to avoid the need to allocate it
+# repeatedly for each stream. It cannot be defined in the stream class because
+# it needs to be able to reference the callbacks defined on the class, but
+# because Python's scoping rules are weird the class object is not actually in
+# scope during the body of the class object.
+#
+# For the sake of clarity, we reproduce the RFC 7540 state machine here:
+#
+#                          +--------+
+#                  send PP |        | recv PP
+#                 ,--------|  idle  |--------.
+#                /         |        |         \
+#               v          +--------+          v
+#        +----------+          |           +----------+
+#        |          |          | send H /  |          |
+# ,------| reserved |          | recv H    | reserved |------.
+# |      | (local)  |          |           | (remote) |      |
+# |      +----------+          v           +----------+      |
+# |          |             +--------+             |          |
+# |          |     recv ES |        | send ES     |          |
+# |   send H |     ,-------|  open  |-------.     | recv H   |
+# |          |    /        |        |        \    |          |
+# |          v   v         +--------+         v   v          |
+# |      +----------+          |           +----------+      |
+# |      |   half   |          |           |   half   |      |
+# |      |  closed  |          | send R /  |  closed  |      |
+# |      | (remote) |          | recv R    | (local)  |      |
+# |      +----------+          |           +----------+      |
+# |           |                |                 |           |
+# |           | send ES /      |       recv ES / |           |
+# |           | send R /       v        send R / |           |
+# |           | recv R     +--------+   recv R   |           |
+# | send R /  `----------->|        |<-----------'  send R / |
+# | recv R                 | closed |               recv R   |
+# `----------------------->|        |<----------------------'
+#                          +--------+
+#
+#    send:   endpoint sends this frame
+#    recv:   endpoint receives this frame
+#
+#    H:  HEADERS frame (with implied CONTINUATIONs)
+#    PP: PUSH_PROMISE frame (with implied CONTINUATIONs)
+#    ES: END_STREAM flag
+#    R:  RST_STREAM frame
+#
+# For the purposes of this state machine we treat HEADERS and their
+# associated CONTINUATION frames as a single jumbo frame. The protocol
+# allows/requires this by preventing other frames from being interleved in
+# between HEADERS/CONTINUATION frames. However, if a CONTINUATION frame is
+# received without a prior HEADERS frame, it *will* be passed to this state
+# machine. The state machine should always reject that frame, either as an
+# invalid transition or because the stream is closed.
+#
+# There is a confusing relationship around PUSH_PROMISE frames. The state
+# machine above considers them to be frames belonging to the new stream,
+# which is *somewhat* true. However, they are sent with the stream ID of
+# their related stream, and are only sendable in some cases.
+# For this reason, our state machine implementation below allows for
+# PUSH_PROMISE frames both in the IDLE state (as in the diagram), but also
+# in the OPEN, HALF_CLOSED_LOCAL, and HALF_CLOSED_REMOTE states.
+# Essentially, for hyper-h2, PUSH_PROMISE frames are effectively sent on
+# two streams.
+#
+# The _transitions dictionary contains a mapping of tuples of
+# (state, input) to tuples of (side_effect_function, end_state). This
+# map contains all allowed transitions: anything not in this map is
+# invalid and immediately causes a transition to ``closed``.
+_transitions = {
+    # State: idle
+    (StreamState.IDLE, StreamInputs.SEND_HEADERS):
+        (H2StreamStateMachine.request_sent, StreamState.OPEN),
+    (StreamState.IDLE, StreamInputs.RECV_HEADERS):
+        (H2StreamStateMachine.request_received, StreamState.OPEN),
+    (StreamState.IDLE, StreamInputs.RECV_DATA):
+        (H2StreamStateMachine.reset_stream_on_error, StreamState.CLOSED),
+    (StreamState.IDLE, StreamInputs.SEND_PUSH_PROMISE):
+        (H2StreamStateMachine.send_new_pushed_stream,
+            StreamState.RESERVED_LOCAL),
+    (StreamState.IDLE, StreamInputs.RECV_PUSH_PROMISE):
+        (H2StreamStateMachine.recv_new_pushed_stream,
+            StreamState.RESERVED_REMOTE),
+    (StreamState.IDLE, StreamInputs.RECV_ALTERNATIVE_SERVICE):
+        (None, StreamState.IDLE),
+    (StreamState.IDLE, StreamInputs.UPGRADE_CLIENT):
+        (H2StreamStateMachine.request_sent, StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.IDLE, StreamInputs.UPGRADE_SERVER):
+        (H2StreamStateMachine.request_received,
+            StreamState.HALF_CLOSED_REMOTE),
+
+    # State: reserved local
+    (StreamState.RESERVED_LOCAL, StreamInputs.SEND_HEADERS):
+        (H2StreamStateMachine.response_sent, StreamState.HALF_CLOSED_REMOTE),
+    (StreamState.RESERVED_LOCAL, StreamInputs.RECV_DATA):
+        (H2StreamStateMachine.reset_stream_on_error, StreamState.CLOSED),
+    (StreamState.RESERVED_LOCAL, StreamInputs.SEND_WINDOW_UPDATE):
+        (None, StreamState.RESERVED_LOCAL),
+    (StreamState.RESERVED_LOCAL, StreamInputs.RECV_WINDOW_UPDATE):
+        (H2StreamStateMachine.window_updated, StreamState.RESERVED_LOCAL),
+    (StreamState.RESERVED_LOCAL, StreamInputs.SEND_RST_STREAM):
+        (H2StreamStateMachine.send_reset_stream, StreamState.CLOSED),
+    (StreamState.RESERVED_LOCAL, StreamInputs.RECV_RST_STREAM):
+        (H2StreamStateMachine.stream_reset, StreamState.CLOSED),
+    (StreamState.RESERVED_LOCAL, StreamInputs.SEND_ALTERNATIVE_SERVICE):
+        (H2StreamStateMachine.send_alt_svc, StreamState.RESERVED_LOCAL),
+    (StreamState.RESERVED_LOCAL, StreamInputs.RECV_ALTERNATIVE_SERVICE):
+        (None, StreamState.RESERVED_LOCAL),
+
+    # State: reserved remote
+    (StreamState.RESERVED_REMOTE, StreamInputs.RECV_HEADERS):
+        (H2StreamStateMachine.response_received,
+            StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.RESERVED_REMOTE, StreamInputs.RECV_DATA):
+        (H2StreamStateMachine.reset_stream_on_error, StreamState.CLOSED),
+    (StreamState.RESERVED_REMOTE, StreamInputs.SEND_WINDOW_UPDATE):
+        (None, StreamState.RESERVED_REMOTE),
+    (StreamState.RESERVED_REMOTE, StreamInputs.RECV_WINDOW_UPDATE):
+        (H2StreamStateMachine.window_updated, StreamState.RESERVED_REMOTE),
+    (StreamState.RESERVED_REMOTE, StreamInputs.SEND_RST_STREAM):
+        (H2StreamStateMachine.send_reset_stream, StreamState.CLOSED),
+    (StreamState.RESERVED_REMOTE, StreamInputs.RECV_RST_STREAM):
+        (H2StreamStateMachine.stream_reset, StreamState.CLOSED),
+    (StreamState.RESERVED_REMOTE, StreamInputs.RECV_ALTERNATIVE_SERVICE):
+        (H2StreamStateMachine.recv_alt_svc, StreamState.RESERVED_REMOTE),
+
+    # State: open
+    (StreamState.OPEN, StreamInputs.SEND_HEADERS):
+        (H2StreamStateMachine.response_sent, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.RECV_HEADERS):
+        (H2StreamStateMachine.response_received, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.SEND_DATA):
+        (None, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.RECV_DATA):
+        (H2StreamStateMachine.data_received, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.SEND_END_STREAM):
+        (None, StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.OPEN, StreamInputs.RECV_END_STREAM):
+        (H2StreamStateMachine.stream_half_closed,
+         StreamState.HALF_CLOSED_REMOTE),
+    (StreamState.OPEN, StreamInputs.SEND_WINDOW_UPDATE):
+        (None, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.RECV_WINDOW_UPDATE):
+        (H2StreamStateMachine.window_updated, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.SEND_RST_STREAM):
+        (H2StreamStateMachine.send_reset_stream, StreamState.CLOSED),
+    (StreamState.OPEN, StreamInputs.RECV_RST_STREAM):
+        (H2StreamStateMachine.stream_reset, StreamState.CLOSED),
+    (StreamState.OPEN, StreamInputs.SEND_PUSH_PROMISE):
+        (H2StreamStateMachine.send_push_promise, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.RECV_PUSH_PROMISE):
+        (H2StreamStateMachine.recv_push_promise, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.SEND_INFORMATIONAL_HEADERS):
+        (H2StreamStateMachine.send_informational_response, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.RECV_INFORMATIONAL_HEADERS):
+        (H2StreamStateMachine.recv_informational_response, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.SEND_ALTERNATIVE_SERVICE):
+        (H2StreamStateMachine.send_alt_svc, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.RECV_ALTERNATIVE_SERVICE):
+        (H2StreamStateMachine.recv_alt_svc, StreamState.OPEN),
+
+    # State: half-closed remote
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_HEADERS):
+        (H2StreamStateMachine.response_sent, StreamState.HALF_CLOSED_REMOTE),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.RECV_HEADERS):
+        (H2StreamStateMachine.reset_stream_on_error, StreamState.CLOSED),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_DATA):
+        (None, StreamState.HALF_CLOSED_REMOTE),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.RECV_DATA):
+        (H2StreamStateMachine.reset_stream_on_error, StreamState.CLOSED),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_END_STREAM):
+        (H2StreamStateMachine.send_end_stream, StreamState.CLOSED),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_WINDOW_UPDATE):
+        (None, StreamState.HALF_CLOSED_REMOTE),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.RECV_WINDOW_UPDATE):
+        (H2StreamStateMachine.window_updated, StreamState.HALF_CLOSED_REMOTE),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_RST_STREAM):
+        (H2StreamStateMachine.send_reset_stream, StreamState.CLOSED),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.RECV_RST_STREAM):
+        (H2StreamStateMachine.stream_reset, StreamState.CLOSED),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_PUSH_PROMISE):
+        (H2StreamStateMachine.send_push_promise,
+            StreamState.HALF_CLOSED_REMOTE),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.RECV_PUSH_PROMISE):
+        (H2StreamStateMachine.reset_stream_on_error, StreamState.CLOSED),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_INFORMATIONAL_HEADERS):
+        (H2StreamStateMachine.send_informational_response,
+            StreamState.HALF_CLOSED_REMOTE),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_ALTERNATIVE_SERVICE):
+        (H2StreamStateMachine.send_alt_svc, StreamState.HALF_CLOSED_REMOTE),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.RECV_ALTERNATIVE_SERVICE):
+        (H2StreamStateMachine.recv_alt_svc, StreamState.HALF_CLOSED_REMOTE),
+
+    # State: half-closed local
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_HEADERS):
+        (H2StreamStateMachine.response_received,
+            StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_DATA):
+        (H2StreamStateMachine.data_received, StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_END_STREAM):
+        (H2StreamStateMachine.stream_ended, StreamState.CLOSED),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.SEND_WINDOW_UPDATE):
+        (None, StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_WINDOW_UPDATE):
+        (H2StreamStateMachine.window_updated, StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.SEND_RST_STREAM):
+        (H2StreamStateMachine.send_reset_stream, StreamState.CLOSED),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_RST_STREAM):
+        (H2StreamStateMachine.stream_reset, StreamState.CLOSED),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_PUSH_PROMISE):
+        (H2StreamStateMachine.recv_push_promise,
+            StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_INFORMATIONAL_HEADERS):
+        (H2StreamStateMachine.recv_informational_response,
+            StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.SEND_ALTERNATIVE_SERVICE):
+        (H2StreamStateMachine.send_alt_svc, StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_ALTERNATIVE_SERVICE):
+        (H2StreamStateMachine.recv_alt_svc, StreamState.HALF_CLOSED_LOCAL),
+
+    # State: closed
+    (StreamState.CLOSED, StreamInputs.RECV_END_STREAM):
+        (None, StreamState.CLOSED),
+    (StreamState.CLOSED, StreamInputs.RECV_ALTERNATIVE_SERVICE):
+        (None, StreamState.CLOSED),
+
+    # RFC 7540 Section 5.1 defines how the end point should react when
+    # receiving a frame on a closed stream with the following statements:
+    #
+    # > An endpoint that receives any frame other than PRIORITY after receiving
+    # > a RST_STREAM MUST treat that as a stream error of type STREAM_CLOSED.
+    # > An endpoint that receives any frames after receiving a frame with the
+    # > END_STREAM flag set MUST treat that as a connection error of type
+    # > STREAM_CLOSED.
+    (StreamState.CLOSED, StreamInputs.RECV_HEADERS):
+        (H2StreamStateMachine.recv_on_closed_stream, StreamState.CLOSED),
+    (StreamState.CLOSED, StreamInputs.RECV_DATA):
+        (H2StreamStateMachine.recv_on_closed_stream, StreamState.CLOSED),
+
+    # > WINDOW_UPDATE or RST_STREAM frames can be received in this state
+    # > for a short period after a DATA or HEADERS frame containing a
+    # > END_STREAM flag is sent.
+    (StreamState.CLOSED, StreamInputs.RECV_WINDOW_UPDATE):
+        (H2StreamStateMachine.window_on_closed_stream, StreamState.CLOSED),
+    (StreamState.CLOSED, StreamInputs.RECV_RST_STREAM):
+        (H2StreamStateMachine.reset_on_closed_stream, StreamState.CLOSED),
+
+    # > A receiver MUST treat the receipt of a PUSH_PROMISE on a stream that is
+    # > neither "open" nor "half-closed (local)" as a connection error of type
+    # > PROTOCOL_ERROR.
+    (StreamState.CLOSED, StreamInputs.RECV_PUSH_PROMISE):
+        (H2StreamStateMachine.recv_push_on_closed_stream, StreamState.CLOSED),
+
+    # Also, users should be forbidden from sending on closed streams.
+    (StreamState.CLOSED, StreamInputs.SEND_HEADERS):
+        (H2StreamStateMachine.send_on_closed_stream, StreamState.CLOSED),
+    (StreamState.CLOSED, StreamInputs.SEND_PUSH_PROMISE):
+        (H2StreamStateMachine.send_push_on_closed_stream, StreamState.CLOSED),
+    (StreamState.CLOSED, StreamInputs.SEND_RST_STREAM):
+        (H2StreamStateMachine.send_on_closed_stream, StreamState.CLOSED),
+    (StreamState.CLOSED, StreamInputs.SEND_DATA):
+        (H2StreamStateMachine.send_on_closed_stream, StreamState.CLOSED),
+    (StreamState.CLOSED, StreamInputs.SEND_WINDOW_UPDATE):
+        (H2StreamStateMachine.send_on_closed_stream, StreamState.CLOSED),
+    (StreamState.CLOSED, StreamInputs.SEND_END_STREAM):
+        (H2StreamStateMachine.send_on_closed_stream, StreamState.CLOSED),
+}
+
+
+class H2Stream(object):
+    """
+    A low-level HTTP/2 stream object. This handles building and receiving
+    frames and maintains per-stream state.
+
+    This wraps a HTTP/2 Stream state machine implementation, ensuring that
+    frames can only be sent/received when the stream is in a valid state.
+    Attempts to create frames that cannot be sent will raise a
+    ``ProtocolError``.
+    """
+    def __init__(self,
+                 stream_id,
+                 config,
+                 inbound_window_size,
+                 outbound_window_size):
+        self.state_machine = H2StreamStateMachine(stream_id)
+        self.stream_id = stream_id
+        self.max_outbound_frame_size = None
+        self.request_method = None
+
+        # The curent value of the outbound stream flow control window
+        self.outbound_flow_control_window = outbound_window_size
+
+        # The flow control manager.
+        self._inbound_window_manager = WindowManager(inbound_window_size)
+
+        # The expected content length, if any.
+        self._expected_content_length = None
+
+        # The actual received content length. Always tracked.
+        self._actual_content_length = 0
+
+        # The authority we believe this stream belongs to.
+        self._authority = None
+
+        # The configuration for this stream.
+        self.config = config
+
+    def __repr__(self):
+        return "<%s id:%d state:%r>" % (
+            type(self).__name__,
+            self.stream_id,
+            self.state_machine.state
+        )
+
+    @property
+    def inbound_flow_control_window(self):
+        """
+        The size of the inbound flow control window for the stream. This is
+        rarely publicly useful: instead, use :meth:`remote_flow_control_window
+        <h2.stream.H2Stream.remote_flow_control_window>`. This shortcut is
+        largely present to provide a shortcut to this data.
+        """
+        return self._inbound_window_manager.current_window_size
+
+    @property
+    def open(self):
+        """
+        Whether the stream is 'open' in any sense: that is, whether it counts
+        against the number of concurrent streams.
+        """
+        # RFC 7540 Section 5.1.2 defines 'open' for this purpose to mean either
+        # the OPEN state or either of the HALF_CLOSED states. Perplexingly,
+        # this excludes the reserved states.
+        # For more detail on why we're doing this in this slightly weird way,
+        # see the comment on ``STREAM_OPEN`` at the top of the file.
+        return STREAM_OPEN[self.state_machine.state]
+
+    @property
+    def closed(self):
+        """
+        Whether the stream is closed.
+        """
+        return self.state_machine.state == StreamState.CLOSED
+
+    @property
+    def closed_by(self):
+        """
+        Returns how the stream was closed, as one of StreamClosedBy.
+        """
+        return self.state_machine.stream_closed_by
+
+    def upgrade(self, client_side):
+        """
+        Called by the connection to indicate that this stream is the initial
+        request/response of an upgraded connection. Places the stream into an
+        appropriate state.
+        """
+        self.config.logger.debug("Upgrading %r", self)
+
+        assert self.stream_id == 1
+        input_ = (
+            StreamInputs.UPGRADE_CLIENT if client_side
+            else StreamInputs.UPGRADE_SERVER
+        )
+
+        # This may return events, we deliberately don't want them.
+        self.state_machine.process_input(input_)
+        return
+
+    def send_headers(self, headers, encoder, end_stream=False):
+        """
+        Returns a list of HEADERS/CONTINUATION frames to emit as either headers
+        or trailers.
+        """
+        self.config.logger.debug("Send headers %s on %r", headers, self)
+        # Convert headers to two-tuples.
+        # FIXME: The fallback for dictionary headers is to be removed in 3.0.
+        try:
+            headers = headers.items()
+            warnings.warn(
+                "Implicit conversion of dictionaries to two-tuples for "
+                "headers is deprecated and will be removed in 3.0.",
+                DeprecationWarning
+            )
+        except AttributeError:
+            headers = headers
+
+        # Because encoding headers makes an irreversible change to the header
+        # compression context, we make the state transition before we encode
+        # them.
+
+        # First, check if we're a client. If we are, no problem: if we aren't,
+        # we need to scan the header block to see if this is an informational
+        # response.
+        input_ = StreamInputs.SEND_HEADERS
+        if ((not self.state_machine.client) and
+                is_informational_response(headers)):
+            if end_stream:
+                raise ProtocolError(
+                    "Cannot set END_STREAM on informational responses."
+                )
+
+            input_ = StreamInputs.SEND_INFORMATIONAL_HEADERS
+
+        events = self.state_machine.process_input(input_)
+
+        hf = HeadersFrame(self.stream_id)
+        hdr_validation_flags = self._build_hdr_validation_flags(events)
+        frames = self._build_headers_frames(
+            headers, encoder, hf, hdr_validation_flags
+        )
+
+        if end_stream:
+            # Not a bug: the END_STREAM flag is valid on the initial HEADERS
+            # frame, not the CONTINUATION frames that follow.
+            self.state_machine.process_input(StreamInputs.SEND_END_STREAM)
+            frames[0].flags.add('END_STREAM')
+
+        if self.state_machine.trailers_sent and not end_stream:
+            raise ProtocolError("Trailers must have END_STREAM set.")
+
+        if self.state_machine.client and self._authority is None:
+            self._authority = authority_from_headers(headers)
+
+        # store request method for _initialize_content_length
+        self.request_method = extract_method_header(headers)
+
+        return frames
+
+    def push_stream_in_band(self, related_stream_id, headers, encoder):
+        """
+        Returns a list of PUSH_PROMISE/CONTINUATION frames to emit as a pushed
+        stream header. Called on the stream that has the PUSH_PROMISE frame
+        sent on it.
+        """
+        self.config.logger.debug("Push stream %r", self)
+
+        # Because encoding headers makes an irreversible change to the header
+        # compression context, we make the state transition *first*.
+
+        events = self.state_machine.process_input(
+            StreamInputs.SEND_PUSH_PROMISE
+        )
+
+        ppf = PushPromiseFrame(self.stream_id)
+        ppf.promised_stream_id = related_stream_id
+        hdr_validation_flags = self._build_hdr_validation_flags(events)
+        frames = self._build_headers_frames(
+            headers, encoder, ppf, hdr_validation_flags
+        )
+
+        return frames
+
+    def locally_pushed(self):
+        """
+        Mark this stream as one that was pushed by this peer. Must be called
+        immediately after initialization. Sends no frames, simply updates the
+        state machine.
+        """
+        # This does not trigger any events.
+        events = self.state_machine.process_input(
+            StreamInputs.SEND_PUSH_PROMISE
+        )
+        assert not events
+        return []
+
+    def send_data(self, data, end_stream=False, pad_length=None):
+        """
+        Prepare some data frames. Optionally end the stream.
+
+        .. warning:: Does not perform flow control checks.
+        """
+        self.config.logger.debug(
+            "Send data on %r with end stream set to %s", self, end_stream
+        )
+
+        self.state_machine.process_input(StreamInputs.SEND_DATA)
+
+        df = DataFrame(self.stream_id)
+        df.data = data
+        if end_stream:
+            self.state_machine.process_input(StreamInputs.SEND_END_STREAM)
+            df.flags.add('END_STREAM')
+        if pad_length is not None:
+            df.flags.add('PADDED')
+            df.pad_length = pad_length
+
+        # Subtract flow_controlled_length to account for possible padding
+        self.outbound_flow_control_window -= df.flow_controlled_length
+        assert self.outbound_flow_control_window >= 0
+
+        return [df]
+
+    def end_stream(self):
+        """
+        End a stream without sending data.
+        """
+        self.config.logger.debug("End stream %r", self)
+
+        self.state_machine.process_input(StreamInputs.SEND_END_STREAM)
+        df = DataFrame(self.stream_id)
+        df.flags.add('END_STREAM')
+        return [df]
+
+    def advertise_alternative_service(self, field_value):
+        """
+        Advertise an RFC 7838 alternative service. The semantics of this are
+        better documented in the ``H2Connection`` class.
+        """
+        self.config.logger.debug(
+            "Advertise alternative service of %r for %r", field_value, self
+        )
+        self.state_machine.process_input(StreamInputs.SEND_ALTERNATIVE_SERVICE)
+        asf = AltSvcFrame(self.stream_id)
+        asf.field = field_value
+        return [asf]
+
+    def increase_flow_control_window(self, increment):
+        """
+        Increase the size of the flow control window for the remote side.
+        """
+        self.config.logger.debug(
+            "Increase flow control window for %r by %d",
+            self, increment
+        )
+        self.state_machine.process_input(StreamInputs.SEND_WINDOW_UPDATE)
+        self._inbound_window_manager.window_opened(increment)
+
+        wuf = WindowUpdateFrame(self.stream_id)
+        wuf.window_increment = increment
+        return [wuf]
+
+    def receive_push_promise_in_band(self,
+                                     promised_stream_id,
+                                     headers,
+                                     header_encoding):
+        """
+        Receives a push promise frame sent on this stream, pushing a remote
+        stream. This is called on the stream that has the PUSH_PROMISE sent
+        on it.
+        """
+        self.config.logger.debug(
+            "Receive Push Promise on %r for remote stream %d",
+            self, promised_stream_id
+        )
+        events = self.state_machine.process_input(
+            StreamInputs.RECV_PUSH_PROMISE
+        )
+        events[0].pushed_stream_id = promised_stream_id
+
+        if self.config.validate_inbound_headers:
+            hdr_validation_flags = self._build_hdr_validation_flags(events)
+            headers = validate_headers(headers, hdr_validation_flags)
+
+        if header_encoding:
+            headers = list(_decode_headers(headers, header_encoding))
+        events[0].headers = headers
+        return [], events
+
+    def remotely_pushed(self, pushed_headers):
+        """
+        Mark this stream as one that was pushed by the remote peer. Must be
+        called immediately after initialization. Sends no frames, simply
+        updates the state machine.
+        """
+        self.config.logger.debug("%r pushed by remote peer", self)
+        events = self.state_machine.process_input(
+            StreamInputs.RECV_PUSH_PROMISE
+        )
+        self._authority = authority_from_headers(pushed_headers)
+        return [], events
+
+    def receive_headers(self, headers, end_stream, header_encoding):
+        """
+        Receive a set of headers (or trailers).
+        """
+        if is_informational_response(headers):
+            if end_stream:
+                raise ProtocolError(
+                    "Cannot set END_STREAM on informational responses"
+                )
+            input_ = StreamInputs.RECV_INFORMATIONAL_HEADERS
+        else:
+            input_ = StreamInputs.RECV_HEADERS
+
+        events = self.state_machine.process_input(input_)
+
+        if end_stream:
+            es_events = self.state_machine.process_input(
+                StreamInputs.RECV_END_STREAM
+            )
+            events[0].stream_ended = es_events[0]
+            events += es_events
+
+        self._initialize_content_length(headers)
+
+        if isinstance(events[0], TrailersReceived):
+            if not end_stream:
+                raise ProtocolError("Trailers must have END_STREAM set")
+
+        if self.config.validate_inbound_headers:
+            hdr_validation_flags = self._build_hdr_validation_flags(events)
+            headers = validate_headers(headers, hdr_validation_flags)
+
+        if header_encoding:
+            headers = list(_decode_headers(headers, header_encoding))
+
+        events[0].headers = headers
+        return [], events
+
+    def receive_data(self, data, end_stream, flow_control_len):
+        """
+        Receive some data.
+        """
+        self.config.logger.debug(
+            "Receive data on %r with end stream %s and flow control length "
+            "set to %d", self, end_stream, flow_control_len
+        )
+        events = self.state_machine.process_input(StreamInputs.RECV_DATA)
+        self._inbound_window_manager.window_consumed(flow_control_len)
+        self._track_content_length(len(data), end_stream)
+
+        if end_stream:
+            es_events = self.state_machine.process_input(
+                StreamInputs.RECV_END_STREAM
+            )
+            events[0].stream_ended = es_events[0]
+            events.extend(es_events)
+
+        events[0].data = data
+        events[0].flow_controlled_length = flow_control_len
+        return [], events
+
+    def receive_window_update(self, increment):
+        """
+        Handle a WINDOW_UPDATE increment.
+        """
+        self.config.logger.debug(
+            "Receive Window Update on %r for increment of %d",
+            self, increment
+        )
+        events = self.state_machine.process_input(
+            StreamInputs.RECV_WINDOW_UPDATE
+        )
+        frames = []
+
+        # If we encounter a problem with incrementing the flow control window,
+        # this should be treated as a *stream* error, not a *connection* error.
+        # That means we need to catch the error and forcibly close the stream.
+        if events:
+            events[0].delta = increment
+            try:
+                self.outbound_flow_control_window = guard_increment_window(
+                    self.outbound_flow_control_window,
+                    increment
+                )
+            except FlowControlError:
+                # Ok, this is bad. We're going to need to perform a local
+                # reset.
+                event = StreamReset()
+                event.stream_id = self.stream_id
+                event.error_code = ErrorCodes.FLOW_CONTROL_ERROR
+                event.remote_reset = False
+
+                events = [event]
+                frames = self.reset_stream(event.error_code)
+
+        return frames, events
+
+    def receive_continuation(self):
+        """
+        A naked CONTINUATION frame has been received. This is always an error,
+        but the type of error it is depends on the state of the stream and must
+        transition the state of the stream, so we need to handle it.
+        """
+        self.config.logger.debug("Receive Continuation frame on %r", self)
+        self.state_machine.process_input(
+            StreamInputs.RECV_CONTINUATION
+        )
+        assert False, "Should not be reachable"
+
+    def receive_alt_svc(self, frame):
+        """
+        An Alternative Service frame was received on the stream. This frame
+        inherits the origin associated with this stream.
+        """
+        self.config.logger.debug(
+            "Receive Alternative Service frame on stream %r", self
+        )
+
+        # If the origin is present, RFC 7838 says we have to ignore it.
+        if frame.origin:
+            return [], []
+
+        events = self.state_machine.process_input(
+            StreamInputs.RECV_ALTERNATIVE_SERVICE
+        )
+
+        # There are lots of situations where we want to ignore the ALTSVC
+        # frame. If we need to pay attention, we'll have an event and should
+        # fill it out.
+        if events:
+            assert isinstance(events[0], AlternativeServiceAvailable)
+            events[0].origin = self._authority
+            events[0].field_value = frame.field
+
+        return [], events
+
+    def reset_stream(self, error_code=0):
+        """
+        Close the stream locally. Reset the stream with an error code.
+        """
+        self.config.logger.debug(
+            "Local reset %r with error code: %d", self, error_code
+        )
+        self.state_machine.process_input(StreamInputs.SEND_RST_STREAM)
+
+        rsf = RstStreamFrame(self.stream_id)
+        rsf.error_code = error_code
+        return [rsf]
+
+    def stream_reset(self, frame):
+        """
+        Handle a stream being reset remotely.
+        """
+        self.config.logger.debug(
+            "Remote reset %r with error code: %d", self, frame.error_code
+        )
+        events = self.state_machine.process_input(StreamInputs.RECV_RST_STREAM)
+
+        if events:
+            # We don't fire an event if this stream is already closed.
+            events[0].error_code = _error_code_from_int(frame.error_code)
+
+        return [], events
+
+    def acknowledge_received_data(self, acknowledged_size):
+        """
+        The user has informed us that they've processed some amount of data
+        that was received on this stream. Pass that to the window manager and
+        potentially return some WindowUpdate frames.
+        """
+        self.config.logger.debug(
+            "Acknowledge received data with size %d on %r",
+            acknowledged_size, self
+        )
+        increment = self._inbound_window_manager.process_bytes(
+            acknowledged_size
+        )
+        if increment:
+            f = WindowUpdateFrame(self.stream_id)
+            f.window_increment = increment
+            return [f]
+
+        return []
+
+    def _build_hdr_validation_flags(self, events):
+        """
+        Constructs a set of header validation flags for use when normalizing
+        and validating header blocks.
+        """
+        is_trailer = isinstance(
+            events[0], (_TrailersSent, TrailersReceived)
+        )
+        is_response_header = isinstance(
+            events[0],
+            (
+                _ResponseSent,
+                ResponseReceived,
+                InformationalResponseReceived
+            )
+        )
+        is_push_promise = isinstance(
+            events[0], (PushedStreamReceived, _PushedRequestSent)
+        )
+
+        return HeaderValidationFlags(
+            is_client=self.state_machine.client,
+            is_trailer=is_trailer,
+            is_response_header=is_response_header,
+            is_push_promise=is_push_promise,
+        )
+
+    def _build_headers_frames(self,
+                              headers,
+                              encoder,
+                              first_frame,
+                              hdr_validation_flags):
+        """
+        Helper method to build headers or push promise frames.
+        """
+        # We need to lowercase the header names, and to ensure that secure
+        # header fields are kept out of compression contexts.
+        if self.config.normalize_outbound_headers:
+            headers = normalize_outbound_headers(
+                headers, hdr_validation_flags
+            )
+        if self.config.validate_outbound_headers:
+            headers = validate_outbound_headers(
+                headers, hdr_validation_flags
+            )
+
+        encoded_headers = encoder.encode(headers)
+
+        # Slice into blocks of max_outbound_frame_size. Be careful with this:
+        # it only works right because we never send padded frames or priority
+        # information on the frames. Revisit this if we do.
+        header_blocks = [
+            encoded_headers[i:i+self.max_outbound_frame_size]
+            for i in range(
+                0, len(encoded_headers), self.max_outbound_frame_size
+            )
+        ]
+
+        frames = []
+        first_frame.data = header_blocks[0]
+        frames.append(first_frame)
+
+        for block in header_blocks[1:]:
+            cf = ContinuationFrame(self.stream_id)
+            cf.data = block
+            frames.append(cf)
+
+        frames[-1].flags.add('END_HEADERS')
+        return frames
+
+    def _initialize_content_length(self, headers):
+        """
+        Checks the headers for a content-length header and initializes the
+        _expected_content_length field from it. It's not an error for no
+        Content-Length header to be present.
+        """
+        if self.request_method == b'HEAD':
+            self._expected_content_length = 0
+            return
+
+        for n, v in headers:
+            if n == b'content-length':
+                try:
+                    self._expected_content_length = int(v, 10)
+                except ValueError:
+                    raise ProtocolError(
+                        "Invalid content-length header: %s" % v
+                    )
+
+                return
+
+    def _track_content_length(self, length, end_stream):
+        """
+        Update the expected content length in response to data being received.
+        Validates that the appropriate amount of data is sent. Always updates
+        the received data, but only validates the length against the
+        content-length header if one was sent.
+
+        :param length: The length of the body chunk received.
+        :param end_stream: If this is the last body chunk received.
+        """
+        self._actual_content_length += length
+        actual = self._actual_content_length
+        expected = self._expected_content_length
+
+        if expected is not None:
+            if expected < actual:
+                raise InvalidBodyLengthError(expected, actual)
+
+            if end_stream and expected != actual:
+                raise InvalidBodyLengthError(expected, actual)
+
+    def _inbound_flow_control_change_from_settings(self, delta):
+        """
+        We changed SETTINGS_INITIAL_WINDOW_SIZE, which means we need to
+        update the target window size for flow control. For our flow control
+        strategy, this means we need to do two things: we need to adjust the
+        current window size, but we also need to set the target maximum window
+        size to the new value.
+        """
+        new_max_size = self._inbound_window_manager.max_window_size + delta
+        self._inbound_window_manager.window_opened(delta)
+        self._inbound_window_manager.max_window_size = new_max_size
+
+
+def _decode_headers(headers, encoding):
+    """
+    Given an iterable of header two-tuples and an encoding, decodes those
+    headers using that encoding while preserving the type of the header tuple.
+    This ensures that the use of ``HeaderTuple`` is preserved.
+    """
+    for header in headers:
+        # This function expects to work on decoded headers, which are always
+        # HeaderTuple objects.
+        assert isinstance(header, HeaderTuple)
+
+        name, value = header
+        name = name.decode(encoding)
+        value = value.decode(encoding)
+        yield header.__class__(name, value)
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/utilities.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/utilities.py
new file mode 100755
index 00000000000..7a525f086ca
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/utilities.py
@@ -0,0 +1,585 @@
+# -*- coding: utf-8 -*-
+"""
+h2/utilities
+~~~~~~~~~~~~
+
+Utility functions that do not belong in a separate module.
+"""
+import collections
+import re
+from string import whitespace
+import sys
+
+from hpack import HeaderTuple, NeverIndexedHeaderTuple
+
+from .exceptions import ProtocolError, FlowControlError
+
+UPPER_RE = re.compile(b"[A-Z]")
+
+# A set of headers that are hop-by-hop or connection-specific and thus
+# forbidden in HTTP/2. This list comes from RFC 7540 § 8.1.2.2.
+CONNECTION_HEADERS = frozenset([
+    b'connection', u'connection',
+    b'proxy-connection', u'proxy-connection',
+    b'keep-alive', u'keep-alive',
+    b'transfer-encoding', u'transfer-encoding',
+    b'upgrade', u'upgrade',
+])
+
+
+_ALLOWED_PSEUDO_HEADER_FIELDS = frozenset([
+    b':method', u':method',
+    b':scheme', u':scheme',
+    b':authority', u':authority',
+    b':path', u':path',
+    b':status', u':status',
+])
+
+
+_SECURE_HEADERS = frozenset([
+    # May have basic credentials which are vulnerable to dictionary attacks.
+    b'authorization', u'authorization',
+    b'proxy-authorization', u'proxy-authorization',
+])
+
+
+_REQUEST_ONLY_HEADERS = frozenset([
+    b':scheme', u':scheme',
+    b':path', u':path',
+    b':authority', u':authority',
+    b':method', u':method'
+])
+
+
+_RESPONSE_ONLY_HEADERS = frozenset([b':status', u':status'])
+
+
+if sys.version_info[0] == 2:  # Python 2.X
+    _WHITESPACE = frozenset(whitespace)
+else:  # Python 3.3+
+    _WHITESPACE = frozenset(map(ord, whitespace))
+
+
+def _secure_headers(headers, hdr_validation_flags):
+    """
+    Certain headers are at risk of being attacked during the header compression
+    phase, and so need to be kept out of header compression contexts. This
+    function automatically transforms certain specific headers into HPACK
+    never-indexed fields to ensure they don't get added to header compression
+    contexts.
+
+    This function currently implements two rules:
+
+    - 'authorization' and 'proxy-authorization' fields are automatically made
+      never-indexed.
+    - Any 'cookie' header field shorter than 20 bytes long is made
+      never-indexed.
+
+    These fields are the most at-risk. These rules are inspired by Firefox
+    and nghttp2.
+    """
+    for header in headers:
+        if header[0] in _SECURE_HEADERS:
+            yield NeverIndexedHeaderTuple(*header)
+        elif header[0] in (b'cookie', u'cookie') and len(header[1]) < 20:
+            yield NeverIndexedHeaderTuple(*header)
+        else:
+            yield header
+
+
+def extract_method_header(headers):
+    """
+    Extracts the request method from the headers list.
+    """
+    for k, v in headers:
+        if k in (b':method', u':method'):
+            if not isinstance(v, bytes):
+                return v.encode('utf-8')
+            else:
+                return v
+
+
+def is_informational_response(headers):
+    """
+    Searches a header block for a :status header to confirm that a given
+    collection of headers are an informational response. Assumes the header
+    block is well formed: that is, that the HTTP/2 special headers are first
+    in the block, and so that it can stop looking when it finds the first
+    header field whose name does not begin with a colon.
+
+    :param headers: The HTTP/2 header block.
+    :returns: A boolean indicating if this is an informational response.
+    """
+    for n, v in headers:
+        if isinstance(n, bytes):
+            sigil = b':'
+            status = b':status'
+            informational_start = b'1'
+        else:
+            sigil = u':'
+            status = u':status'
+            informational_start = u'1'
+
+        # If we find a non-special header, we're done here: stop looping.
+        if not n.startswith(sigil):
+            return False
+
+        # This isn't the status header, bail.
+        if n != status:
+            continue
+
+        # If the first digit is a 1, we've got informational headers.
+        return v.startswith(informational_start)
+
+
+def guard_increment_window(current, increment):
+    """
+    Increments a flow control window, guarding against that window becoming too
+    large.
+
+    :param current: The current value of the flow control window.
+    :param increment: The increment to apply to that window.
+    :returns: The new value of the window.
+    :raises: ``FlowControlError``
+    """
+    # The largest value the flow control window may take.
+    LARGEST_FLOW_CONTROL_WINDOW = 2**31 - 1
+
+    new_size = current + increment
+
+    if new_size > LARGEST_FLOW_CONTROL_WINDOW:
+        raise FlowControlError(
+            "May not increment flow control window past %d" %
+            LARGEST_FLOW_CONTROL_WINDOW
+        )
+
+    return new_size
+
+
+def authority_from_headers(headers):
+    """
+    Given a header set, searches for the authority header and returns the
+    value.
+
+    Note that this doesn't terminate early, so should only be called if the
+    headers are for a client request. Otherwise, will loop over the entire
+    header set, which is potentially unwise.
+
+    :param headers: The HTTP header set.
+    :returns: The value of the authority header, or ``None``.
+    :rtype: ``bytes`` or ``None``.
+    """
+    for n, v in headers:
+        # This gets run against headers that come both from HPACK and from the
+        # user, so we may have unicode floating around in here. We only want
+        # bytes.
+        if n in (b':authority', u':authority'):
+            return v.encode('utf-8') if not isinstance(v, bytes) else v
+
+    return None
+
+
+# Flags used by the validate_headers pipeline to determine which checks
+# should be applied to a given set of headers.
+HeaderValidationFlags = collections.namedtuple(
+    'HeaderValidationFlags',
+    ['is_client', 'is_trailer', 'is_response_header', 'is_push_promise']
+)
+
+
+def validate_headers(headers, hdr_validation_flags):
+    """
+    Validates a header sequence against a set of constraints from RFC 7540.
+
+    :param headers: The HTTP header set.
+    :param hdr_validation_flags: An instance of HeaderValidationFlags.
+    """
+    # This validation logic is built on a sequence of generators that are
+    # iterated over to provide the final header list. This reduces some of the
+    # overhead of doing this checking. However, it's worth noting that this
+    # checking remains somewhat expensive, and attempts should be made wherever
+    # possible to reduce the time spent doing them.
+    #
+    # For example, we avoid tuple upacking in loops because it represents a
+    # fixed cost that we don't want to spend, instead indexing into the header
+    # tuples.
+    headers = _reject_uppercase_header_fields(
+        headers, hdr_validation_flags
+    )
+    headers = _reject_surrounding_whitespace(
+        headers, hdr_validation_flags
+    )
+    headers = _reject_te(
+        headers, hdr_validation_flags
+    )
+    headers = _reject_connection_header(
+        headers, hdr_validation_flags
+    )
+    headers = _reject_pseudo_header_fields(
+        headers, hdr_validation_flags
+    )
+    headers = _check_host_authority_header(
+        headers, hdr_validation_flags
+    )
+    headers = _check_path_header(headers, hdr_validation_flags)
+
+    return list(headers)
+
+
+def _reject_uppercase_header_fields(headers, hdr_validation_flags):
+    """
+    Raises a ProtocolError if any uppercase character is found in a header
+    block.
+    """
+    for header in headers:
+        if UPPER_RE.search(header[0]):
+            raise ProtocolError(
+                "Received uppercase header name %s." % header[0])
+        yield header
+
+
+def _reject_surrounding_whitespace(headers, hdr_validation_flags):
+    """
+    Raises a ProtocolError if any header name or value is surrounded by
+    whitespace characters.
+    """
+    # For compatibility with RFC 7230 header fields, we need to allow the field
+    # value to be an empty string. This is ludicrous, but technically allowed.
+    # The field name may not be empty, though, so we can safely assume that it
+    # must have at least one character in it and throw exceptions if it
+    # doesn't.
+    for header in headers:
+        if header[0][0] in _WHITESPACE or header[0][-1] in _WHITESPACE:
+            raise ProtocolError(
+                "Received header name surrounded by whitespace %r" % header[0])
+        if header[1] and ((header[1][0] in _WHITESPACE) or
+           (header[1][-1] in _WHITESPACE)):
+            raise ProtocolError(
+                "Received header value surrounded by whitespace %r" % header[1]
+            )
+        yield header
+
+
+def _reject_te(headers, hdr_validation_flags):
+    """
+    Raises a ProtocolError if the TE header is present in a header block and
+    its value is anything other than "trailers".
+    """
+    for header in headers:
+        if header[0] in (b'te', u'te'):
+            if header[1].lower() not in (b'trailers', u'trailers'):
+                raise ProtocolError(
+                    "Invalid value for Transfer-Encoding header: %s" %
+                    header[1]
+                )
+
+        yield header
+
+
+def _reject_connection_header(headers, hdr_validation_flags):
+    """
+    Raises a ProtocolError if the Connection header is present in a header
+    block.
+    """
+    for header in headers:
+        if header[0] in CONNECTION_HEADERS:
+            raise ProtocolError(
+                "Connection-specific header field present: %s." % header[0]
+            )
+
+        yield header
+
+
+def _custom_startswith(test_string, bytes_prefix, unicode_prefix):
+    """
+    Given a string that might be a bytestring or a Unicode string,
+    return True if it starts with the appropriate prefix.
+    """
+    if isinstance(test_string, bytes):
+        return test_string.startswith(bytes_prefix)
+    else:
+        return test_string.startswith(unicode_prefix)
+
+
+def _assert_header_in_set(string_header, bytes_header, header_set):
+    """
+    Given a set of header names, checks whether the string or byte version of
+    the header name is present. Raises a Protocol error with the appropriate
+    error if it's missing.
+    """
+    if not (string_header in header_set or bytes_header in header_set):
+        raise ProtocolError(
+            "Header block missing mandatory %s header" % string_header
+        )
+
+
+def _reject_pseudo_header_fields(headers, hdr_validation_flags):
+    """
+    Raises a ProtocolError if duplicate pseudo-header fields are found in a
+    header block or if a pseudo-header field appears in a block after an
+    ordinary header field.
+
+    Raises a ProtocolError if pseudo-header fields are found in trailers.
+    """
+    seen_pseudo_header_fields = set()
+    seen_regular_header = False
+
+    for header in headers:
+        if _custom_startswith(header[0], b':', u':'):
+            if header[0] in seen_pseudo_header_fields:
+                raise ProtocolError(
+                    "Received duplicate pseudo-header field %s" % header[0]
+                )
+
+            seen_pseudo_header_fields.add(header[0])
+
+            if seen_regular_header:
+                raise ProtocolError(
+                    "Received pseudo-header field out of sequence: %s" %
+                    header[0]
+                )
+
+            if header[0] not in _ALLOWED_PSEUDO_HEADER_FIELDS:
+                raise ProtocolError(
+                    "Received custom pseudo-header field %s" % header[0]
+                )
+
+        else:
+            seen_regular_header = True
+
+        yield header
+
+    # Check the pseudo-headers we got to confirm they're acceptable.
+    _check_pseudo_header_field_acceptability(
+        seen_pseudo_header_fields, hdr_validation_flags
+    )
+
+
+def _check_pseudo_header_field_acceptability(pseudo_headers,
+                                             hdr_validation_flags):
+    """
+    Given the set of pseudo-headers present in a header block and the
+    validation flags, confirms that RFC 7540 allows them.
+    """
+    # Pseudo-header fields MUST NOT appear in trailers - RFC 7540 § 8.1.2.1
+    if hdr_validation_flags.is_trailer and pseudo_headers:
+        raise ProtocolError(
+            "Received pseudo-header in trailer %s" % pseudo_headers
+        )
+
+    # If ':status' pseudo-header is not there in a response header, reject it.
+    # Similarly, if ':path', ':method', or ':scheme' are not there in a request
+    # header, reject it. Additionally, if a response contains any request-only
+    # headers or vice-versa, reject it.
+    # Relevant RFC section: RFC 7540 § 8.1.2.4
+    # https://tools.ietf.org/html/rfc7540#section-8.1.2.4
+    if hdr_validation_flags.is_response_header:
+        _assert_header_in_set(u':status', b':status', pseudo_headers)
+        invalid_response_headers = pseudo_headers & _REQUEST_ONLY_HEADERS
+        if invalid_response_headers:
+            raise ProtocolError(
+                "Encountered request-only headers %s" %
+                invalid_response_headers
+            )
+    elif (not hdr_validation_flags.is_response_header and
+          not hdr_validation_flags.is_trailer):
+        # This is a request, so we need to have seen :path, :method, and
+        # :scheme.
+        _assert_header_in_set(u':path', b':path', pseudo_headers)
+        _assert_header_in_set(u':method', b':method', pseudo_headers)
+        _assert_header_in_set(u':scheme', b':scheme', pseudo_headers)
+        invalid_request_headers = pseudo_headers & _RESPONSE_ONLY_HEADERS
+        if invalid_request_headers:
+            raise ProtocolError(
+                "Encountered response-only headers %s" %
+                invalid_request_headers
+            )
+
+
+def _validate_host_authority_header(headers):
+    """
+    Given the :authority and Host headers from a request block that isn't
+    a trailer, check that:
+     1. At least one of these headers is set.
+     2. If both headers are set, they match.
+
+    :param headers: The HTTP header set.
+    :raises: ``ProtocolError``
+    """
+    # We use None as a sentinel value.  Iterate over the list of headers,
+    # and record the value of these headers (if present).  We don't need
+    # to worry about receiving duplicate :authority headers, as this is
+    # enforced by the _reject_pseudo_header_fields() pipeline.
+    #
+    # TODO: We should also guard against receiving duplicate Host headers,
+    # and against sending duplicate headers.
+    authority_header_val = None
+    host_header_val = None
+
+    for header in headers:
+        if header[0] in (b':authority', u':authority'):
+            authority_header_val = header[1]
+        elif header[0] in (b'host', u'host'):
+            host_header_val = header[1]
+
+        yield header
+
+    # If we have not-None values for these variables, then we know we saw
+    # the corresponding header.
+    authority_present = (authority_header_val is not None)
+    host_present = (host_header_val is not None)
+
+    # It is an error for a request header block to contain neither
+    # an :authority header nor a Host header.
+    if not authority_present and not host_present:
+        raise ProtocolError(
+            "Request header block does not have an :authority or Host header."
+        )
+
+    # If we receive both headers, they should definitely match.
+    if authority_present and host_present:
+        if authority_header_val != host_header_val:
+            raise ProtocolError(
+                "Request header block has mismatched :authority and "
+                "Host headers: %r / %r"
+                % (authority_header_val, host_header_val)
+            )
+
+
+def _check_host_authority_header(headers, hdr_validation_flags):
+    """
+    Raises a ProtocolError if a header block arrives that does not contain an
+    :authority or a Host header, or if a header block contains both fields,
+    but their values do not match.
+    """
+    # We only expect to see :authority and Host headers on request header
+    # blocks that aren't trailers, so skip this validation if this is a
+    # response header or we're looking at trailer blocks.
+    skip_validation = (
+        hdr_validation_flags.is_response_header or
+        hdr_validation_flags.is_trailer
+    )
+    if skip_validation:
+        return headers
+
+    return _validate_host_authority_header(headers)
+
+
+def _check_path_header(headers, hdr_validation_flags):
+    """
+    Raise a ProtocolError if a header block arrives or is sent that contains an
+    empty :path header.
+    """
+    def inner():
+        for header in headers:
+            if header[0] in (b':path', u':path'):
+                if not header[1]:
+                    raise ProtocolError("An empty :path header is forbidden")
+
+            yield header
+
+    # We only expect to see :authority and Host headers on request header
+    # blocks that aren't trailers, so skip this validation if this is a
+    # response header or we're looking at trailer blocks.
+    skip_validation = (
+        hdr_validation_flags.is_response_header or
+        hdr_validation_flags.is_trailer
+    )
+    if skip_validation:
+        return headers
+    else:
+        return inner()
+
+
+def _lowercase_header_names(headers, hdr_validation_flags):
+    """
+    Given an iterable of header two-tuples, rebuilds that iterable with the
+    header names lowercased. This generator produces tuples that preserve the
+    original type of the header tuple for tuple and any ``HeaderTuple``.
+    """
+    for header in headers:
+        if isinstance(header, HeaderTuple):
+            yield header.__class__(header[0].lower(), header[1])
+        else:
+            yield (header[0].lower(), header[1])
+
+
+def _strip_surrounding_whitespace(headers, hdr_validation_flags):
+    """
+    Given an iterable of header two-tuples, strip both leading and trailing
+    whitespace from both header names and header values. This generator
+    produces tuples that preserve the original type of the header tuple for
+    tuple and any ``HeaderTuple``.
+    """
+    for header in headers:
+        if isinstance(header, HeaderTuple):
+            yield header.__class__(header[0].strip(), header[1].strip())
+        else:
+            yield (header[0].strip(), header[1].strip())
+
+
+def _strip_connection_headers(headers, hdr_validation_flags):
+    """
+    Strip any connection headers as per RFC7540 § 8.1.2.2.
+    """
+    for header in headers:
+        if header[0] not in CONNECTION_HEADERS:
+            yield header
+
+
+def _check_sent_host_authority_header(headers, hdr_validation_flags):
+    """
+    Raises an InvalidHeaderBlockError if we try to send a header block
+    that does not contain an :authority or a Host header, or if
+    the header block contains both fields, but their values do not match.
+    """
+    # We only expect to see :authority and Host headers on request header
+    # blocks that aren't trailers, so skip this validation if this is a
+    # response header or we're looking at trailer blocks.
+    skip_validation = (
+        hdr_validation_flags.is_response_header or
+        hdr_validation_flags.is_trailer
+    )
+    if skip_validation:
+        return headers
+
+    return _validate_host_authority_header(headers)
+
+
+def normalize_outbound_headers(headers, hdr_validation_flags):
+    """
+    Normalizes a header sequence that we are about to send.
+
+    :param headers: The HTTP header set.
+    :param hdr_validation_flags: An instance of HeaderValidationFlags.
+    """
+    headers = _lowercase_header_names(headers, hdr_validation_flags)
+    headers = _strip_surrounding_whitespace(headers, hdr_validation_flags)
+    headers = _strip_connection_headers(headers, hdr_validation_flags)
+    headers = _secure_headers(headers, hdr_validation_flags)
+
+    return headers
+
+
+def validate_outbound_headers(headers, hdr_validation_flags):
+    """
+    Validates and normalizes a header sequence that we are about to send.
+
+    :param headers: The HTTP header set.
+    :param hdr_validation_flags: An instance of HeaderValidationFlags.
+    """
+    headers = _reject_te(
+        headers, hdr_validation_flags
+    )
+    headers = _reject_connection_header(
+        headers, hdr_validation_flags
+    )
+    headers = _reject_pseudo_header_fields(
+        headers, hdr_validation_flags
+    )
+    headers = _check_sent_host_authority_header(
+        headers, hdr_validation_flags
+    )
+    headers = _check_path_header(headers, hdr_validation_flags)
+
+    return headers
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/windows.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/windows.py
new file mode 100755
index 00000000000..6656975f486
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/h2/windows.py
@@ -0,0 +1,139 @@
+# -*- coding: utf-8 -*-
+"""
+h2/windows
+~~~~~~~~~~
+
+Defines tools for managing HTTP/2 flow control windows.
+
+The objects defined in this module are used to automatically manage HTTP/2
+flow control windows. Specifically, they keep track of what the size of the
+window is, how much data has been consumed from that window, and how much data
+the user has already used. It then implements a basic algorithm that attempts
+to manage the flow control window without user input, trying to ensure that it
+does not emit too many WINDOW_UPDATE frames.
+"""
+from __future__ import division
+
+from .exceptions import FlowControlError
+
+
+# The largest acceptable value for a HTTP/2 flow control window.
+LARGEST_FLOW_CONTROL_WINDOW = 2**31 - 1
+
+
+class WindowManager(object):
+    """
+    A basic HTTP/2 window manager.
+
+    :param max_window_size: The maximum size of the flow control window.
+    :type max_window_size: ``int``
+    """
+    def __init__(self, max_window_size):
+        assert max_window_size <= LARGEST_FLOW_CONTROL_WINDOW
+        self.max_window_size = max_window_size
+        self.current_window_size = max_window_size
+        self._bytes_processed = 0
+
+    def window_consumed(self, size):
+        """
+        We have received a certain number of bytes from the remote peer. This
+        necessarily shrinks the flow control window!
+
+        :param size: The number of flow controlled bytes we received from the
+            remote peer.
+        :type size: ``int``
+        :returns: Nothing.
+        :rtype: ``None``
+        """
+        self.current_window_size -= size
+        if self.current_window_size < 0:
+            raise FlowControlError("Flow control window shrunk below 0")
+
+    def window_opened(self, size):
+        """
+        The flow control window has been incremented, either because of manual
+        flow control management or because of the user changing the flow
+        control settings. This can have the effect of increasing what we
+        consider to be the "maximum" flow control window size.
+
+        This does not increase our view of how many bytes have been processed,
+        only of how much space is in the window.
+
+        :param size: The increment to the flow control window we received.
+        :type size: ``int``
+        :returns: Nothing
+        :rtype: ``None``
+        """
+        self.current_window_size += size
+
+        if self.current_window_size > LARGEST_FLOW_CONTROL_WINDOW:
+            raise FlowControlError(
+                "Flow control window mustn't exceed %d" %
+                LARGEST_FLOW_CONTROL_WINDOW
+            )
+
+        if self.current_window_size > self.max_window_size:
+            self.max_window_size = self.current_window_size
+
+    def process_bytes(self, size):
+        """
+        The application has informed us that it has processed a certain number
+        of bytes. This may cause us to want to emit a window update frame. If
+        we do want to emit a window update frame, this method will return the
+        number of bytes that we should increment the window by.
+
+        :param size: The number of flow controlled bytes that the application
+            has processed.
+        :type size: ``int``
+        :returns: The number of bytes to increment the flow control window by,
+            or ``None``.
+        :rtype: ``int`` or ``None``
+        """
+        self._bytes_processed += size
+        return self._maybe_update_window()
+
+    def _maybe_update_window(self):
+        """
+        Run the algorithm.
+
+        Our current algorithm can be described like this.
+
+        1. If no bytes have been processed, we immediately return 0. There is
+           no meaningful way for us to hand space in the window back to the
+           remote peer, so let's not even try.
+        2. If there is no space in the flow control window, and we have
+           processed at least 1024 bytes (or 1/4 of the window, if the window
+           is smaller), we will emit a window update frame. This is to avoid
+           the risk of blocking a stream altogether.
+        3. If there is space in the flow control window, and we have processed
+           at least 1/2 of the window worth of bytes, we will emit a window
+           update frame. This is to minimise the number of window update frames
+           we have to emit.
+
+        In a healthy system with large flow control windows, this will
+        irregularly emit WINDOW_UPDATE frames. This prevents us starving the
+        connection by emitting eleventy bajillion WINDOW_UPDATE frames,
+        especially in situations where the remote peer is sending a lot of very
+        small DATA frames.
+        """
+        # TODO: Can the window be smaller than 1024 bytes? If not, we can
+        # streamline this algorithm.
+        if not self._bytes_processed:
+            return None
+
+        max_increment = (self.max_window_size - self.current_window_size)
+        increment = 0
+
+        # Note that, even though we may increment less than _bytes_processed,
+        # we still want to set it to zero whenever we emit an increment. This
+        # is because we'll always increment up to the maximum we can.
+        if (self.current_window_size == 0) and (
+                self._bytes_processed > min(1024, self.max_window_size // 4)):
+            increment = min(self._bytes_processed, max_increment)
+            self._bytes_processed = 0
+        elif self._bytes_processed >= (self.max_window_size // 2):
+            increment = min(self._bytes_processed, max_increment)
+            self._bytes_processed = 0
+
+        self.current_window_size += increment
+        return increment
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http11/__init__.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http11/__init__.py
new file mode 100644
index 00000000000..2faef667e45
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http11/__init__.py
@@ -0,0 +1,7 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/http11
+~~~~~~~~~~~~
+
+The HTTP/1.1 submodule that powers hyper.
+"""
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http11/connection.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http11/connection.py
new file mode 100644
index 00000000000..61361c3580d
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http11/connection.py
@@ -0,0 +1,384 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/http11/connection
+~~~~~~~~~~~~~~~~~~~~~~~
+
+Objects that build hyper's connection-level HTTP/1.1 abstraction.
+"""
+import logging
+import os
+import socket
+import base64
+
+from collections import Iterable, Mapping
+
+import collections
+from hyperframe.frame import SettingsFrame
+
+from .response import HTTP11Response
+from ..tls import wrap_socket, H2C_PROTOCOL
+from ..common.bufsocket import BufferedSocket
+from ..common.exceptions import TLSUpgrade, HTTPUpgrade
+from ..common.headers import HTTPHeaderMap
+from ..common.util import to_bytestring, to_host_port_tuple
+from ..compat import bytes
+
+# We prefer pycohttpparser to the pure-Python interpretation
+try:  # pragma: no cover
+    from pycohttpparser.api import Parser
+except ImportError:  # pragma: no cover
+    from .parser import Parser
+
+
+log = logging.getLogger(__name__)
+
+BODY_CHUNKED = 1
+BODY_FLAT = 2
+
+
+class HTTP11Connection(object):
+    """
+    An object representing a single HTTP/1.1 connection to a server.
+
+    :param host: The host to connect to. This may be an IP address or a
+        hostname, and optionally may include a port: for example,
+        ``'twitter.com'``, ``'twitter.com:443'`` or ``'127.0.0.1'``.
+    :param port: (optional) The port to connect to. If not provided and one
+        also isn't provided in the ``host`` parameter, defaults to 80.
+    :param secure: (optional) Whether the request should use TLS. Defaults to
+        ``False`` for most requests, but to ``True`` for any request issued to
+        port 443.
+    :param ssl_context: (optional) A class with custom certificate settings.
+        If not provided then hyper's default ``SSLContext`` is used instead.
+    :param proxy_host: (optional) The proxy to connect to.  This can be an IP
+        address or a host name and may include a port.
+    :param proxy_port: (optional) The proxy port to connect to. If not provided
+        and one also isn't provided in the ``proxy`` parameter,
+        defaults to 8080.
+    """
+    def __init__(self, host, port=None, secure=None, ssl_context=None,
+                 proxy_host=None, proxy_port=None, **kwargs):
+        if port is None:
+            self.host, self.port = to_host_port_tuple(host, default_port=80)
+        else:
+            self.host, self.port = host, port
+
+        # Record whether we plan to secure the request. In future this should
+        # be extended to a security profile, but a bool will do for now.
+        # TODO: Actually do something with this!
+        if secure is not None:
+            self.secure = secure
+        elif self.port == 443:
+            self.secure = True
+        else:
+            self.secure = False
+
+        # only send http upgrade headers for non-secure connection
+        self._send_http_upgrade = not self.secure
+
+        self.ssl_context = ssl_context
+        self._sock = None
+
+        # Setup proxy details if applicable.
+        if proxy_host:
+            if proxy_port is None:
+                self.proxy_host, self.proxy_port = to_host_port_tuple(
+                    proxy_host, default_port=8080
+                )
+            else:
+                self.proxy_host, self.proxy_port = proxy_host, proxy_port
+        else:
+            self.proxy_host = None
+            self.proxy_port = None
+
+        #: The size of the in-memory buffer used to store data from the
+        #: network. This is used as a performance optimisation. Increase buffer
+        #: size to improve performance: decrease it to conserve memory.
+        #: Defaults to 64kB.
+        self.network_buffer_size = 65536
+
+        #: The object used to perform HTTP/1.1 parsing. Needs to conform to
+        #: the standard hyper parsing interface.
+        self.parser = Parser()
+
+    def connect(self):
+        """
+        Connect to the server specified when the object was created. This is a
+        no-op if we're already connected.
+
+        :returns: Nothing.
+        """
+        if self._sock is None:
+            if not self.proxy_host:
+                host = self.host
+                port = self.port
+            else:
+                host = self.proxy_host
+                port = self.proxy_port
+
+            sock = socket.create_connection((host, port), 5)
+            proto = None
+
+            if self.secure:
+                assert not self.proxy_host, "Proxy with HTTPS not supported."
+                sock, proto = wrap_socket(sock, host, self.ssl_context)
+
+            log.debug("Selected protocol: %s", proto)
+            sock = BufferedSocket(sock, self.network_buffer_size)
+
+            if proto not in ('http/1.1', None):
+                raise TLSUpgrade(proto, sock)
+
+            self._sock = sock
+
+        return
+
+    def request(self, method, url, body=None, headers=None):
+        """
+        This will send a request to the server using the HTTP request method
+        ``method`` and the selector ``url``. If the ``body`` argument is
+        present, it should be string or bytes object of data to send after the
+        headers are finished. Strings are encoded as UTF-8. To use other
+        encodings, pass a bytes object. The Content-Length header is set to the
+        length of the body field.
+
+        :param method: The request method, e.g. ``'GET'``.
+        :param url: The URL to contact, e.g. ``'/path/segment'``.
+        :param body: (optional) The request body to send. Must be a bytestring,
+            an iterable of bytestring, or a file-like object.
+        :param headers: (optional) The headers to send on the request.
+        :returns: Nothing.
+        """
+
+        headers = headers or {}
+
+        method = to_bytestring(method)
+        url = to_bytestring(url)
+
+        if not isinstance(headers, HTTPHeaderMap):
+            if isinstance(headers, Mapping):
+                headers = HTTPHeaderMap(headers.items())
+            elif isinstance(headers, Iterable):
+                headers = HTTPHeaderMap(headers)
+            else:
+                raise ValueError(
+                    'Header argument must be a dictionary or an iterable'
+                )
+
+        if self._sock is None:
+            self.connect()
+
+        if self._send_http_upgrade:
+            self._add_upgrade_headers(headers)
+            self._send_http_upgrade = False
+
+        # We may need extra headers.
+        if body:
+            body_type = self._add_body_headers(headers, body)
+
+        if b'host' not in headers:
+            headers[b'host'] = self.host
+
+        # Begin by emitting the header block.
+        self._send_headers(method, url, headers)
+
+        # Next, send the request body.
+        if body:
+            self._send_body(body, body_type)
+
+        return
+
+    def get_response(self):
+        """
+        Returns a response object.
+
+        This is an early beta, so the response object is pretty stupid. That's
+        ok, we'll fix it later.
+        """
+        headers = HTTPHeaderMap()
+
+        response = None
+        while response is None:
+            # 'encourage' the socket to receive data.
+            self._sock.fill()
+            response = self.parser.parse_response(self._sock.buffer)
+
+        for n, v in response.headers:
+            headers[n.tobytes()] = v.tobytes()
+
+        self._sock.advance_buffer(response.consumed)
+
+        if (response.status == 101 and
+                b'upgrade' in headers['connection'] and
+                H2C_PROTOCOL.encode('utf-8') in headers['upgrade']):
+            raise HTTPUpgrade(H2C_PROTOCOL, self._sock)
+
+        return HTTP11Response(
+            response.status,
+            response.msg.tobytes(),
+            headers,
+            self._sock,
+            self
+        )
+
+    def _send_headers(self, method, url, headers):
+        """
+        Handles the logic of sending the header block.
+        """
+        self._sock.send(b' '.join([method, url, b'HTTP/1.1\r\n']))
+
+        for name, value in headers.iter_raw():
+            name, value = to_bytestring(name), to_bytestring(value)
+            header = b''.join([name, b': ', value, b'\r\n'])
+            self._sock.send(header)
+
+        self._sock.send(b'\r\n')
+
+    def _add_body_headers(self, headers, body):
+        """
+        Adds any headers needed for sending the request body. This will always
+        defer to the user-supplied header content.
+
+        :returns: One of (BODY_CHUNKED, BODY_FLAT), indicating what type of
+            request body should be used.
+        """
+        if b'content-length' in headers:
+            return BODY_FLAT
+
+        if b'chunked' in headers.get(b'transfer-encoding', []):
+            return BODY_CHUNKED
+
+        # For bytestring bodies we upload the content with a fixed length.
+        # For file objects, we use the length of the file object.
+        if isinstance(body, bytes):
+            length = str(len(body)).encode('utf-8')
+        elif hasattr(body, 'fileno'):
+            length = str(os.fstat(body.fileno()).st_size).encode('utf-8')
+        else:
+            length = None
+
+        if length:
+            headers[b'content-length'] = length
+            return BODY_FLAT
+
+        headers[b'transfer-encoding'] = b'chunked'
+        return BODY_CHUNKED
+
+    def _add_upgrade_headers(self, headers):
+        # Add HTTP Upgrade headers.
+        headers[b'connection'] = b'Upgrade, HTTP2-Settings'
+        headers[b'upgrade'] = H2C_PROTOCOL
+
+        # Encode SETTINGS frame payload in Base64 and put into the HTTP-2
+        # Settings header.
+        http2_settings = SettingsFrame(0)
+        http2_settings.settings[SettingsFrame.INITIAL_WINDOW_SIZE] = 65535
+        encoded_settings = base64.urlsafe_b64encode(
+            http2_settings.serialize_body()
+        )
+        headers[b'HTTP2-Settings'] = encoded_settings.rstrip(b'=')
+
+    def _send_body(self, body, body_type):
+        """
+        Handles the HTTP/1.1 logic for sending HTTP bodies. This does magical
+        different things in different cases.
+        """
+        if body_type == BODY_FLAT:
+            # Special case for files and other 'readable' objects.
+            if hasattr(body, 'read'):
+                return self._send_file_like_obj(body)
+
+            # Case for bytestrings.
+            elif isinstance(body, bytes):
+                self._sock.send(body)
+
+                return
+
+            # Iterables that set a specific content length.
+            elif isinstance(body, collections.Iterable):
+                for item in body:
+                    try:
+                        self._sock.send(item)
+                    except TypeError:
+                        raise ValueError(
+                            "Elements in iterable body must be bytestrings. "
+                            "Illegal element: {}".format(item)
+                        )
+                return
+
+            else:
+                raise ValueError(
+                    'Request body must be a bytestring, a file-like object '
+                    'returning bytestrings or an iterable of bytestrings. '
+                    'Got: {}'.format(type(body))
+                )
+
+        # Chunked!
+        return self._send_chunked(body)
+
+    def _send_chunked(self, body):
+        """
+        Handles the HTTP/1.1 logic for sending a chunk-encoded body.
+        """
+        # Chunked! For chunked bodies we don't special-case, we just iterate
+        # over what we have and send stuff out.
+        for chunk in body:
+            length = '{0:x}'.format(len(chunk)).encode('ascii')
+
+            # For now write this as four 'send' calls. That's probably
+            # inefficient, let's come back to it.
+            try:
+                self._sock.send(length)
+                self._sock.send(b'\r\n')
+                self._sock.send(chunk)
+                self._sock.send(b'\r\n')
+            except TypeError:
+                raise ValueError(
+                    "Iterable bodies must always iterate in bytestrings"
+                )
+
+        self._sock.send(b'0\r\n\r\n')
+        return
+
+    def _send_file_like_obj(self, fobj):
+        """
+        Handles streaming a file-like object to the network.
+        """
+        while True:
+            block = fobj.read(16*1024)
+            if not block:
+                break
+
+            try:
+                self._sock.send(block)
+            except TypeError:
+                raise ValueError(
+                    "File-like bodies must return bytestrings. Got: "
+                    "{}".format(type(block))
+                )
+
+        return
+
+    def close(self):
+        """
+        Closes the connection. This closes the socket and then abandons the
+        reference to it. After calling this method, any outstanding
+        :class:`Response <hyper.http11.response.Response>` objects will throw
+        exceptions if attempts are made to read their bodies.
+
+        In some cases this method will automatically be called.
+
+        .. warning:: This method should absolutely only be called when you are
+                     certain the connection object is no longer needed.
+        """
+        self._sock.close()
+        self._sock = None
+
+    # The following two methods are the implementation of the context manager
+    # protocol.
+    def __enter__(self):
+        return self
+
+    def __exit__(self, type, value, tb):
+        self.close()
+        return False  # Never swallow exceptions.
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http11/parser.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http11/parser.py
new file mode 100644
index 00000000000..ee391210dd1
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http11/parser.py
@@ -0,0 +1,82 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/http11/parser
+~~~~~~~~~~~~~~~~~~~
+
+This module contains hyper's pure-Python HTTP/1.1 parser. This module defines
+an abstraction layer for HTTP/1.1 parsing that allows for dropping in other
+modules if needed, in order to obtain speedups on your chosen platform.
+"""
+from collections import namedtuple
+
+
+Response = namedtuple(
+    'Response', ['status', 'msg', 'minor_version', 'headers', 'consumed']
+)
+
+
+class ParseError(Exception):
+    """
+    An invalid HTTP message was passed to the parser.
+    """
+    pass
+
+
+class Parser(object):
+    """
+    A single HTTP parser object.
+    This object is not thread-safe, and it does maintain state that is shared
+    across parsing requests. For this reason, make sure that access to this
+    object is synchronized if you use it across multiple threads.
+    """
+    def __init__(self):
+        pass
+
+    def parse_response(self, buffer):
+        """
+        Parses a single HTTP response from a buffer.
+        :param buffer: A ``memoryview`` object wrapping a buffer containing a
+            HTTP response.
+        :returns: A :class:`Response <hyper.http11.parser.Response>` object, or
+            ``None`` if there is not enough data in the buffer.
+        """
+        # Begin by copying the data out of the buffer. This is necessary
+        # because as much as possible we want to use the built-in bytestring
+        # methods, rather than looping over the data in Python.
+        temp_buffer = buffer.tobytes()
+
+        index = temp_buffer.find(b'\n')
+        if index == -1:
+            return None
+
+        version, status, reason = temp_buffer[0:index].split(None, 2)
+        if not version.startswith(b'HTTP/1.'):
+            raise ParseError("Not HTTP/1.X!")
+
+        minor_version = int(version[7:])
+        status = int(status)
+        reason = memoryview(reason.strip())
+
+        # Chomp the newline.
+        index += 1
+
+        # Now, parse the headers out.
+        end_index = index
+        headers = []
+
+        while True:
+            end_index = temp_buffer.find(b'\n', index)
+            if end_index == -1:
+                return None
+            elif (end_index - index) <= 1:
+                # Chomp the newline
+                end_index += 1
+                break
+
+            name, value = temp_buffer[index:end_index].split(b':', 1)
+            value = value.strip()
+            headers.append((memoryview(name), memoryview(value)))
+            index = end_index + 1
+
+        resp = Response(status, reason, minor_version, headers, end_index)
+        return resp
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http11/response.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http11/response.py
new file mode 100644
index 00000000000..ee23be08c91
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http11/response.py
@@ -0,0 +1,322 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/http11/response
+~~~~~~~~~~~~~~~~~~~~~
+
+Contains the HTTP/1.1 equivalent of the HTTPResponse object defined in
+httplib/http.client.
+"""
+import logging
+import weakref
+import zlib
+
+from ..common.decoder import DeflateDecoder
+from ..common.exceptions import ChunkedDecodeError, InvalidResponseError
+from ..common.exceptions import ConnectionResetError
+
+log = logging.getLogger(__name__)
+
+
+class HTTP11Response(object):
+    """
+    An ``HTTP11Response`` wraps the HTTP/1.1 response from the server. It
+    provides access to the response headers and the entity body. The response
+    is an iterable object and can be used in a with statement.
+    """
+    def __init__(self, code, reason, headers, sock, connection=None):
+        #: The reason phrase returned by the server.
+        self.reason = reason
+
+        #: The status code returned by the server.
+        self.status = code
+
+        #: The response headers. These are determined upon creation, assigned
+        #: once, and never assigned again.
+        self.headers = headers
+
+        #: The response trailers. These are always intially ``None``.
+        self.trailers = None
+
+        # The socket this response is being sent over.
+        self._sock = sock
+
+        # Whether we expect the connection to be closed. If we do, we don't
+        # bother checking for content-length, we just keep reading until
+        # we no longer can.
+        self._expect_close = False
+        if b'close' in self.headers.get(b'connection', []):
+            self._expect_close = True
+
+        # The expected length of the body.
+        try:
+            self._length = int(self.headers[b'content-length'][0])
+        except KeyError:
+            self._length = None
+
+        # Whether we expect a chunked response.
+        self._chunked = (
+            b'chunked' in self.headers.get(b'transfer-encoding', [])
+        )
+
+        # One of the following must be true: we must expect that the connection
+        # will be closed following the body, or that a content-length was sent,
+        # or that we're getting a chunked response.
+        # FIXME: Remove naked assert, replace with something better.
+        assert self._expect_close or self._length is not None or self._chunked
+
+        # This object is used for decompressing gzipped request bodies. Right
+        # now we only support gzip because that's all the RFC mandates of us.
+        # Later we'll add support for more encodings.
+        # This 16 + MAX_WBITS nonsense is to force gzip. See this
+        # Stack Overflow answer for more:
+        # http://stackoverflow.com/a/2695466/1401686
+        if b'gzip' in self.headers.get(b'content-encoding', []):
+            self._decompressobj = zlib.decompressobj(16 + zlib.MAX_WBITS)
+        elif b'deflate' in self.headers.get(b'content-encoding', []):
+            self._decompressobj = DeflateDecoder()
+        else:
+            self._decompressobj = None
+
+        # This is a reference that allows for the Response class to tell the
+        # parent connection object to throw away its socket object. This is to
+        # be used when the connection is genuinely closed, so that the user
+        # can keep using the Connection object.
+        # Strictly, we take a weakreference to this so that we don't set up a
+        # reference cycle.
+        if connection is not None:
+            self._parent = weakref.ref(connection)
+        else:
+            self._parent = None
+
+        self._buffered_data = b''
+        self._chunker = None
+
+    def read(self, amt=None, decode_content=True):
+        """
+        Reads the response body, or up to the next ``amt`` bytes.
+
+        :param amt: (optional) The amount of data to read. If not provided, all
+            the data will be read from the response.
+        :param decode_content: (optional) If ``True``, will transparently
+            decode the response data.
+        :returns: The read data. Note that if ``decode_content`` is set to
+            ``True``, the actual amount of data returned may be different to
+            the amount requested.
+        """
+        # Return early if we've lost our connection.
+        if self._sock is None:
+            return b''
+
+        if self._chunked:
+            return self._normal_read_chunked(amt, decode_content)
+
+        # If we're asked to do a read without a length, we need to read
+        # everything. That means either the entire content length, or until the
+        # socket is closed, depending.
+        if amt is None:
+            if self._length is not None:
+                amt = self._length
+            elif self._expect_close:
+                return self._read_expect_closed(decode_content)
+            else:  # pragma: no cover
+                raise InvalidResponseError(
+                    "Response must either have length or Connection: close"
+                )
+
+        # Otherwise, we've been asked to do a bounded read. We should read no
+        # more than the remaining length, obviously.
+        # FIXME: Handle cases without _length
+        if self._length is not None:
+            amt = min(amt, self._length)
+
+        # Now, issue reads until we read that length. This is to account for
+        # the fact that it's possible that we'll be asked to read more than
+        # 65kB in one shot.
+        to_read = amt
+        chunks = []
+
+        # Ideally I'd like this to read 'while to_read', but I want to be
+        # defensive against the admittedly unlikely case that the socket
+        # returns *more* data than I want.
+        while to_read > 0:
+            chunk = self._sock.recv(amt).tobytes()
+
+            # If we got an empty read, but were expecting more, the remote end
+            # has hung up. Raise an exception if we were expecting more data,
+            # but if we were expecting the remote end to close then it's ok.
+            if not chunk:
+                if self._length is not None or not self._expect_close:
+                    self.close(socket_close=True)
+                    raise ConnectionResetError("Remote end hung up!")
+
+                break
+
+            to_read -= len(chunk)
+            chunks.append(chunk)
+
+        data = b''.join(chunks)
+        if self._length is not None:
+            self._length -= len(data)
+
+        # If we're at the end of the request, we have some cleaning up to do.
+        # Close the stream, and if necessary flush the buffer. Checking that
+        # we're at the end is actually obscenely complex: either we've read the
+        # full content-length or, if we were expecting a closed connection,
+        # we've had a read shorter than the requested amount. We also have to
+        # do this before we try to decompress the body.
+        end_of_request = (self._length == 0 or
+                          (self._expect_close and len(data) < amt))
+
+        # We may need to decode the body.
+        if decode_content and self._decompressobj and data:
+            data = self._decompressobj.decompress(data)
+
+        if decode_content and self._decompressobj and end_of_request:
+            data += self._decompressobj.flush()
+
+        # We're at the end. Close the connection. Explicit check for zero here
+        # because self._length might be None.
+        if end_of_request:
+            self.close(socket_close=self._expect_close)
+
+        return data
+
+    def read_chunked(self, decode_content=True):
+        """
+        Reads chunked transfer encoded bodies. This method returns a generator:
+        each iteration of which yields one chunk *unless* the chunks are
+        compressed, in which case it yields whatever the decompressor provides
+        for each chunk.
+
+        .. warning:: This may yield the empty string, without that being the
+                     end of the body!
+        """
+        if not self._chunked:
+            raise ChunkedDecodeError(
+                "Attempted chunked read of non-chunked body."
+            )
+
+        # Return early if possible.
+        if self._sock is None:
+            return
+
+        while True:
+            # Read to the newline to get the chunk length. This is a
+            # hexadecimal integer.
+            chunk_length = int(self._sock.readline().tobytes().strip(), 16)
+            data = b''
+
+            # If the chunk length is zero, consume the newline and then we're
+            # done. If we were decompressing data, return the remaining data.
+            if not chunk_length:
+                self._sock.readline()
+
+                if decode_content and self._decompressobj:
+                    yield self._decompressobj.flush()
+
+                self.close(socket_close=self._expect_close)
+                break
+
+            # Then read that many bytes.
+            while chunk_length > 0:
+                chunk = self._sock.recv(chunk_length).tobytes()
+                data += chunk
+                chunk_length -= len(chunk)
+
+            assert chunk_length == 0
+
+            # Now, consume the newline.
+            self._sock.readline()
+
+            # We may need to decode the body.
+            if decode_content and self._decompressobj and data:
+                data = self._decompressobj.decompress(data)
+
+            yield data
+
+        return
+
+    def close(self, socket_close=False):
+        """
+        Close the response. This causes the Response to lose access to the
+        backing socket. In some cases, it can also cause the backing connection
+        to be torn down.
+
+        :param socket_close: Whether to close the backing socket.
+        :returns: Nothing.
+        """
+        if socket_close and self._parent is not None:
+            # The double call is necessary because we need to dereference the
+            # weakref. If the weakref is no longer valid, that's fine, there's
+            # no connection object to tell.
+            parent = self._parent()
+            if parent is not None:
+                parent.close()
+
+        self._sock = None
+
+    def _read_expect_closed(self, decode_content):
+        """
+        Implements the logic for an unbounded read on a socket that we expect
+        to be closed by the remote end.
+        """
+        # In this case, just read until we cannot read anymore. Then, close the
+        # socket, becuase we know we have to.
+        chunks = []
+        while True:
+            try:
+                chunk = self._sock.recv(65535).tobytes()
+                if not chunk:
+                    break
+            except ConnectionResetError:
+                break
+            else:
+                chunks.append(chunk)
+
+        self.close(socket_close=True)
+
+        # We may need to decompress the data.
+        data = b''.join(chunks)
+        if decode_content and self._decompressobj:
+            data = self._decompressobj.decompress(data)
+            data += self._decompressobj.flush()
+
+        return data
+
+    def _normal_read_chunked(self, amt, decode_content):
+        """
+        Implements the logic for calling ``read()`` on a chunked response.
+        """
+        # If we're doing a full read, read it as chunked and then just join
+        # the chunks together!
+        if amt is None:
+            return self._buffered_data + b''.join(self.read_chunked())
+
+        if self._chunker is None:
+            self._chunker = self.read_chunked()
+
+        # Otherwise, we have a certain amount of data we want to read.
+        current_amount = len(self._buffered_data)
+
+        extra_data = [self._buffered_data]
+        while current_amount < amt:
+            try:
+                chunk = next(self._chunker)
+            except StopIteration:
+                self.close(socket_close=self._expect_close)
+                break
+
+            current_amount += len(chunk)
+            extra_data.append(chunk)
+
+        data = b''.join(extra_data)
+        self._buffered_data = data[amt:]
+        return data[:amt]
+
+    # The following methods implement the context manager protocol.
+    def __enter__(self):
+        return self
+
+    def __exit__(self, *args):
+        self.close()
+        return False  # Never swallow exceptions.
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/__init__.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/__init__.py
new file mode 100644
index 00000000000..4a756d2c484
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/__init__.py
@@ -0,0 +1,7 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/http20
+~~~~~~~~~~~~
+
+The HTTP/2 submodule that powers hyper.
+"""
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/connection.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/connection.py
new file mode 100644
index 00000000000..3c3927671f5
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/connection.py
@@ -0,0 +1,850 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/http20/connection
+~~~~~~~~~~~~~~~~~~~~~~~
+
+Objects that build hyper's connection-level HTTP/2 abstraction.
+"""
+from ..h2 import connection as h2Connection
+from ..h2 import events as h2Events
+from ..h2 import settings as h2Settings
+
+from ..compat import ssl
+from ..tls import wrap_socket, H2_NPN_PROTOCOLS, H2C_PROTOCOL
+from ..common.exceptions import ConnectionResetError
+from ..common.bufsocket import BufferedSocket
+from ..common.headers import HTTPHeaderMap
+from ..common.util import to_host_port_tuple, to_native_string, to_bytestring
+from ..compat import unicode, bytes
+from .stream import Stream
+from .response import HTTP20Response, HTTP20Push
+from .window import FlowControlManager
+from .exceptions import ConnectionError, StreamResetError
+from . import errors
+
+import errno
+import logging
+import socket
+import time
+import threading
+
+log = logging.getLogger(__name__)
+
+DEFAULT_WINDOW_SIZE = 65535
+
+TRANSIENT_SSL_ERRORS = (ssl.SSL_ERROR_WANT_READ, ssl.SSL_ERROR_WANT_WRITE)
+
+
+class _LockedObject(object):
+    """
+    A wrapper class that hides a specific object behind a lock.
+
+    The goal here is to provide a simple way to protect access to an object
+    that cannot safely be simultaneously accessed from multiple threads. The
+    intended use of this class is simple: take hold of it with a context
+    manager, which returns the protected object.
+    """
+    def __init__(self, obj):
+        self.lock = threading.RLock()
+        self._obj = obj
+
+    def __enter__(self):
+        self.lock.acquire()
+        return self._obj
+
+    def __exit__(self, _exc_type, _exc_val, _exc_tb):
+        self.lock.release()
+
+
+class HTTP20Connection(object):
+    """
+    An object representing a single HTTP/2 connection to a server.
+
+    This object behaves similarly to the Python standard library's
+    ``HTTPConnection`` object, with a few critical differences.
+
+    Most of the standard library's arguments to the constructor are irrelevant
+    for HTTP/2 or not supported by hyper.
+
+    :param host: The host to connect to. This may be an IP address or a
+        hostname, and optionally may include a port: for example,
+        ``'http2bin.org'``, ``'http2bin.org:443'`` or ``'127.0.0.1'``.
+    :param port: (optional) The port to connect to. If not provided and one
+        also isn't provided in the ``host`` parameter, defaults to 443.
+    :param secure: (optional) Whether the request should use TLS. Defaults to
+        ``False`` for most requests, but to ``True`` for any request issued to
+        port 443.
+    :param window_manager: (optional) The class to use to manage flow control
+        windows. This needs to be a subclass of the
+        :class:`BaseFlowControlManager
+        <hyper.http20.window.BaseFlowControlManager>`. If not provided,
+        :class:`FlowControlManager <hyper.http20.window.FlowControlManager>`
+        will be used.
+    :param enable_push: (optional) Whether the server is allowed to push
+        resources to the client (see
+        :meth:`get_pushes() <hyper.HTTP20Connection.get_pushes>`).
+    :param ssl_context: (optional) A class with custom certificate settings.
+        If not provided then hyper's default ``SSLContext`` is used instead.
+    :param proxy_host: (optional) The proxy to connect to.  This can be an IP
+        address or a host name and may include a port.
+    :param proxy_port: (optional) The proxy port to connect to. If not provided
+        and one also isn't provided in the ``proxy`` parameter, defaults to
+        8080.
+    """
+    def __init__(self, host, port=None, secure=None, window_manager=None,
+                 enable_push=False, ssl_context=None, proxy_host=None,
+                 proxy_port=None, force_proto=None, **kwargs):
+        """
+        Creates an HTTP/2 connection to a specific server.
+        """
+        if port is None:
+            self.host, self.port = to_host_port_tuple(host, default_port=443)
+        else:
+            self.host, self.port = host, port
+
+        if secure is not None:
+            self.secure = secure
+        elif self.port == 443:
+            self.secure = True
+        else:
+            self.secure = False
+
+        self._enable_push = enable_push
+        self.ssl_context = ssl_context
+
+        # Setup proxy details if applicable.
+        if proxy_host:
+            if proxy_port is None:
+                self.proxy_host, self.proxy_port = to_host_port_tuple(
+                    proxy_host, default_port=8080
+                )
+            else:
+                self.proxy_host, self.proxy_port = proxy_host, proxy_port
+        else:
+            self.proxy_host = None
+            self.proxy_port = None
+
+        #: The size of the in-memory buffer used to store data from the
+        #: network. This is used as a performance optimisation. Increase buffer
+        #: size to improve performance: decrease it to conserve memory.
+        #: Defaults to 64kB.
+        self.network_buffer_size = 65536
+
+        self.force_proto = force_proto
+
+        # Concurrency
+        #
+        # Use one lock (_lock) to synchronize any interaction with global
+        # connection state, e.g. stream creation/deletion.
+        #
+        # It's ok to use the same in lock all these cases as they occur at
+        # different/linked points in the connection's lifecycle.
+        #
+        # Use another 2 locks (_write_lock, _read_lock) to synchronize
+        # - _send_cb
+        # - _recv_cb
+        # respectively.
+        #
+        # I.e, send/recieve on the connection and its streams are serialized
+        # separately across the threads accessing the connection.  This is a
+        # simple way of providing thread-safety.
+        #
+        # _write_lock and _read_lock synchronize all interactions between
+        # streams and the connnection.  There is a third I/O callback,
+        # _close_stream, passed to a stream's constructor.  It does not need to
+        # be synchronized, it uses _send_cb internally (which is serialized);
+        # its other activity (safe deletion of the stream from self.streams)
+        # does not require synchronization.
+        #
+        # _read_lock may be acquired when already holding the _write_lock,
+        # when they both held it is always by acquiring _write_lock first.
+        #
+        # Either _read_lock or _write_lock may be acquired whilst holding _lock
+        # which should always be acquired before either of the other two.
+        self._lock = threading.RLock()
+        self._write_lock = threading.RLock()
+        self._read_lock = threading.RLock()
+
+        # Create the mutable state.
+        self.__wm_class = window_manager or FlowControlManager
+        self.__init_state()
+
+        return
+
+    def __init_state(self):
+        """
+        Initializes the 'mutable state' portions of the HTTP/2 connection
+        object.
+
+        This method exists to enable HTTP20Connection objects to be reused if
+        they're closed, by resetting the connection object to its basic state
+        whenever it ends up closed. Any situation that needs to recreate the
+        connection can call this method and it will be done.
+
+        This is one of the only methods in hyper that is truly private, as
+        users should be strongly discouraged from messing about with connection
+        objects themselves.
+        """
+        self._conn = _LockedObject(h2Connection.H2Connection())
+
+        # Streams are stored in a dictionary keyed off their stream IDs. We
+        # also save the most recent one for easy access without having to walk
+        # the dictionary.
+        #
+        # We add a set of all streams that we or the remote party forcefully
+        # closed with RST_STREAM, to avoid encountering issues where frames
+        # were already in flight before the RST was processed.
+        #
+        # Finally, we add a set of streams that recently received data.  When
+        # using multiple threads, this avoids reading on threads that have just
+        # acquired the I/O lock whose streams have already had their data read
+        # for them by prior threads.
+        self.streams = {}
+        self.recent_stream = None
+        self.next_stream_id = 1
+        self.reset_streams = set()
+        self.recent_recv_streams = set()
+
+        # The socket used to send data.
+        self._sock = None
+
+        # Instantiate a window manager.
+        self.window_manager = self.__wm_class(65535)
+
+        return
+
+    def ping(self, opaque_data):
+        """
+        Send a PING frame.
+
+        Concurrency
+        -----------
+
+        This method is thread-safe.
+
+        :param opaque_data: A bytestring of length 8 that will be sent in the
+                            PING frame.
+        :returns: Nothing
+        """
+        self.connect()
+        with self._write_lock:
+            with self._conn as conn:
+                conn.ping(to_bytestring(opaque_data))
+            self._send_outstanding_data()
+
+    def request(self, method, url, body=None, headers=None):
+        """
+        This will send a request to the server using the HTTP request method
+        ``method`` and the selector ``url``. If the ``body`` argument is
+        present, it should be string or bytes object of data to send after the
+        headers are finished. Strings are encoded as UTF-8. To use other
+        encodings, pass a bytes object. The Content-Length header is set to the
+        length of the body field.
+
+        Concurrency
+        -----------
+
+        This method is thread-safe.
+
+        :param method: The request method, e.g. ``'GET'``.
+        :param url: The URL to contact, e.g. ``'/path/segment'``.
+        :param body: (optional) The request body to send. Must be a bytestring
+            or a file-like object.
+        :param headers: (optional) The headers to send on the request.
+        :returns: A stream ID for the request.
+        """
+        headers = headers or {}
+
+        # Concurrency
+        #
+        # It's necessary to hold a lock while this method runs to satisfy H2
+        # protocol requirements.
+        #
+        # - putrequest obtains the next valid new stream_id
+        # - endheaders sends a http2 message using the new stream_id
+        #
+        # If threads interleave these operations, it could result in messages
+        # being sent in the wrong order, which can lead to the out-of-order
+        # messages with lower stream IDs being closed prematurely.
+        with self._write_lock:
+            stream_id = self.putrequest(method, url)
+
+            default_headers = (':method', ':scheme', ':authority', ':path')
+            for name, value in headers.items():
+                is_default = to_native_string(name) in default_headers
+                self.putheader(name, value, stream_id, replace=is_default)
+
+            # Convert the body to bytes if needed.
+            if body and isinstance(body, (unicode, bytes)):
+                body = to_bytestring(body)
+
+            self.endheaders(message_body=body, final=True, stream_id=stream_id)
+
+            return stream_id
+
+    def _get_stream(self, stream_id):
+        if stream_id is None:
+            return self.recent_stream
+        elif stream_id in self.reset_streams or stream_id not in self.streams:
+            raise StreamResetError("Stream forcefully closed")
+        else:
+            return self.streams[stream_id]
+
+    def get_response(self, stream_id=None):
+        """
+        Should be called after a request is sent to get a response from the
+        server. If sending multiple parallel requests, pass the stream ID of
+        the request whose response you want. Returns a
+        :class:`HTTP20Response <hyper.HTTP20Response>` instance.
+        If you pass no ``stream_id``, you will receive the oldest
+        :class:`HTTPResponse <hyper.HTTP20Response>` still outstanding.
+
+        Concurrency
+        -----------
+
+        This method is thread-safe.
+
+        :param stream_id: (optional) The stream ID of the request for which to
+            get a response.
+        :returns: A :class:`HTTP20Response <hyper.HTTP20Response>` object.
+        """
+        stream = self._get_stream(stream_id)
+        return HTTP20Response(stream.getheaders(), stream)
+
+    def get_pushes(self, stream_id=None, capture_all=False):
+        """
+        Returns a generator that yields push promises from the server. **Note
+        that this method is not idempotent**: promises returned in one call
+        will not be returned in subsequent calls. Iterating through generators
+        returned by multiple calls to this method simultaneously results in
+        undefined behavior.
+
+        :param stream_id: (optional) The stream ID of the request for which to
+            get push promises.
+        :param capture_all: (optional) If ``False``, the generator will yield
+            all buffered push promises without blocking. If ``True``, the
+            generator will first yield all buffered push promises, then yield
+            additional ones as they arrive, and terminate when the original
+            stream closes.
+        :returns: A generator of :class:`HTTP20Push <hyper.HTTP20Push>` objects
+            corresponding to the streams pushed by the server.
+        """
+        stream = self._get_stream(stream_id)
+        for promised_stream_id, headers in stream.get_pushes(capture_all):
+            yield HTTP20Push(
+                HTTPHeaderMap(headers), self.streams[promised_stream_id]
+            )
+
+    def connect(self):
+        """
+        Connect to the server specified when the object was created. This is a
+        no-op if we're already connected.
+
+        Concurrency
+        -----------
+
+        This method is thread-safe. It may be called from multiple threads, and
+        is a noop for all threads apart from the first.
+
+        :returns: Nothing.
+
+        """
+        with self._lock:
+            if self._sock is not None:
+                return
+
+            if not self.proxy_host:
+                host = self.host
+                port = self.port
+            else:
+                host = self.proxy_host
+                port = self.proxy_port
+
+            sock = socket.create_connection((host, port))
+
+            if self.secure:
+                assert not self.proxy_host, "Proxy with HTTPS not supported."
+                sock, proto = wrap_socket(sock, host, self.ssl_context,
+                                          force_proto=self.force_proto)
+            else:
+                proto = H2C_PROTOCOL
+
+            log.debug("Selected NPN protocol: %s", proto)
+            assert proto in H2_NPN_PROTOCOLS or proto == H2C_PROTOCOL
+
+            self._sock = BufferedSocket(sock, self.network_buffer_size)
+
+            self._send_preamble()
+
+    def _connect_upgrade(self, sock):
+        """
+        Called by the generic HTTP connection when we're being upgraded. Locks
+        in a new socket and places the backing state machine into an upgrade
+        state, then sends the preamble.
+        """
+        self._sock = sock
+
+        with self._conn as conn:
+            conn.initiate_upgrade_connection()
+            conn.update_settings(
+                {h2Settings.ENABLE_PUSH: int(self._enable_push)}
+            )
+        self._send_outstanding_data()
+
+        # The server will also send an initial settings frame, so get it.
+        # However, we need to make sure our stream state is set up properly
+        # first, or any extra data we receive might cause us problems.
+        s = self._new_stream(local_closed=True)
+        self.recent_stream = s
+
+        self._recv_cb()
+
+    def _send_preamble(self):
+        """
+        Sends the necessary HTTP/2 preamble.
+        """
+        # We need to send the connection header immediately on this
+        # connection, followed by an initial settings frame.
+        with self._conn as conn:
+            conn.initiate_connection()
+            conn.update_settings(
+                {h2Settings.ENABLE_PUSH: int(self._enable_push)}
+            )
+        self._send_outstanding_data()
+
+        # The server will also send an initial settings frame, so get it.
+        self._recv_cb()
+
+    def close(self, error_code=None):
+        """
+        Close the connection to the server.
+
+        Concurrency
+        -----------
+
+        This method is thread-safe.
+
+        :param error_code: (optional) The error code to reset all streams with.
+        :returns: Nothing.
+        """
+        # Concurrency
+        #
+        # It's necessary to hold the lock here to ensure that threads closing
+        # the connection see consistent state, and to prevent creation of
+        # of new streams while the connection is being closed.
+        #
+        # I/O occurs while the lock is held; waiting threads will see a delay.
+        with self._lock:
+            # Close all streams
+            for stream in list(self.streams.values()):
+                log.debug("Close stream %d" % stream.stream_id)
+                stream.close(error_code)
+
+            # Send GoAway frame to the server
+            try:
+                with self._conn as conn:
+                    conn.close_connection(error_code or 0)
+                self._send_outstanding_data(tolerate_peer_gone=True)
+            except Exception as e:  # pragma: no cover
+                log.warn("GoAway frame could not be sent: %s" % e)
+
+            if self._sock is not None:
+                self._sock.close()
+            self.__init_state()
+
+    def _send_outstanding_data(self, tolerate_peer_gone=False,
+                               send_empty=True):
+        # Concurrency
+        #
+        # Hold _write_lock; getting and writing data from _conn is synchronized
+        #
+        # I/O occurs while the lock is held; waiting threads will see a delay.
+        with self._write_lock:
+            with self._conn as conn:
+                data = conn.data_to_send()
+            if data or send_empty:
+                self._send_cb(data, tolerate_peer_gone=tolerate_peer_gone)
+
+    def putrequest(self, method, selector, **kwargs):
+        """
+        This should be the first call for sending a given HTTP request to a
+        server. It returns a stream ID for the given connection that should be
+        passed to all subsequent request building calls.
+
+        Concurrency
+        -----------
+
+        This method is thread-safe. It can be called from multiple threads,
+        and each thread should receive a unique stream ID.
+
+        :param method: The request method, e.g. ``'GET'``.
+        :param selector: The path selector.
+        :returns: A stream ID for the request.
+        """
+        # Create a new stream.
+        s = self._new_stream()
+
+        # To this stream we need to immediately add a few headers that are
+        # HTTP/2 specific. These are: ":method", ":scheme", ":authority" and
+        # ":path". We can set all of these now.
+        s.add_header(":method", method)
+        s.add_header(":scheme", "https" if self.secure else "http")
+        s.add_header(":authority", self.host)
+        s.add_header(":path", selector)
+
+        # Save the stream.
+        self.recent_stream = s
+
+        return s.stream_id
+
+    def putheader(self, header, argument, stream_id=None, replace=False):
+        """
+        Sends an HTTP header to the server, with name ``header`` and value
+        ``argument``.
+
+        Unlike the ``httplib`` version of this function, this version does not
+        actually send anything when called. Instead, it queues the headers up
+        to be sent when you call
+        :meth:`endheaders() <hyper.HTTP20Connection.endheaders>`.
+
+        This method ensures that headers conform to the HTTP/2 specification.
+        In particular, it strips out the ``Connection`` header, as that header
+        is no longer valid in HTTP/2. This is to make it easy to write code
+        that runs correctly in both HTTP/1.1 and HTTP/2.
+
+        :param header: The name of the header.
+        :param argument: The value of the header.
+        :param stream_id: (optional) The stream ID of the request to add the
+            header to.
+        :returns: Nothing.
+        """
+        stream = self._get_stream(stream_id)
+        stream.add_header(header, argument, replace)
+
+        return
+
+    def endheaders(self, message_body=None, final=False, stream_id=None):
+        """
+        Sends the prepared headers to the server. If the ``message_body``
+        argument is provided it will also be sent to the server as the body of
+        the request, and the stream will immediately be closed. If the
+        ``final`` argument is set to True, the stream will also immediately
+        be closed: otherwise, the stream will be left open and subsequent calls
+        to ``send()`` will be required.
+
+        :param message_body: (optional) The body to send. May not be provided
+            assuming that ``send()`` will be called.
+        :param final: (optional) If the ``message_body`` parameter is provided,
+            should be set to ``True`` if no further data will be provided via
+            calls to :meth:`send() <hyper.HTTP20Connection.send>`.
+        :param stream_id: (optional) The stream ID of the request to finish
+            sending the headers on.
+        :returns: Nothing.
+        """
+        self.connect()
+
+        stream = self._get_stream(stream_id)
+
+        headers_only = (message_body is None and final)
+
+        # Concurrency:
+        #
+        # Hold _write_lock: synchronize access to the connection's HPACK
+        # encoder and decoder and the subsquent write to the connection
+        with self._write_lock:
+            stream.send_headers(headers_only)
+
+            # Send whatever data we have.
+            if message_body is not None:
+                stream.send_data(message_body, final)
+
+            self._send_outstanding_data()
+
+        return
+
+    def send(self, data, final=False, stream_id=None):
+        """
+        Sends some data to the server. This data will be sent immediately
+        (excluding the normal HTTP/2 flow control rules). If this is the last
+        data that will be sent as part of this request, the ``final`` argument
+        should be set to ``True``. This will cause the stream to be closed.
+
+        :param data: The data to send.
+        :param final: (optional) Whether this is the last bit of data to be
+            sent on this request.
+        :param stream_id: (optional) The stream ID of the request to send the
+            data on.
+        :returns: Nothing.
+        """
+        stream = self._get_stream(stream_id)
+        stream.send_data(data, final)
+
+        return
+
+    def _new_stream(self, stream_id=None, local_closed=False):
+        """
+        Returns a new stream object for this connection.
+        """
+        # Concurrency
+        #
+        # Hold _lock: ensure that threads accessing the connection see
+        # self.next_stream_id in a consistent state
+        #
+        # No I/O occurs, the delay in waiting threads depends on their number.
+        with self._lock:
+            s = Stream(
+                stream_id or self.next_stream_id,
+                self.__wm_class(DEFAULT_WINDOW_SIZE),
+                self._conn,
+                self._send_outstanding_data,
+                self._recv_cb,
+                self._stream_close_cb,
+            )
+            s.local_closed = local_closed
+            self.streams[s.stream_id] = s
+            self.next_stream_id += 2
+
+            return s
+
+    def _send_cb(self, data, tolerate_peer_gone=False):
+        """
+        This is the callback used by streams to send data on the connection.
+
+        This acts as a dumb wrapper around the socket send method.
+        """
+        # Concurrency
+        #
+        # Hold _write_lock: ensures only writer at a time
+        #
+        # I/O occurs while the lock is held; waiting threads will see a delay.
+        with self._write_lock:
+            try:
+                self._sock.sendall(data)
+            except socket.error as e:
+                if (not tolerate_peer_gone or
+                        e.errno not in (errno.EPIPE, errno.ECONNRESET)):
+                    raise
+
+    def _adjust_receive_window(self, frame_len):
+        """
+        Adjusts the window size in response to receiving a DATA frame of length
+        ``frame_len``. May send a WINDOWUPDATE frame if necessary.
+        """
+        # Concurrency
+        #
+        # Hold _write_lock; synchronize the window manager update and the
+        # subsequent potential write to the connection
+        #
+        # I/O may occur while the lock is held; waiting threads may see a
+        # delay.
+        with self._write_lock:
+            increment = self.window_manager._handle_frame(frame_len)
+
+            if increment:
+                with self._conn as conn:
+                    conn.increment_flow_control_window(increment)
+                self._send_outstanding_data(tolerate_peer_gone=True)
+
+        return
+
+    def _single_read(self):
+        """
+        Performs a single read from the socket and hands the data off to the
+        h2 connection object.
+        """
+        # Begin by reading what we can from the socket.
+        #
+        # Concurrency
+        #
+        # Synchronizes reading the data
+        #
+        # I/O occurs while the lock is held; waiting threads will see a delay.
+        with self._read_lock:
+            if self._sock is None:
+                raise ConnectionError('tried to read after connection close')
+            self._sock.fill()
+            data = self._sock.buffer.tobytes()
+            self._sock.advance_buffer(len(data))
+            with self._conn as conn:
+                events = conn.receive_data(data)
+            stream_ids = set(getattr(e, 'stream_id', -1) for e in events)
+            stream_ids.discard(-1)  # sentinel
+            stream_ids.discard(0)  # connection events
+            self.recent_recv_streams |= stream_ids
+
+        for event in events:
+            if isinstance(event, h2Events.DataReceived):
+                self._adjust_receive_window(event.flow_controlled_length)
+                self.streams[event.stream_id].receive_data(event)
+            elif isinstance(event, h2Events.PushedStreamReceived):
+                if self._enable_push:
+                    self._new_stream(event.pushed_stream_id, local_closed=True)
+                    self.streams[event.parent_stream_id].receive_push(event)
+                else:
+                    # Servers are forbidden from sending push promises when
+                    # the ENABLE_PUSH setting is 0, but the spec leaves the
+                    # client action undefined when they do it anyway. So we
+                    # just refuse the stream and go about our business.
+                    self._send_rst_frame(event.pushed_stream_id, 7)
+            elif isinstance(event, h2Events.ResponseReceived):
+                self.streams[event.stream_id].receive_response(event)
+            elif isinstance(event, h2Events.TrailersReceived):
+                self.streams[event.stream_id].receive_trailers(event)
+            elif isinstance(event, h2Events.StreamEnded):
+                self.streams[event.stream_id].receive_end_stream(event)
+            elif isinstance(event, h2Events.StreamReset):
+                if event.stream_id not in self.reset_streams:
+                    self.reset_streams.add(event.stream_id)
+                    self.streams[event.stream_id].receive_reset(event)
+            elif isinstance(event, h2Events.ConnectionTerminated):
+                # If we get GoAway with error code zero, we are doing a
+                # graceful shutdown and all is well. Otherwise, throw an
+                # exception.
+                self.close()
+
+                # If an error occured, try to read the error description from
+                # code registry otherwise use the frame's additional data.
+                if event.error_code != 0:
+                    try:
+                        name, number, description = errors.get_data(
+                            event.error_code
+                        )
+                    except ValueError:
+                        error_string = (
+                            "Encountered error code %d" % event.error_code
+                        )
+                    else:
+                        error_string = (
+                            "Encountered error %s %s: %s" %
+                            (name, number, description)
+                        )
+
+                    raise ConnectionError(error_string)
+            else:
+                log.info("Received unhandled event %s", event)
+
+        self._send_outstanding_data(tolerate_peer_gone=True, send_empty=False)
+
+    def _recv_cb(self, stream_id=0):
+        """
+        This is the callback used by streams to read data from the connection.
+
+        This stream reads what data it can, and throws it into the underlying
+        connection, before farming out any events that fire to the relevant
+        streams. If the socket remains readable, it will then optimistically
+        continue to attempt to read.
+
+        This is generally called by a stream, not by the connection itself, and
+        it's likely that streams will read a frame that doesn't belong to them.
+
+        :param stream_id: (optional) The stream ID of the stream reading data
+            from the connection.
+
+        """
+        # Begin by reading what we can from the socket.
+        #
+        # Concurrency
+        #
+        # Ignore this read if some other thread has recently read data from
+        # from the requested stream.
+        #
+        # The lock here looks broad, but is needed to ensure correct behavior
+        # when there are multiple readers of the same stream.  It is
+        # re-acquired in the calls to self._single_read.
+        #
+        # I/O occurs while the lock is held; waiting threads will see a delay.
+        with self._read_lock:
+            log.debug('recv for stream %d with %s already present',
+                      stream_id,
+                      self.recent_recv_streams)
+            if stream_id in self.recent_recv_streams:
+                self.recent_recv_streams.discard(stream_id)
+                return
+
+            # make sure to validate the stream is readable.
+            # if the connection was reset, this stream id won't appear in
+            # self.streams and will cause this call to raise an exception.
+            if stream_id:
+                self._get_stream(stream_id)
+
+            # TODO: Re-evaluate this.
+            self._single_read()
+            count = 9
+            retry_wait = 0.05  # can improve responsiveness to delay the retry
+
+            while count and self._sock is not None and self._sock.can_read:
+                # If the connection has been closed, bail out, but retry
+                # on transient errors.
+                try:
+                    self._single_read()
+                except ConnectionResetError:
+                    break
+                except ssl.SSLError as e:  # pragma: no cover
+                    # these are transient errors that can occur while reading
+                    # from ssl connections.
+                    if e.args[0] in TRANSIENT_SSL_ERRORS:
+                        continue
+                    else:
+                        raise
+                except socket.error as e:  # pragma: no cover
+                    if e.errno in (errno.EINTR, errno.EAGAIN):
+                        # if 'interrupted' or 'try again', continue
+                        time.sleep(retry_wait)
+                        continue
+                    elif e.errno == errno.ECONNRESET:
+                        break
+                    else:
+                        raise
+
+                count -= 1
+
+    def _send_rst_frame(self, stream_id, error_code):
+        """
+        Send reset stream frame with error code and remove stream from map.
+        """
+        # Concurrency
+        #
+        # Hold _write_lock; synchronize generating the reset frame and writing
+        # it
+        #
+        # I/O occurs while the lock is held; waiting threads will see a delay.
+        with self._write_lock:
+            with self._conn as conn:
+                conn.reset_stream(stream_id, error_code=error_code)
+            self._send_outstanding_data()
+
+        # Concurrency
+        #
+        # Hold _lock; the stream storage is being updated. No I/O occurs, any
+        # delay is proportional to the number of waiting threads.
+        with self._lock:
+            try:
+                del self.streams[stream_id]
+                self.recent_recv_streams.discard(stream_id)
+            except KeyError as e:  # pragma: no cover
+                log.warn(
+                    "Stream with id %d does not exist: %s",
+                    stream_id, e)
+
+            # Keep track of the fact that we reset this stream in case there
+            # are other frames in flight.
+            self.reset_streams.add(stream_id)
+
+    def _stream_close_cb(self, stream_id):
+        """
+        Called by a stream when it is closing, so that state can be cleared.
+        """
+        try:
+            del self.streams[stream_id]
+            self.recent_recv_streams.discard(stream_id)
+        except KeyError:
+            pass
+
+    # The following two methods are the implementation of the context manager
+    # protocol.
+    def __enter__(self):
+        return self
+
+    def __exit__(self, type, value, tb):
+        self.close()
+        return False  # Never swallow exceptions.
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/errors.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/errors.py
new file mode 100644
index 00000000000..bcad8859596
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/errors.py
@@ -0,0 +1,77 @@
+# -*- coding: utf-8 -*-
+# flake8: noqa
+"""
+hyper/http20/errors
+~~~~~~~~~~~~~~~~~~~
+
+Global error code registry containing the established HTTP/2 error codes.
+The registry is based on a 32-bit space so we use the error code to index into
+the array.
+
+The current registry is available at:
+https://tools.ietf.org/html/rfc7540#section-11.4
+"""
+
+NO_ERROR =            {'Name': 'NO_ERROR',
+                       'Code': '0x0',
+                       'Description': 'Graceful shutdown'}
+PROTOCOL_ERROR =      {'Name': 'PROTOCOL_ERROR',
+                       'Code': '0x1',
+                       'Description': 'Protocol error detected'}
+INTERNAL_ERROR =      {'Name': 'INTERNAL_ERROR',
+                       'Code': '0x2',
+                       'Description': 'Implementation fault'}
+FLOW_CONTROL_ERROR =  {'Name': 'FLOW_CONTROL_ERROR',
+                       'Code': '0x3',
+                       'Description': 'Flow control limits exceeded'}
+SETTINGS_TIMEOUT =    {'Name': 'SETTINGS_TIMEOUT',
+                       'Code': '0x4',
+                       'Description': 'Settings not acknowledged'}
+STREAM_CLOSED =       {'Name': 'STREAM_CLOSED',
+                       'Code': '0x5',
+                       'Description': 'Frame received for closed stream'}
+FRAME_SIZE_ERROR =    {'Name': 'FRAME_SIZE_ERROR',
+                       'Code': '0x6',
+                       'Description': 'Frame size incorrect'}
+REFUSED_STREAM =      {'Name': 'REFUSED_STREAM ',
+                       'Code': '0x7',
+                       'Description': 'Stream not processed'}
+CANCEL =              {'Name': 'CANCEL',
+                       'Code': '0x8',
+                       'Description': 'Stream cancelled'}
+COMPRESSION_ERROR =   {'Name': 'COMPRESSION_ERROR',
+                       'Code': '0x9',
+                       'Description': 'Compression state not updated'}
+CONNECT_ERROR =       {'Name': 'CONNECT_ERROR',
+                       'Code': '0xa',
+                       'Description':
+                       'TCP connection error for CONNECT method'}
+ENHANCE_YOUR_CALM =   {'Name': 'ENHANCE_YOUR_CALM',
+                       'Code': '0xb',
+                       'Description': 'Processing capacity exceeded'}
+INADEQUATE_SECURITY = {'Name': 'INADEQUATE_SECURITY',
+                       'Code': '0xc',
+                       'Description':
+                       'Negotiated TLS parameters not acceptable'}
+HTTP_1_1_REQUIRED =   {'Name': 'HTTP_1_1_REQUIRED',
+                       'Code': '0xd',
+                       'Description': 'Use HTTP/1.1 for the request'}
+
+H2_ERRORS = [NO_ERROR, PROTOCOL_ERROR, INTERNAL_ERROR, FLOW_CONTROL_ERROR,
+             SETTINGS_TIMEOUT, STREAM_CLOSED, FRAME_SIZE_ERROR, REFUSED_STREAM,
+             CANCEL, COMPRESSION_ERROR, CONNECT_ERROR, ENHANCE_YOUR_CALM,
+             INADEQUATE_SECURITY, HTTP_1_1_REQUIRED]
+
+
+def get_data(error_code):
+    """
+    Lookup the error code description, if not available throw a value error
+    """
+    if error_code < 0 or error_code >= len(H2_ERRORS):
+        raise ValueError("Error code is invalid")
+
+    name = H2_ERRORS[error_code]['Name']
+    number = H2_ERRORS[error_code]['Code']
+    description = H2_ERRORS[error_code]['Description']
+
+    return name, number, description
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/exceptions.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/exceptions.py
new file mode 100644
index 00000000000..69e25816fdb
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/exceptions.py
@@ -0,0 +1,50 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/http20/exceptions
+~~~~~~~~~~~~~~~~~~~~~~~
+
+This defines exceptions used in the HTTP/2 portion of hyper.
+"""
+
+
+class HTTP20Error(Exception):
+    """
+    The base class for all of ``hyper``'s HTTP/2-related exceptions.
+    """
+    pass
+
+
+class HPACKEncodingError(HTTP20Error):
+    """
+    An error has been encountered while performing HPACK encoding.
+    """
+    pass
+
+
+class HPACKDecodingError(HTTP20Error):
+    """
+    An error has been encountered while performing HPACK decoding.
+    """
+    pass
+
+
+class ConnectionError(HTTP20Error):
+    """
+    The remote party signalled an error affecting the entire HTTP/2
+    connection, and the connection has been closed.
+    """
+    pass
+
+
+class ProtocolError(HTTP20Error):
+    """
+    The remote party violated the HTTP/2 protocol.
+    """
+    pass
+
+
+class StreamResetError(HTTP20Error):
+    """
+    A stream was forcefully reset by the remote party.
+    """
+    pass
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/response.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/response.py
new file mode 100644
index 00000000000..bb339b2fde3
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/response.py
@@ -0,0 +1,228 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/http20/response
+~~~~~~~~~~~~~~~~~~~~~
+
+Contains the HTTP/2 equivalent of the HTTPResponse object defined in
+httplib/http.client.
+"""
+import logging
+import zlib
+
+from ..common.decoder import DeflateDecoder
+from ..common.headers import HTTPHeaderMap
+
+log = logging.getLogger(__name__)
+
+
+def strip_headers(headers):
+    """
+    Strips the headers attached to the instance of any header beginning
+    with a colon that ``hyper`` doesn't understand. This method logs at
+    warning level about the deleted headers, for discoverability.
+    """
+    # Convert to list to ensure that we don't mutate the headers while
+    # we iterate over them.
+    for name in list(headers.keys()):
+        if name.startswith(b':'):
+            del headers[name]
+
+
+class HTTP20Response(object):
+    """
+    An ``HTTP20Response`` wraps the HTTP/2 response from the server. It
+    provides access to the response headers and the entity body. The response
+    is an iterable object and can be used in a with statement (though due to
+    the persistent connections used in HTTP/2 this has no effect, and is done
+    soley for compatibility).
+    """
+    def __init__(self, headers, stream):
+        #: The reason phrase returned by the server. This is not used in
+        #: HTTP/2, and so is always the empty string.
+        self.reason = ''
+
+        status = headers[b':status'][0]
+        strip_headers(headers)
+
+        #: The status code returned by the server.
+        self.status = int(status)
+
+        #: The response headers. These are determined upon creation, assigned
+        #: once, and never assigned again.
+        self.headers = headers
+
+        # The response trailers. These are always intially ``None``.
+        self._trailers = None
+
+        # The stream this response is being sent over.
+        self._stream = stream
+
+        # We always read in one-data-frame increments from the stream, so we
+        # may need to buffer some for incomplete reads.
+        self._data_buffer = b''
+
+        # This object is used for decompressing gzipped request bodies. Right
+        # now we only support gzip because that's all the RFC mandates of us.
+        # Later we'll add support for more encodings.
+        # This 16 + MAX_WBITS nonsense is to force gzip. See this
+        # Stack Overflow answer for more:
+        # http://stackoverflow.com/a/2695466/1401686
+        if b'gzip' in self.headers.get(b'content-encoding', []):
+            self._decompressobj = zlib.decompressobj(16 + zlib.MAX_WBITS)
+        elif b'deflate' in self.headers.get(b'content-encoding', []):
+            self._decompressobj = DeflateDecoder()
+        else:
+            self._decompressobj = None
+
+    @property
+    def trailers(self):
+        """
+        Trailers on the HTTP message, if any.
+
+        .. warning:: Note that this property requires that the stream is
+                     totally exhausted. This means that, if you have not
+                     completely read from the stream, all stream data will be
+                     read into memory.
+        """
+        if self._trailers is None:
+            self._trailers = self._stream.gettrailers() or HTTPHeaderMap()
+            strip_headers(self._trailers)
+
+        return self._trailers
+
+    def read(self, amt=None, decode_content=True):
+        """
+        Reads the response body, or up to the next ``amt`` bytes.
+
+        :param amt: (optional) The amount of data to read. If not provided, all
+            the data will be read from the response.
+        :param decode_content: (optional) If ``True``, will transparently
+            decode the response data.
+        :returns: The read data. Note that if ``decode_content`` is set to
+            ``True``, the actual amount of data returned may be different to
+            the amount requested.
+        """
+        if amt is not None and amt <= len(self._data_buffer):
+            data = self._data_buffer[:amt]
+            self._data_buffer = self._data_buffer[amt:]
+            response_complete = False
+        elif amt is not None:
+            read_amt = amt - len(self._data_buffer)
+            self._data_buffer += self._stream._read(read_amt)
+            data = self._data_buffer[:amt]
+            self._data_buffer = self._data_buffer[amt:]
+            response_complete = len(data) < amt
+        else:
+            data = b''.join([self._data_buffer, self._stream._read()])
+            response_complete = True
+
+        # We may need to decode the body.
+        if decode_content and self._decompressobj and data:
+            data = self._decompressobj.decompress(data)
+
+        # If we're at the end of the request, we have some cleaning up to do.
+        # Close the stream, and if necessary flush the buffer.
+        if response_complete:
+            if decode_content and self._decompressobj:
+                data += self._decompressobj.flush()
+
+            if self._stream.response_headers:
+                self.headers.merge(self._stream.response_headers)
+
+        # We're at the end, close the connection.
+        if response_complete:
+            self.close()
+
+        return data
+
+    def read_chunked(self, decode_content=True):
+        """
+        Reads chunked transfer encoded bodies. This method returns a generator:
+        each iteration of which yields one data frame *unless* the frames
+        contain compressed data and ``decode_content`` is ``True``, in which
+        case it yields whatever the decompressor provides for each chunk.
+
+        .. warning:: This may yield the empty string, without that being the
+                     end of the body!
+        """
+        while True:
+            data = self._stream._read_one_frame()
+
+            if data is None:
+                break
+
+            if decode_content and self._decompressobj:
+                data = self._decompressobj.decompress(data)
+
+            yield data
+
+        if decode_content and self._decompressobj:
+            yield self._decompressobj.flush()
+
+        self.close()
+
+        return
+
+    def fileno(self):
+        """
+        Return the ``fileno`` of the underlying socket. This function is
+        currently not implemented.
+        """
+        raise NotImplementedError("Not currently implemented.")
+
+    def close(self):
+        """
+        Close the response. In effect this closes the backing HTTP/2 stream.
+
+        :returns: Nothing.
+        """
+        self._stream.close()
+
+    # The following methods implement the context manager protocol.
+    def __enter__(self):
+        return self
+
+    def __exit__(self, *args):
+        self.close()
+        return False  # Never swallow exceptions.
+
+
+class HTTP20Push(object):
+    """
+    Represents a request-response pair sent by the server through the server
+    push mechanism.
+    """
+    def __init__(self, request_headers, stream):
+        #: The scheme of the simulated request
+        self.scheme = request_headers[b':scheme'][0]
+        #: The method of the simulated request (must be safe and cacheable,
+        #: e.g. GET)
+        self.method = request_headers[b':method'][0]
+        #: The authority of the simulated request (usually host:port)
+        self.authority = request_headers[b':authority'][0]
+        #: The path of the simulated request
+        self.path = request_headers[b':path'][0]
+
+        strip_headers(request_headers)
+
+        #: The headers the server attached to the simulated request.
+        self.request_headers = request_headers
+
+        self._stream = stream
+
+    def get_response(self):
+        """
+        Get the pushed response provided by the server.
+
+        :returns: A :class:`HTTP20Response <hyper.HTTP20Response>` object
+            representing the pushed response.
+        """
+        return HTTP20Response(self._stream.getheaders(), self._stream)
+
+    def cancel(self):
+        """
+        Cancel the pushed response and close the stream.
+
+        :returns: Nothing.
+        """
+        self._stream.close(8)  # CANCEL
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/stream.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/stream.py
new file mode 100644
index 00000000000..f4d9247ed66
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/stream.py
@@ -0,0 +1,341 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/http20/stream
+~~~~~~~~~~~~~~~~~~~
+
+Objects that make up the stream-level abstraction of hyper's HTTP/2 support.
+
+These objects are not expected to be part of the public HTTP/2 API: they're
+intended purely for use inside hyper's HTTP/2 abstraction.
+
+Conceptually, a single HTTP/2 connection is made up of many streams: each
+stream is an independent, bi-directional sequence of HTTP headers and data.
+Each stream is identified by a monotonically increasing integer, assigned to
+the stream by the endpoint that initiated the stream.
+"""
+from ..h2 import exceptions as h2Exceptions
+
+from ..common.headers import HTTPHeaderMap
+from .util import h2_safe_headers
+import logging
+
+log = logging.getLogger(__name__)
+
+# Define the largest chunk of data we'll send in one go. Realistically, we
+# should take the MSS into account but that's pretty dull, so let's just say
+# 1kB and call it a day.
+MAX_CHUNK = 1024
+
+
+class Stream(object):
+    """
+    A single HTTP/2 stream.
+
+    A stream is an independent, bi-directional sequence of HTTP headers and
+    data. Each stream is identified by a single integer. From a HTTP
+    perspective, a stream _approximately_ matches a single request-response
+    pair.
+    """
+    def __init__(self,
+                 stream_id,
+                 window_manager,
+                 connection,
+                 send_outstanding_data,
+                 recv_cb,
+                 close_cb):
+        self.stream_id = stream_id
+        self.headers = HTTPHeaderMap()
+
+        # Set to a key-value set of the response headers once their
+        # HEADERS..CONTINUATION frame sequence finishes.
+        self.response_headers = None
+
+        # Set to a key-value set of the response trailers once their
+        # HEADERS..CONTINUATION frame sequence finishes.
+        self.response_trailers = None
+
+        # A dict mapping the promised stream ID of a pushed resource to a
+        # key-value set of its request headers. Entries are added once their
+        # PUSH_PROMISE..CONTINUATION frame sequence finishes.
+        self.promised_headers = {}
+
+        # Unconsumed response data chunks. Empties after every call to _read().
+        self.data = []
+
+        # Whether the remote side has completed the stream.
+        self.remote_closed = False
+
+        # Whether we have closed the stream.
+        self.local_closed = False
+
+        # There are two flow control windows: one for data we're sending,
+        # one for data being sent to us.
+        self._in_window_manager = window_manager
+
+        # Save off a reference to the state machine wrapped with lock.
+        self._conn = connection
+
+        # Save off a data callback.
+        self._send_outstanding_data = send_outstanding_data
+        self._recv_cb = recv_cb
+        self._close_cb = close_cb
+
+    def add_header(self, name, value, replace=False):
+        """
+        Adds a single HTTP header to the headers to be sent on the request.
+        """
+        if not replace:
+            self.headers[name] = value
+        else:
+            self.headers.replace(name, value)
+
+    def send_headers(self, end_stream=False):
+        """
+        Sends the complete saved header block on the stream.
+        """
+        headers = self.get_headers()
+        with self._conn as conn:
+            conn.send_headers(self.stream_id, headers, end_stream)
+        self._send_outstanding_data()
+
+        if end_stream:
+            self.local_closed = True
+
+    def send_data(self, data, final):
+        """
+        Send some data on the stream. If this is the end of the data to be
+        sent, the ``final`` flag _must_ be set to True. If no data is to be
+        sent, set ``data`` to ``None``.
+        """
+        # Define a utility iterator for file objects.
+        def file_iterator(fobj):
+            while True:
+                data = fobj.read(MAX_CHUNK)
+                yield data
+                if len(data) < MAX_CHUNK:
+                    break
+
+        # Build the appropriate iterator for the data, in chunks of CHUNK_SIZE.
+        if hasattr(data, 'read'):
+            chunks = file_iterator(data)
+        else:
+            chunks = (data[i:i+MAX_CHUNK]
+                      for i in range(0, len(data), MAX_CHUNK))
+
+        for chunk in chunks:
+            self._send_chunk(chunk, final)
+
+    def _read(self, amt=None):
+        """
+        Read data from the stream. Unlike a normal read behaviour, this
+        function returns _at least_ ``amt`` data, but may return more.
+        """
+        def listlen(list):
+            return sum(map(len, list))
+
+        # Keep reading until the stream is closed or we get enough data.
+        while (not self.remote_closed and
+                (amt is None or listlen(self.data) < amt)):
+            self._recv_cb(stream_id=self.stream_id)
+
+        result = b''.join(self.data)
+        self.data = []
+        return result
+
+    def _read_one_frame(self):
+        """
+        Reads a single data frame from the stream and returns it.
+        """
+        # Keep reading until the stream is closed or we have a data frame.
+        while not self.remote_closed and not self.data:
+            self._recv_cb(stream_id=self.stream_id)
+
+        try:
+            return self.data.pop(0)
+        except IndexError:
+            return None
+
+    def receive_response(self, event):
+        """
+        Receive response headers.
+        """
+        # TODO: If this is called while we're still sending data, we may want
+        # to stop sending that data and check the response. Early responses to
+        # big uploads are almost always a problem.
+        self.response_headers = HTTPHeaderMap(event.headers)
+
+    def receive_trailers(self, event):
+        """
+        Receive response trailers.
+        """
+        self.response_trailers = HTTPHeaderMap(event.headers)
+
+    def receive_push(self, event):
+        """
+        Receive the request headers for a pushed stream.
+        """
+        self.promised_headers[event.pushed_stream_id] = event.headers
+
+    def receive_data(self, event):
+        """
+        Receive a chunk of data.
+        """
+        size = event.flow_controlled_length
+        increment = self._in_window_manager._handle_frame(size)
+
+        # Append the data to the buffer.
+        self.data.append(event.data)
+
+        if increment:
+            try:
+                with self._conn as conn:
+                    conn.increment_flow_control_window(
+                        increment, stream_id=self.stream_id
+                    )
+            except h2Exceptions.StreamClosedError:
+                # We haven't got to it yet, but the stream is already
+                # closed. We don't need to increment the window in this
+                # case!
+                pass
+            else:
+                self._send_outstanding_data()
+
+    def receive_end_stream(self, event):
+        """
+        All of the data is returned now.
+        """
+        self.remote_closed = True
+
+    def receive_reset(self, event):
+        """
+        Stream forcefully reset.
+        """
+        self.remote_closed = True
+        self._close_cb(self.stream_id)
+
+    def get_headers(self):
+        """
+        Provides the headers to the connection object.
+        """
+        # Strip any headers invalid in H2.
+        return h2_safe_headers(self.headers)
+
+    def getheaders(self):
+        """
+        Once all data has been sent on this connection, returns a key-value set
+        of the headers of the response to the original request.
+        """
+        # Keep reading until all headers are received.
+        while self.response_headers is None:
+            self._recv_cb(stream_id=self.stream_id)
+
+        # Find the Content-Length header if present.
+        self._in_window_manager.document_size = (
+            int(self.response_headers.get(b'content-length', [0])[0])
+        )
+
+        return self.response_headers
+
+    def gettrailers(self):
+        """
+        Once all data has been sent on this connection, returns a key-value set
+        of the trailers of the response to the original request.
+
+        .. warning:: Note that this method requires that the stream is
+                     totally exhausted. This means that, if you have not
+                     completely read from the stream, all stream data will be
+                     read into memory.
+
+        :returns: The key-value set of the trailers, or ``None`` if no trailers
+                  were sent.
+        """
+        # Keep reading until the stream is done.
+        while not self.remote_closed:
+            self._recv_cb(stream_id=self.stream_id)
+
+        return self.response_trailers
+
+    def get_pushes(self, capture_all=False):
+        """
+        Returns a generator that yields push promises from the server. Note
+        that this method is not idempotent; promises returned in one call will
+        not be returned in subsequent calls. Iterating through generators
+        returned by multiple calls to this method simultaneously results in
+        undefined behavior.
+
+        :param capture_all: If ``False``, the generator will yield all buffered
+            push promises without blocking. If ``True``, the generator will
+            first yield all buffered push promises, then yield additional ones
+            as they arrive, and terminate when the original stream closes.
+        """
+        while True:
+            for pair in self.promised_headers.items():
+                yield pair
+            self.promised_headers = {}
+            if not capture_all or self.remote_closed:
+                break
+            self._recv_cb(stream_id=self.stream_id)
+
+    def close(self, error_code=None):
+        """
+        Closes the stream. If the stream is currently open, attempts to close
+        it as gracefully as possible.
+
+        :param error_code: (optional) The error code to reset the stream with.
+        :returns: Nothing.
+        """
+        # FIXME: I think this is overbroad, but for now it's probably ok.
+        if not (self.remote_closed and self.local_closed):
+            try:
+                with self._conn as conn:
+                    conn.reset_stream(self.stream_id, error_code or 0)
+            except h2Exceptions.ProtocolError:
+                # If for any reason we can't reset the stream, just
+                # tolerate it.
+                pass
+            else:
+                self._send_outstanding_data(tolerate_peer_gone=True)
+            self.remote_closed = True
+            self.local_closed = True
+
+        self._close_cb(self.stream_id)
+
+    @property
+    def _out_flow_control_window(self):
+        """
+        The size of our outbound flow control window.
+        """
+
+        with self._conn as conn:
+            return conn.local_flow_control_window(self.stream_id)
+
+    def _send_chunk(self, data, final):
+        """
+        Implements most of the sending logic.
+
+        Takes a single chunk of size at most MAX_CHUNK, wraps it in a frame and
+        sends it. Optionally sets the END_STREAM flag if this is the last chunk
+        (determined by being of size less than MAX_CHUNK) and no more data is
+        to be sent.
+        """
+        # If we don't fit in the connection window, try popping frames off the
+        # connection in hope that one might be a window update frame.
+        while len(data) > self._out_flow_control_window:
+            self._recv_cb()
+
+        # If the length of the data is less than MAX_CHUNK, we're probably
+        # at the end of the file. If this is the end of the data, mark it
+        # as END_STREAM.
+        end_stream = False
+        if len(data) < MAX_CHUNK and final:
+            end_stream = True
+
+        # Send the frame and decrement the flow control window.
+        with self._conn as conn:
+            conn.send_data(
+                stream_id=self.stream_id, data=data, end_stream=end_stream
+            )
+        self._send_outstanding_data()
+
+        if end_stream:
+            self.local_closed = True
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/util.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/util.py
new file mode 100644
index 00000000000..b116d095e7f
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/util.py
@@ -0,0 +1,60 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/http20/util
+~~~~~~~~~~~~~~~~~
+
+Utility functions for use with hyper.
+"""
+from collections import defaultdict
+
+
+def combine_repeated_headers(kvset):
+    """
+    Given a list of key-value pairs (like for HTTP headers!), combines pairs
+    with the same key together, separating the values with NULL bytes. This
+    function maintains the order of input keys, because it's awesome.
+    """
+    def set_pop(set, item):
+        set.remove(item)
+        return item
+
+    headers = defaultdict(list)
+    keys = set()
+
+    for key, value in kvset:
+        headers[key].append(value)
+        keys.add(key)
+
+    return [(set_pop(keys, k), b'\x00'.join(headers[k])) for k, v in kvset
+            if k in keys]
+
+
+def split_repeated_headers(kvset):
+    """
+    Given a set of key-value pairs (like for HTTP headers!), finds values that
+    have NULL bytes in them and splits them into a dictionary whose values are
+    lists.
+    """
+    headers = defaultdict(list)
+
+    for key, value in kvset:
+        headers[key] = value.split(b'\x00')
+
+    return dict(headers)
+
+
+def h2_safe_headers(headers):
+    """
+    This method takes a set of headers that are provided by the user and
+    transforms them into a form that is safe for emitting over HTTP/2.
+
+    Currently, this strips the Connection header and any header it refers to.
+    """
+    stripped = {
+        i.lower().strip()
+        for k, v in headers if k == 'connection'
+        for i in v.split(',')
+    }
+    stripped.add('connection')
+
+    return [header for header in headers if header[0] not in stripped]
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/window.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/window.py
new file mode 100644
index 00000000000..a4e13c3c150
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/http20/window.py
@@ -0,0 +1,154 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/http20/window
+~~~~~~~~~~~~~~~~~~~
+
+Objects that understand flow control in hyper.
+
+HTTP/2 implements connection- and stream-level flow control. This flow
+control is mandatory. Unfortunately, it's difficult for hyper to be
+all that intelligent about how it manages flow control in a general case.
+
+This module defines an interface for pluggable flow-control managers. These
+managers will define a flow-control policy. This policy will determine when to
+send WINDOWUPDATE frames.
+"""
+
+
+class BaseFlowControlManager(object):
+    """
+    The abstract base class for flow control managers.
+
+    This class defines the interface for pluggable flow-control managers. A
+    flow-control manager defines a flow-control policy, which basically boils
+    down to deciding when to increase the flow control window.
+
+    This decision can be based on a number of factors:
+
+    - the initial window size,
+    - the size of the document being retrieved,
+    - the size of the received data frames,
+    - any other information the manager can obtain
+
+    A flow-control manager may be defined at the connection level or at the
+    stream level. If no stream-level flow-control manager is defined, an
+    instance of the connection-level flow control manager is used.
+
+    A class that inherits from this one must not adjust the member variables
+    defined in this class. They are updated and set by methods on this class.
+    """
+    def __init__(self, initial_window_size, document_size=None):
+        #: The initial size of the connection window in bytes. This is set at
+        #: creation time.
+        self.initial_window_size = initial_window_size
+
+        #: The current size of the connection window. Any methods overridden
+        #: by the user must not adjust this value.
+        self.window_size = initial_window_size
+
+        #: The size of the document being retrieved, in bytes. This is
+        #: retrieved from the Content-Length header, if provided. Note that
+        #: the total number of bytes that will be received may be larger than
+        #: this value due to HTTP/2 padding. It should not be assumed that
+        #: simply because the the document size is smaller than the initial
+        #: window size that there will never be a need to increase the window
+        #: size.
+        self.document_size = document_size
+
+    def increase_window_size(self, frame_size):
+        """
+        Determine whether or not to emit a WINDOWUPDATE frame.
+
+        This method should be overridden to determine, based on the state of
+        the system and the size of the received frame, whether or not a
+        WindowUpdate frame should be sent for the stream.
+
+        This method should *not* adjust any of the member variables of this
+        class.
+
+        Note that this method is called before the window size is decremented
+        as a result of the frame being handled.
+
+        :param frame_size: The size of the received frame. Note that this *may*
+          be zero. When this parameter is zero, it's possible that a
+          WINDOWUPDATE frame may want to be emitted anyway. A zero-length frame
+          size is usually associated with a change in the size of the receive
+          window due to a SETTINGS frame.
+        :returns: The amount to increase the receive window by. Return zero if
+          the window should not be increased.
+        """
+        raise NotImplementedError(
+            "FlowControlManager is an abstract base class"
+        )
+
+    def blocked(self):
+        """
+        Called whenever the remote endpoint reports that it is blocked behind
+        the flow control window.
+
+        When this method is called the remote endpoint is signaling that it
+        has more data to send and that the transport layer is capable of
+        transmitting it, but that the HTTP/2 flow control window prevents it
+        being sent.
+
+        This method should return the size by which the window should be
+        incremented, which may be zero. This method should *not* adjust any
+        of the member variables of this class.
+
+        :returns: The amount to increase the receive window by. Return zero if
+          the window should not be increased.
+        """
+        # TODO: Is this method necessary?
+        raise NotImplementedError(
+            "FlowControlManager is an abstract base class"
+        )
+
+    def _handle_frame(self, frame_size):
+        """
+        This internal method is called by the connection or stream that owns
+        the flow control manager. It handles the generic behaviour of flow
+        control managers: namely, keeping track of the window size.
+        """
+        rc = self.increase_window_size(frame_size)
+        self.window_size -= frame_size
+        self.window_size += rc
+        return rc
+
+    def _blocked(self):
+        """
+        This internal method is called by the connection or stream that owns
+        the flow control manager. It handles the generic behaviour of receiving
+        BLOCKED frames.
+        """
+        rc = self.blocked()
+        self.window_size += rc
+        return rc
+
+
+class FlowControlManager(BaseFlowControlManager):
+    """
+    ``hyper``'s default flow control manager.
+
+    This implements hyper's flow control algorithms. This algorithm attempts to
+    reduce the number of WINDOWUPDATE frames we send without blocking the
+    remote endpoint behind the flow control window.
+
+    This algorithm will become more complicated over time. In the current form,
+    the algorithm is very simple:
+
+    - When the flow control window gets less than 1/4 of the maximum size,
+      increment back to the maximum.
+    - Otherwise, if the flow control window gets to less than 1kB, increment
+      back to the maximum.
+    """
+    def increase_window_size(self, frame_size):
+        future_window_size = self.window_size - frame_size
+
+        if ((future_window_size < (self.initial_window_size / 4)) or
+                (future_window_size < 1000)):
+            return self.initial_window_size - future_window_size
+
+        return 0
+
+    def blocked(self):
+        return self.initial_window_size - self.window_size
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/httplib_compat.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/httplib_compat.py
new file mode 100644
index 00000000000..deb07cf6560
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/httplib_compat.py
@@ -0,0 +1,116 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/httplib_compat
+~~~~~~~~~~~~~~~~~~~~
+
+This file defines the publicly-accessible API for hyper. This API also
+constitutes the abstraction layer between HTTP/1.1 and HTTP/2.
+
+This API doesn't currently work, and is a lower priority than the HTTP/2
+stack at this time.
+"""
+import socket
+try:
+    import http.client as httplib
+except ImportError:
+    import httplib
+
+from .compat import ssl
+from .http20.tls import wrap_socket
+
+# If there's no NPN support, we're going to drop all support for HTTP/2.
+try:
+    support_20 = ssl.HAS_NPN
+except AttributeError:
+    support_20 = False
+
+# The HTTPConnection object is currently always the underlying one.
+HTTPConnection = httplib.HTTPConnection
+HTTPSConnection = httplib.HTTPSConnection
+
+# If we have NPN support, define our custom one, otherwise just use the
+# default.
+if support_20:
+    class HTTPSConnection(object):
+        """
+        An object representing a single HTTPS connection, whether HTTP/1.1 or
+        HTTP/2.
+
+        More specifically, this object represents an abstraction over the
+        distinction. This object encapsulates a connection object for one of
+        the specific types of connection, and delegates most of the work to
+        that object.
+        """
+        def __init__(self, *args, **kwargs):
+            # Whatever arguments and keyword arguments are passed to this
+            # object need to be saved off for when we initialise one of our
+            # subsidiary objects.
+            self._original_args = args
+            self._original_kwargs = kwargs
+
+            # Set up some variables we're going to use later.
+            self._sock = None
+            self._conn = None
+
+            # Prepare our backlog of method calls.
+            self._call_queue = []
+
+        def __getattr__(self, name):
+            # Anything that can't be found on this instance is presumably a
+            # property of underlying connection object.
+            # We need to be a little bit careful here. There are a few methods
+            # that can act on a HTTPSConnection before it actually connects to
+            # the remote server. We don't want to change the semantics of the,
+            # HTTPSConnection so we need to spot these and queue them up. When
+            # we actually create the backing Connection, we'll apply them
+            # immediately. These methods can't throw exceptions, so we should
+            # be fine.
+            delay_methods = ["set_tunnel", "set_debuglevel"]
+
+            if self._conn is None and name in delay_methods:
+                # Return a little closure that saves off the method call to
+                # apply later.
+                def capture(obj, *args, **kwargs):
+                    self._call_queue.append((name, args, kwargs))
+                return capture
+            elif self._conn is None:
+                # We're being told to do something! We can now connect to the
+                # remote server and build the connection object.
+                self._delayed_connect()
+
+            # Call through to the underlying object.
+            return getattr(self._conn, name)
+
+        def _delayed_connect(self):
+            """
+            Called when we need to work out what kind of HTTPS connection we're
+            actually going to use.
+            """
+            # Because we're ghetto, we're going to quickly create a
+            # HTTPConnection object to parse the args and kwargs for us, and
+            # grab the values out.
+            tempconn = httplib.HTTPConnection(*self._original_args,
+                                              **self._original_kwargs)
+            host = tempconn.host
+            port = tempconn.port
+            timeout = tempconn.timeout
+            source_address = tempconn.source_address
+
+            # Connect to the remote server.
+            sock = socket.create_connection(
+                (host, port),
+                timeout,
+                source_address
+            )
+
+            # Wrap it in TLS. This needs to be looked at in future when I pull
+            # in the TLS verification logic from urllib3, but right now we
+            # accept insecurity because no-one's using this anyway.
+            sock = wrap_socket(sock, host)
+
+            # At this early stage the library can't do HTTP/2, so who cares?
+            tempconn.sock = sock
+            self._sock = sock
+            self._conn = tempconn
+
+            return
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/__init__.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/__init__.py
new file mode 100644
index 00000000000..4cf1e653149
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/__init__.py
@@ -0,0 +1,7 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/packages
+~~~~~~~~~~~~~~
+
+This module contains external packages that are vendored into hyper.
+"""
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/__init__.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/__init__.py
new file mode 100644
index 00000000000..98b2e0f95ae
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/__init__.py
@@ -0,0 +1,8 @@
+# -*- coding: utf-8 -*-
+"""
+hpack
+~~~~~
+
+HTTP/2 header encoding for Python.
+"""
+__version__ = '1.0.1'
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/compat.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/compat.py
new file mode 100644
index 00000000000..03a0768e46a
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/compat.py
@@ -0,0 +1,33 @@
+# -*- coding: utf-8 -*-
+"""
+hpack/compat
+~~~~~~~~~~~~
+
+Normalizes the Python 2/3 API for internal use.
+"""
+import sys
+
+
+_ver = sys.version_info
+is_py2 = _ver[0] == 2
+is_py3 = _ver[0] == 3
+
+if is_py2:
+    def to_byte(char):
+        return ord(char)
+
+    def decode_hex(b):
+        return b.decode('hex')
+
+    unicode = unicode
+    bytes = str
+
+elif is_py3:
+    def to_byte(char):
+        return char
+
+    def decode_hex(b):
+        return bytes.fromhex(b)
+
+    unicode = str
+    bytes = bytes
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/exceptions.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/exceptions.py
new file mode 100644
index 00000000000..0dbc4d9f1dd
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/exceptions.py
@@ -0,0 +1,42 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/http20/exceptions
+~~~~~~~~~~~~~~~~~~~~~~~
+
+This defines exceptions used in the HTTP/2 portion of hyper.
+"""
+
+class HTTP20Error(Exception):
+    """
+    The base class for all of ``hyper``'s HTTP/2-related exceptions.
+    """
+    pass
+
+
+class HPACKEncodingError(HTTP20Error):
+    """
+    An error has been encountered while performing HPACK encoding.
+    """
+    pass
+
+
+class HPACKDecodingError(HTTP20Error):
+    """
+    An error has been encountered while performing HPACK decoding.
+    """
+    pass
+
+
+class ConnectionError(HTTP20Error):
+    """
+    The remote party signalled an error affecting the entire HTTP/2
+    connection, and the connection has been closed.
+    """
+    pass
+
+
+class ProtocolError(HTTP20Error):
+    """
+    The remote party violated the HTTP/2 protocol.
+    """
+    pass
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/hpack.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/hpack.py
new file mode 100644
index 00000000000..c3c5663e42f
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/hpack.py
@@ -0,0 +1,662 @@
+# -*- coding: utf-8 -*-
+"""
+hpack/hpack
+~~~~~~~~~~~
+
+Implements the HPACK header compression algorithm as detailed by the IETF.
+"""
+import collections
+import logging
+
+from .compat import to_byte
+from .huffman import HuffmanDecoder, HuffmanEncoder
+from .huffman_constants import (
+    REQUEST_CODES, REQUEST_CODES_LENGTH
+)
+
+log = logging.getLogger(__name__)
+
+
+def encode_integer(integer, prefix_bits):
+    """
+    This encodes an integer according to the wacky integer encoding rules
+    defined in the HPACK spec.
+    """
+    log.debug("Encoding %d with %d bits", integer, prefix_bits)
+
+    max_number = (2 ** prefix_bits) - 1
+
+    if (integer < max_number):
+        return bytearray([integer])  # Seriously?
+    else:
+        elements = [max_number]
+        integer = integer - max_number
+
+        while integer >= 128:
+            elements.append((integer % 128) + 128)
+            integer = integer // 128  # We need integer division
+
+        elements.append(integer)
+
+        return bytearray(elements)
+
+
+def decode_integer(data, prefix_bits):
+    """
+    This decodes an integer according to the wacky integer encoding rules
+    defined in the HPACK spec. Returns a tuple of the decoded integer and the
+    number of bytes that were consumed from ``data`` in order to get that
+    integer.
+    """
+    multiple = lambda index: 128 ** (index - 1)
+    max_number = (2 ** prefix_bits) - 1
+    mask = 0xFF >> (8 - prefix_bits)
+    index = 0
+
+    number = to_byte(data[index]) & mask
+
+    if (number == max_number):
+
+        while True:
+            index += 1
+            next_byte = to_byte(data[index])
+
+            if next_byte >= 128:
+                number += (next_byte - 128) * multiple(index)
+            else:
+                number += next_byte * multiple(index)
+                break
+
+    log.debug("Decoded %d, consumed %d bytes", number, index + 1)
+
+    return (number, index + 1)
+
+
+def _to_bytes(string):
+    """
+    Convert string to bytes.
+    """
+    if not isinstance(string, (str, bytes)):  # pragma: no cover
+        string = str(string)
+
+    return string if isinstance(string, bytes) else string.encode('utf-8')
+
+
+def header_table_size(table):
+    """
+    Calculates the 'size' of the header table as defined by the HTTP/2
+    specification.
+    """
+    # It's phenomenally frustrating that the specification feels it is able to
+    # tell me how large the header table is, considering that its calculations
+    # assume a very particular layout that most implementations will not have.
+    # I appreciate it's an attempt to prevent DoS attacks by sending lots of
+    # large headers in the header table, but it seems like a better approach
+    # would be to limit the size of headers. Ah well.
+    return sum(32 + len(name) + len(value) for name, value in table)
+
+
+class Encoder(object):
+    """
+    An HPACK encoder object. This object takes HTTP headers and emits encoded
+    HTTP/2 header blocks.
+    """
+    # This is the static table of header fields.
+    static_table = [
+        (b':authority', b''),
+        (b':method', b'GET'),
+        (b':method', b'POST'),
+        (b':path', b'/'),
+        (b':path', b'/index.html'),
+        (b':scheme', b'http'),
+        (b':scheme', b'https'),
+        (b':status', b'200'),
+        (b':status', b'204'),
+        (b':status', b'206'),
+        (b':status', b'304'),
+        (b':status', b'400'),
+        (b':status', b'404'),
+        (b':status', b'500'),
+        (b'accept-charset', b''),
+        (b'accept-encoding', b'gzip, deflate'),
+        (b'accept-language', b''),
+        (b'accept-ranges', b''),
+        (b'accept', b''),
+        (b'access-control-allow-origin', b''),
+        (b'age', b''),
+        (b'allow', b''),
+        (b'authorization', b''),
+        (b'cache-control', b''),
+        (b'content-disposition', b''),
+        (b'content-encoding', b''),
+        (b'content-language', b''),
+        (b'content-length', b''),
+        (b'content-location', b''),
+        (b'content-range', b''),
+        (b'content-type', b''),
+        (b'cookie', b''),
+        (b'date', b''),
+        (b'etag', b''),
+        (b'expect', b''),
+        (b'expires', b''),
+        (b'from', b''),
+        (b'host', b''),
+        (b'if-match', b''),
+        (b'if-modified-since', b''),
+        (b'if-none-match', b''),
+        (b'if-range', b''),
+        (b'if-unmodified-since', b''),
+        (b'last-modified', b''),
+        (b'link', b''),
+        (b'location', b''),
+        (b'max-forwards', b''),
+        (b'proxy-authenticate', b''),
+        (b'proxy-authorization', b''),
+        (b'range', b''),
+        (b'referer', b''),
+        (b'refresh', b''),
+        (b'retry-after', b''),
+        (b'server', b''),
+        (b'set-cookie', b''),
+        (b'strict-transport-security', b''),
+        (b'transfer-encoding', b''),
+        (b'user-agent', b''),
+        (b'vary', b''),
+        (b'via', b''),
+        (b'www-authenticate', b''),
+    ]
+
+    def __init__(self):
+        self.header_table = collections.deque()
+        self._header_table_size = 4096  # This value set by the standard.
+        self.huffman_coder = HuffmanEncoder(
+            REQUEST_CODES, REQUEST_CODES_LENGTH
+        )
+
+        # We need to keep track of whether the header table size has been
+        # changed since we last encoded anything. If it has, we need to signal
+        # that change in the HPACK block.
+        self._table_size_changed = False
+
+    @property
+    def header_table_size(self):
+        return self._header_table_size
+
+    @header_table_size.setter
+    def header_table_size(self, value):
+        log.debug(
+            "Setting header table size to %d from %d",
+            value,
+            self._header_table_size
+        )
+
+        # If the new value is larger than the current one, no worries!
+        # Otherwise, we may need to shrink the header table.
+        if value < self._header_table_size:
+            current_size = header_table_size(self.header_table)
+
+            while value < current_size:
+                header = self.header_table.pop()
+                n, v = header
+                current_size -= (
+                    32 + len(n) + len(v)
+                )
+
+                log.debug(
+                    "Removed %s: %s from the encoder header table", n, v
+                )
+
+        if value != self._header_table_size:
+            self._table_size_changed = True
+
+        self._header_table_size = value
+
+    def encode(self, headers, huffman=True):
+        """
+        Takes a set of headers and encodes them into a HPACK-encoded header
+        block.
+
+        Transforming the headers into a header block is a procedure that can
+        be modeled as a chain or pipe. First, the headers are encoded. This
+        encoding can be done a number of ways. If the header name-value pair
+        are already in the header table we can represent them using the indexed
+        representation: the same is true if they are in the static table.
+        Otherwise, a literal representation will be used.
+        """
+        log.debug("HPACK encoding %s", headers)
+        header_block = []
+
+        # Turn the headers into a list of tuples if possible. This is the
+        # natural way to interact with them in HPACK.
+        if isinstance(headers, dict):
+            headers = headers.items()
+
+        # Next, walk across the headers and turn them all into bytestrings.
+        headers = [(_to_bytes(n), _to_bytes(v)) for n, v in headers]
+
+        # Before we begin, if the header table size has been changed we need
+        # to signal that appropriately.
+        if self._table_size_changed:
+            header_block.append(self._encode_table_size_change())
+            self._table_size_changed = False
+
+        # We can now encode each header in the block.
+        header_block.extend(
+            (self.add(header, huffman) for header in headers)
+        )
+
+        header_block = b''.join(header_block)
+
+        log.debug("Encoded header block to %s", header_block)
+
+        return header_block
+
+    def add(self, to_add, huffman=False):
+        """
+        This function takes a header key-value tuple and serializes it.
+        """
+        log.debug("Adding %s to the header table", to_add)
+
+        name, value = to_add
+
+        # Search for a matching header in the header table.
+        match = self.matching_header(name, value)
+
+        if match is None:
+            # Not in the header table. Encode using the literal syntax,
+            # and add it to the header table.
+            encoded = self._encode_literal(name, value, True, huffman)
+            self._add_to_header_table(to_add)
+            return encoded
+
+        # The header is in the table, break out the values. If we matched
+        # perfectly, we can use the indexed representation: otherwise we
+        # can use the indexed literal.
+        index, perfect = match
+
+        if perfect:
+            # Indexed representation.
+            encoded = self._encode_indexed(index)
+        else:
+            # Indexed literal. We are going to add header to the
+            # header table unconditionally. It is a future todo to
+            # filter out headers which are known to be ineffective for
+            # indexing since they just take space in the table and
+            # pushed out other valuable headers.
+            encoded = self._encode_indexed_literal(index, value, huffman)
+            self._add_to_header_table(to_add)
+
+        return encoded
+
+    def matching_header(self, name, value):
+        """
+        Scans the header table and the static table. Returns a tuple, where the
+        first value is the index of the match, and the second is whether there
+        was a full match or not. Prefers full matches to partial ones.
+
+        Upsettingly, the header table is one-indexed, not zero-indexed.
+        """
+        partial_match = None
+        static_table_len = len(Encoder.static_table)
+
+        for (i, (n, v)) in enumerate(Encoder.static_table):
+            if n == name:
+                if v == value:
+                    return (i + 1, Encoder.static_table[i])
+                elif partial_match is None:
+                    partial_match = (i + 1, None)
+
+        for (i, (n, v)) in enumerate(self.header_table):
+            if n == name:
+                if v == value:
+                    return (i + static_table_len + 1, self.header_table[i])
+                elif partial_match is None:
+                    partial_match = (i + static_table_len + 1, None)
+
+        return partial_match
+
+    def _add_to_header_table(self, header):
+        """
+        Adds a header to the header table, evicting old ones if necessary.
+        """
+        # Be optimistic: add the header straight away.
+        self.header_table.appendleft(header)
+
+        # Now, work out how big the header table is.
+        actual_size = header_table_size(self.header_table)
+
+        # Loop and remove whatever we need to.
+        while actual_size > self.header_table_size:
+            header = self.header_table.pop()
+            n, v = header
+            actual_size -= (
+                32 + len(n) + len(v)
+            )
+
+            log.debug("Evicted %s: %s from the header table", n, v)
+
+    def _encode_indexed(self, index):
+        """
+        Encodes a header using the indexed representation.
+        """
+        field = encode_integer(index, 7)
+        field[0] = field[0] | 0x80  # we set the top bit
+        return bytes(field)
+
+    def _encode_literal(self, name, value, indexing, huffman=False):
+        """
+        Encodes a header with a literal name and literal value. If ``indexing``
+        is True, the header will be added to the header table: otherwise it
+        will not.
+        """
+        prefix = b'\x40' if indexing else b'\x00'
+
+        if huffman:
+            name = self.huffman_coder.encode(name)
+            value = self.huffman_coder.encode(value)
+
+        name_len = encode_integer(len(name), 7)
+        value_len = encode_integer(len(value), 7)
+
+        if huffman:
+            name_len[0] |= 0x80
+            value_len[0] |= 0x80
+
+        return b''.join([prefix, bytes(name_len), name, bytes(value_len), value])
+
+    def _encode_indexed_literal(self, index, value, huffman=False):
+        """
+        Encodes a header with an indexed name and a literal value and performs
+        incremental indexing.
+        """
+        prefix = encode_integer(index, 6)
+        prefix[0] |= 0x40
+
+        if huffman:
+            value = self.huffman_coder.encode(value)
+
+        value_len = encode_integer(len(value), 7)
+
+        if huffman:
+            value_len[0] |= 0x80
+
+        return b''.join([bytes(prefix), bytes(value_len), value])
+
+    def _encode_table_size_change(self):
+        """
+        Produces the encoded form of a header table size change context update.
+        """
+        size_bytes = encode_integer(self.header_table_size, 5)
+        size_bytes[0] |= 0x20
+        return bytes(size_bytes)
+
+
+class Decoder(object):
+    """
+    An HPACK decoder object.
+    """
+    static_table = [
+        (b':authority', b''),
+        (b':method', b'GET'),
+        (b':method', b'POST'),
+        (b':path', b'/'),
+        (b':path', b'/index.html'),
+        (b':scheme', b'http'),
+        (b':scheme', b'https'),
+        (b':status', b'200'),
+        (b':status', b'204'),
+        (b':status', b'206'),
+        (b':status', b'304'),
+        (b':status', b'400'),
+        (b':status', b'404'),
+        (b':status', b'500'),
+        (b'accept-charset', b''),
+        (b'accept-encoding', b'gzip, deflate'),
+        (b'accept-language', b''),
+        (b'accept-ranges', b''),
+        (b'accept', b''),
+        (b'access-control-allow-origin', b''),
+        (b'age', b''),
+        (b'allow', b''),
+        (b'authorization', b''),
+        (b'cache-control', b''),
+        (b'content-disposition', b''),
+        (b'content-encoding', b''),
+        (b'content-language', b''),
+        (b'content-length', b''),
+        (b'content-location', b''),
+        (b'content-range', b''),
+        (b'content-type', b''),
+        (b'cookie', b''),
+        (b'date', b''),
+        (b'etag', b''),
+        (b'expect', b''),
+        (b'expires', b''),
+        (b'from', b''),
+        (b'host', b''),
+        (b'if-match', b''),
+        (b'if-modified-since', b''),
+        (b'if-none-match', b''),
+        (b'if-range', b''),
+        (b'if-unmodified-since', b''),
+        (b'last-modified', b''),
+        (b'link', b''),
+        (b'location', b''),
+        (b'max-forwards', b''),
+        (b'proxy-authenticate', b''),
+        (b'proxy-authorization', b''),
+        (b'range', b''),
+        (b'referer', b''),
+        (b'refresh', b''),
+        (b'retry-after', b''),
+        (b'server', b''),
+        (b'set-cookie', b''),
+        (b'strict-transport-security', b''),
+        (b'transfer-encoding', b''),
+        (b'user-agent', b''),
+        (b'vary', b''),
+        (b'via', b''),
+        (b'www-authenticate', b''),
+    ]
+
+    def __init__(self):
+        self.header_table = collections.deque()
+        self._header_table_size = 4096  # This value set by the standard.
+        self.huffman_coder = HuffmanDecoder(
+            REQUEST_CODES, REQUEST_CODES_LENGTH
+        )
+
+    @property
+    def header_table_size(self):
+        return self._header_table_size
+
+    @header_table_size.setter
+    def header_table_size(self, value):
+        log.debug(
+            "Resizing decoder header table to %d from %d",
+            value,
+            self._header_table_size
+        )
+
+        # If the new value is larger than the current one, no worries!
+        # Otherwise, we may need to shrink the header table.
+        if value < self._header_table_size:
+            current_size = header_table_size(self.header_table)
+
+            while value < current_size:
+                header = self.header_table.pop()
+                n, v = header
+                current_size -= (
+                    32 + len(n) + len(v)
+                )
+
+                log.debug("Evicting %s: %s from the header table", n, v)
+
+        self._header_table_size = value
+
+    def decode(self, data):
+        """
+        Takes an HPACK-encoded header block and decodes it into a header set.
+        """
+        log.debug("Decoding %s", data)
+
+        headers = []
+        data_len = len(data)
+        current_index = 0
+
+        while current_index < data_len:
+            # Work out what kind of header we're decoding.
+            # If the high bit is 1, it's an indexed field.
+            current = to_byte(data[current_index])
+            indexed = bool(current & 0x80)
+
+            # Otherwise, if the second-highest bit is 1 it's a field that does
+            # alter the header table.
+            literal_index = bool(current & 0x40)
+
+            # Otherwise, if the third-highest bit is 1 it's an encoding context
+            # update.
+            encoding_update = bool(current & 0x20)
+
+            if indexed:
+                header, consumed = self._decode_indexed(data[current_index:])
+            elif literal_index:
+                # It's a literal header that does affect the header table.
+                header, consumed = self._decode_literal_index(
+                    data[current_index:]
+                )
+            elif encoding_update:
+                # It's an update to the encoding context.
+                consumed = self._update_encoding_context(data)
+                header = None
+            else:
+                # It's a literal header that does not affect the header table.
+                header, consumed = self._decode_literal_no_index(
+                    data[current_index:]
+                )
+
+            if header:
+                headers.append(header)
+
+            current_index += consumed
+
+        return [(n.decode('utf-8'), v.decode('utf-8')) for n, v in headers]
+
+    def _add_to_header_table(self, new_header):
+        """
+        Adds a header to the header table, evicting old ones if necessary.
+        """
+        # Be optimistic: add the header straight away.
+        self.header_table.appendleft(new_header)
+
+        # Now, work out how big the header table is.
+        actual_size = header_table_size(self.header_table)
+
+        # Loop and remove whatever we need to.
+        while actual_size > self.header_table_size:
+            header = self.header_table.pop()
+            n, v = header
+            actual_size -= (
+                32 + len(n) + len(v)
+            )
+
+            log.debug("Evicting %s: %s from the header table", n, v)
+
+    def _update_encoding_context(self, data):
+        """
+        Handles a byte that updates the encoding context.
+        """
+        # We've been asked to resize the header table.
+        new_size, consumed = decode_integer(data, 5)
+        self.header_table_size = new_size
+        return consumed
+
+    def _decode_indexed(self, data):
+        """
+        Decodes a header represented using the indexed representation.
+        """
+        index, consumed = decode_integer(data, 7)
+        index -= 1  # Because this idiot table is 1-indexed. Ugh.
+
+        if index >= len(Decoder.static_table):
+            index -= len(Decoder.static_table)
+            header = self.header_table[index]
+        else:
+            header = Decoder.static_table[index]
+
+        log.debug("Decoded %s, consumed %d", header, consumed)
+        return header, consumed
+
+    def _decode_literal_no_index(self, data):
+        return self._decode_literal(data, False)
+
+    def _decode_literal_index(self, data):
+        return self._decode_literal(data, True)
+
+    def _decode_literal(self, data, should_index):
+        """
+        Decodes a header represented with a literal.
+        """
+        total_consumed = 0
+
+        # When should_index is true, if the low six bits of the first byte are
+        # nonzero, the header name is indexed.
+        # When should_index is false, if the low four bits of the first byte
+        # are nonzero the header name is indexed.
+        if should_index:
+            indexed_name = to_byte(data[0]) & 0x3F
+            name_len = 6
+        else:
+            indexed_name = to_byte(data[0]) & 0x0F
+            name_len = 4
+
+        if indexed_name:
+            # Indexed header name.
+            index, consumed = decode_integer(data, name_len)
+            index -= 1
+
+            if index >= len(Decoder.static_table):
+                index -= len(Decoder.static_table)
+                name = self.header_table[index][0]
+            else:
+                name = Decoder.static_table[index][0]
+
+            total_consumed = consumed
+            length = 0
+        else:
+            # Literal header name. The first byte was consumed, so we need to
+            # move forward.
+            data = data[1:]
+
+            length, consumed = decode_integer(data, 7)
+            name = data[consumed:consumed + length]
+
+            if to_byte(data[0]) & 0x80:
+                name = self.huffman_coder.decode(name)
+            total_consumed = consumed + length + 1  # Since we moved forward 1.
+
+        data = data[consumed + length:]
+
+        # The header value is definitely length-based.
+        length, consumed = decode_integer(data, 7)
+        value = data[consumed:consumed + length]
+
+        if to_byte(data[0]) & 0x80:
+            value = self.huffman_coder.decode(value)
+
+        # Updated the total consumed length.
+        total_consumed += length + consumed
+
+        # If we've been asked to index this, add it to the header table.
+        header = (name, value)
+        if should_index:
+            self._add_to_header_table(header)
+
+        log.debug(
+            "Decoded %s, total consumed %d bytes, indexed %s",
+            header,
+            total_consumed,
+            should_index
+        )
+
+        return header, total_consumed
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/hpack_compat.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/hpack_compat.py
new file mode 100644
index 00000000000..87918d7b00e
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/hpack_compat.py
@@ -0,0 +1,107 @@
+# -*- coding: utf-8 -*-
+"""
+hpack/hpack_compat
+~~~~~~~~~~~~~~~~~~
+
+Provides an abstraction layer over two HPACK implementations.
+
+This module has a pure-Python greenfield HPACK implementation that can be used
+on all Python platforms. However, this implementation is both slower and more
+memory-hungry than could be achieved with a C-language version. Additionally,
+nghttp2's HPACK implementation currently achieves better compression ratios
+than hyper's in almost all benchmarks.
+
+For those who care about efficiency and speed in HPACK, this module allows you
+to use nghttp2's HPACK implementation instead of ours. This module detects
+whether the nghttp2 bindings are installed, and if they are it wraps them in
+a hpack-compatible API and uses them instead of its own. If not, it falls back
+to the built-in Python bindings.
+"""
+import logging
+from .hpack import _to_bytes
+
+log = logging.getLogger(__name__)
+
+# Attempt to import nghttp2.
+try:
+    import nghttp2
+    USE_NGHTTP2 = True
+    log.debug("Using nghttp2's HPACK implementation.")
+except ImportError:
+    USE_NGHTTP2 = False
+    log.debug("Using our pure-Python HPACK implementation.")
+
+if USE_NGHTTP2:
+    class Encoder(object):
+        """
+        An HPACK encoder object. This object takes HTTP headers and emits
+        encoded HTTP/2 header blocks.
+        """
+        def __init__(self):
+            self._e = nghttp2.HDDeflater()
+
+        @property
+        def header_table_size(self):
+            """
+            Returns the header table size. For the moment this isn't
+            useful, so we don't use it.
+            """
+            raise NotImplementedError()
+
+        @header_table_size.setter
+        def header_table_size(self, value):
+            log.debug("Setting header table size to %d", value)
+            self._e.change_table_size(value)
+
+        def encode(self, headers, huffman=True):
+            """
+            Encode the headers. The huffman parameter has no effect, it is
+            simply present for compatibility.
+            """
+            log.debug("HPACK encoding %s", headers)
+
+            # Turn the headers into a list of tuples if possible. This is the
+            # natural way to interact with them in HPACK.
+            if isinstance(headers, dict):
+                headers = headers.items()
+
+            # Next, walk across the headers and turn them all into bytestrings.
+            headers = [(_to_bytes(n), _to_bytes(v)) for n, v in headers]
+
+            # Now, let nghttp2 do its thing.
+            header_block = self._e.deflate(headers)
+
+            return header_block
+
+    class Decoder(object):
+        """
+        An HPACK decoder object.
+        """
+        def __init__(self):
+            self._d = nghttp2.HDInflater()
+
+        @property
+        def header_table_size(self):
+            """
+            Returns the header table size. For the moment this isn't
+            useful, so we don't use it.
+            """
+            raise NotImplementedError()
+
+        @header_table_size.setter
+        def header_table_size(self, value):
+            log.debug("Setting header table size to %d", value)
+            self._d.change_table_size(value)
+
+        def decode(self, data):
+            """
+            Takes an HPACK-encoded header block and decodes it into a header
+            set.
+            """
+            log.debug("Decoding %s", data)
+
+            headers = self._d.inflate(data)
+            return [(n.decode('utf-8'), v.decode('utf-8')) for n, v in headers]
+else:
+    # Grab the built-in encoder and decoder.
+    from .hpack import Encoder, Decoder
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/huffman.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/huffman.py
new file mode 100644
index 00000000000..c8aa276ef5c
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/huffman.py
@@ -0,0 +1,136 @@
+# -*- coding: utf-8 -*-
+"""
+hpack/huffman_decoder
+~~~~~~~~~~~~~~~~~~~~~
+
+An implementation of a bitwise prefix tree specially built for decoding
+Huffman-coded content where we already know the Huffman table.
+"""
+from .compat import to_byte, decode_hex
+from .exceptions import HPACKDecodingError
+
+def _pad_binary(bin_str, req_len=8):
+    """
+    Given a binary string (returned by bin()), pad it to a full byte length.
+    """
+    bin_str = bin_str[2:]  # Strip the 0b prefix
+    return max(0, req_len - len(bin_str)) * '0' + bin_str
+
+def _hex_to_bin_str(hex_string):
+    """
+    Given a Python bytestring, returns a string representing those bytes in
+    unicode form.
+    """
+    unpadded_bin_string_list = (bin(to_byte(c)) for c in hex_string)
+    padded_bin_string_list = map(_pad_binary, unpadded_bin_string_list)
+    bitwise_message = "".join(padded_bin_string_list)
+    return bitwise_message
+
+
+class HuffmanDecoder(object):
+    """
+    Decodes a Huffman-coded bytestream according to the Huffman table laid out
+    in the HPACK specification.
+    """
+    class _Node(object):
+        def __init__(self, data):
+            self.data = data
+            self.mapping = {}
+
+    def __init__(self, huffman_code_list, huffman_code_list_lengths):
+        self.root = self._Node(None)
+        for index, (huffman_code, code_length) in enumerate(zip(huffman_code_list, huffman_code_list_lengths)):
+            self._insert(huffman_code, code_length, index)
+
+    def _insert(self, hex_number, hex_length, letter):
+        """
+        Inserts a Huffman code point into the tree.
+        """
+        hex_number = _pad_binary(bin(hex_number), hex_length)
+        cur_node = self.root
+        for digit in hex_number:
+            if digit not in cur_node.mapping:
+                cur_node.mapping[digit] = self._Node(None)
+            cur_node = cur_node.mapping[digit]
+        cur_node.data = letter
+
+    def decode(self, encoded_string):
+        """
+        Decode the given Huffman coded string.
+        """
+        number = _hex_to_bin_str(encoded_string)
+        cur_node = self.root
+        decoded_message = bytearray()
+
+        try:
+            for digit in number:
+                cur_node = cur_node.mapping[digit]
+                if cur_node.data is not None:
+                    # If we get EOS, everything else is padding.
+                    if cur_node.data == 256:
+                        break
+
+                    decoded_message.append(cur_node.data)
+                    cur_node = self.root
+        except KeyError:
+            # We have a Huffman-coded string that doesn't match our trie. This
+            # is pretty bad: raise a useful exception.
+            raise HPACKDecodingError("Invalid Huffman-coded string received.")
+        return bytes(decoded_message)
+
+
+class HuffmanEncoder(object):
+    """
+    Encodes a string according to the Huffman encoding table defined in the
+    HPACK specification.
+    """
+    def __init__(self, huffman_code_list, huffman_code_list_lengths):
+        self.huffman_code_list = huffman_code_list
+        self.huffman_code_list_lengths = huffman_code_list_lengths
+
+    def encode(self, bytes_to_encode):
+        """
+        Given a string of bytes, encodes them according to the HPACK Huffman
+        specification.
+        """
+        # If handed the empty string, just immediately return.
+        if not bytes_to_encode:
+            return b''
+
+        final_num = 0
+        final_int_len = 0
+
+        # Turn each byte into its huffman code. These codes aren't necessarily
+        # octet aligned, so keep track of how far through an octet we are. To
+        # handle this cleanly, just use a single giant integer.
+        for char in bytes_to_encode:
+            byte = to_byte(char)
+            bin_int_len = self.huffman_code_list_lengths[byte]
+            bin_int = self.huffman_code_list[byte] & (2 ** (bin_int_len + 1) - 1)
+            final_num <<= bin_int_len
+            final_num |= bin_int
+            final_int_len += bin_int_len
+
+        # Pad out to an octet with ones.
+        bits_to_be_padded = (8 - (final_int_len % 8)) % 8
+        final_num <<= bits_to_be_padded
+        final_num |= (1 << (bits_to_be_padded)) - 1
+
+        # Convert the number to hex and strip off the leading '0x' and the
+        # trailing 'L', if present.
+        final_num = hex(final_num)[2:].rstrip('L')
+
+        # If this is odd, prepend a zero.
+        final_num = '0' + final_num if len(final_num) % 2 != 0 else final_num
+
+        # This number should have twice as many digits as bytes. If not, we're
+        # missing some leading zeroes. Work out how many bytes we want and how
+        # many digits we have, then add the missing zero digits to the front.
+        total_bytes = (final_int_len + bits_to_be_padded) // 8
+        expected_digits = total_bytes * 2
+
+        if len(final_num) != expected_digits:
+            missing_digits = expected_digits - len(final_num)
+            final_num = ('0' * missing_digits) + final_num
+
+        return decode_hex(final_num)
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/huffman_constants.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/huffman_constants.py
new file mode 100644
index 00000000000..c2b3bb283e8
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hpack/huffman_constants.py
@@ -0,0 +1,288 @@
+# -*- coding: utf-8 -*-
+"""
+hpack/huffman_constants
+~~~~~~~~~~~~~~~~~~~~~~~
+
+Defines the constant Huffman table. This takes up an upsetting amount of space,
+but c'est la vie.
+"""
+
+REQUEST_CODES = [
+    0x1ff8,
+    0x7fffd8,
+    0xfffffe2,
+    0xfffffe3,
+    0xfffffe4,
+    0xfffffe5,
+    0xfffffe6,
+    0xfffffe7,
+    0xfffffe8,
+    0xffffea,
+    0x3ffffffc,
+    0xfffffe9,
+    0xfffffea,
+    0x3ffffffd,
+    0xfffffeb,
+    0xfffffec,
+    0xfffffed,
+    0xfffffee,
+    0xfffffef,
+    0xffffff0,
+    0xffffff1,
+    0xffffff2,
+    0x3ffffffe,
+    0xffffff3,
+    0xffffff4,
+    0xffffff5,
+    0xffffff6,
+    0xffffff7,
+    0xffffff8,
+    0xffffff9,
+    0xffffffa,
+    0xffffffb,
+    0x14,
+    0x3f8,
+    0x3f9,
+    0xffa,
+    0x1ff9,
+    0x15,
+    0xf8,
+    0x7fa,
+    0x3fa,
+    0x3fb,
+    0xf9,
+    0x7fb,
+    0xfa,
+    0x16,
+    0x17,
+    0x18,
+    0x0,
+    0x1,
+    0x2,
+    0x19,
+    0x1a,
+    0x1b,
+    0x1c,
+    0x1d,
+    0x1e,
+    0x1f,
+    0x5c,
+    0xfb,
+    0x7ffc,
+    0x20,
+    0xffb,
+    0x3fc,
+    0x1ffa,
+    0x21,
+    0x5d,
+    0x5e,
+    0x5f,
+    0x60,
+    0x61,
+    0x62,
+    0x63,
+    0x64,
+    0x65,
+    0x66,
+    0x67,
+    0x68,
+    0x69,
+    0x6a,
+    0x6b,
+    0x6c,
+    0x6d,
+    0x6e,
+    0x6f,
+    0x70,
+    0x71,
+    0x72,
+    0xfc,
+    0x73,
+    0xfd,
+    0x1ffb,
+    0x7fff0,
+    0x1ffc,
+    0x3ffc,
+    0x22,
+    0x7ffd,
+    0x3,
+    0x23,
+    0x4,
+    0x24,
+    0x5,
+    0x25,
+    0x26,
+    0x27,
+    0x6,
+    0x74,
+    0x75,
+    0x28,
+    0x29,
+    0x2a,
+    0x7,
+    0x2b,
+    0x76,
+    0x2c,
+    0x8,
+    0x9,
+    0x2d,
+    0x77,
+    0x78,
+    0x79,
+    0x7a,
+    0x7b,
+    0x7ffe,
+    0x7fc,
+    0x3ffd,
+    0x1ffd,
+    0xffffffc,
+    0xfffe6,
+    0x3fffd2,
+    0xfffe7,
+    0xfffe8,
+    0x3fffd3,
+    0x3fffd4,
+    0x3fffd5,
+    0x7fffd9,
+    0x3fffd6,
+    0x7fffda,
+    0x7fffdb,
+    0x7fffdc,
+    0x7fffdd,
+    0x7fffde,
+    0xffffeb,
+    0x7fffdf,
+    0xffffec,
+    0xffffed,
+    0x3fffd7,
+    0x7fffe0,
+    0xffffee,
+    0x7fffe1,
+    0x7fffe2,
+    0x7fffe3,
+    0x7fffe4,
+    0x1fffdc,
+    0x3fffd8,
+    0x7fffe5,
+    0x3fffd9,
+    0x7fffe6,
+    0x7fffe7,
+    0xffffef,
+    0x3fffda,
+    0x1fffdd,
+    0xfffe9,
+    0x3fffdb,
+    0x3fffdc,
+    0x7fffe8,
+    0x7fffe9,
+    0x1fffde,
+    0x7fffea,
+    0x3fffdd,
+    0x3fffde,
+    0xfffff0,
+    0x1fffdf,
+    0x3fffdf,
+    0x7fffeb,
+    0x7fffec,
+    0x1fffe0,
+    0x1fffe1,
+    0x3fffe0,
+    0x1fffe2,
+    0x7fffed,
+    0x3fffe1,
+    0x7fffee,
+    0x7fffef,
+    0xfffea,
+    0x3fffe2,
+    0x3fffe3,
+    0x3fffe4,
+    0x7ffff0,
+    0x3fffe5,
+    0x3fffe6,
+    0x7ffff1,
+    0x3ffffe0,
+    0x3ffffe1,
+    0xfffeb,
+    0x7fff1,
+    0x3fffe7,
+    0x7ffff2,
+    0x3fffe8,
+    0x1ffffec,
+    0x3ffffe2,
+    0x3ffffe3,
+    0x3ffffe4,
+    0x7ffffde,
+    0x7ffffdf,
+    0x3ffffe5,
+    0xfffff1,
+    0x1ffffed,
+    0x7fff2,
+    0x1fffe3,
+    0x3ffffe6,
+    0x7ffffe0,
+    0x7ffffe1,
+    0x3ffffe7,
+    0x7ffffe2,
+    0xfffff2,
+    0x1fffe4,
+    0x1fffe5,
+    0x3ffffe8,
+    0x3ffffe9,
+    0xffffffd,
+    0x7ffffe3,
+    0x7ffffe4,
+    0x7ffffe5,
+    0xfffec,
+    0xfffff3,
+    0xfffed,
+    0x1fffe6,
+    0x3fffe9,
+    0x1fffe7,
+    0x1fffe8,
+    0x7ffff3,
+    0x3fffea,
+    0x3fffeb,
+    0x1ffffee,
+    0x1ffffef,
+    0xfffff4,
+    0xfffff5,
+    0x3ffffea,
+    0x7ffff4,
+    0x3ffffeb,
+    0x7ffffe6,
+    0x3ffffec,
+    0x3ffffed,
+    0x7ffffe7,
+    0x7ffffe8,
+    0x7ffffe9,
+    0x7ffffea,
+    0x7ffffeb,
+    0xffffffe,
+    0x7ffffec,
+    0x7ffffed,
+    0x7ffffee,
+    0x7ffffef,
+    0x7fffff0,
+    0x3ffffee,
+    0x3fffffff,
+]
+
+REQUEST_CODES_LENGTH = [
+    13, 23, 28, 28, 28, 28, 28, 28, 28, 24, 30, 28, 28, 30, 28, 28,
+    28, 28, 28, 28, 28, 28, 30, 28, 28, 28, 28, 28, 28, 28, 28, 28,
+     6, 10, 10, 12, 13,  6,  8, 11, 10, 10,  8, 11,  8,  6,  6,  6,
+     5,  5,  5,  6,  6,  6,  6,  6,  6,  6,  7,  8, 15,  6, 12, 10,
+    13,  6,  7,  7,  7,  7,  7,  7,  7,  7,  7,  7,  7,  7,  7,  7,
+     7,  7,  7,  7,  7,  7,  7,  7,  8,  7,  8, 13, 19, 13, 14,  6,
+    15,  5,  6,  5,  6,  5,  6,  6,  6,  5,  7,  7,  6,  6,  6,  5,
+     6,  7,  6,  5,  5,  6,  7,  7,  7,  7,  7, 15, 11, 14, 13, 28,
+    20, 22, 20, 20, 22, 22, 22, 23, 22, 23, 23, 23, 23, 23, 24, 23,
+    24, 24, 22, 23, 24, 23, 23, 23, 23, 21, 22, 23, 22, 23, 23, 24,
+    22, 21, 20, 22, 22, 23, 23, 21, 23, 22, 22, 24, 21, 22, 23, 23,
+    21, 21, 22, 21, 23, 22, 23, 23, 20, 22, 22, 22, 23, 22, 22, 23,
+    26, 26, 20, 19, 22, 23, 22, 25, 26, 26, 26, 27, 27, 26, 24, 25,
+    19, 21, 26, 27, 27, 26, 27, 24, 21, 21, 26, 26, 28, 27, 27, 27,
+    20, 24, 20, 21, 22, 21, 21, 23, 22, 22, 25, 25, 24, 24, 26, 23,
+    26, 27, 26, 26, 27, 27, 27, 27, 27, 28, 27, 27, 27, 27, 27, 26,
+    30,
+]
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hyperframe/__init__.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hyperframe/__init__.py
new file mode 100644
index 00000000000..9b6a84e721d
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hyperframe/__init__.py
@@ -0,0 +1,8 @@
+# -*- coding: utf-8 -*-
+"""
+hyperframe
+~~~~~~~~~~
+
+A module for providing a pure-Python HTTP/2 framing layer.
+"""
+__version__ = '2.1.0'
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hyperframe/flags.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hyperframe/flags.py
new file mode 100644
index 00000000000..e8f6300566d
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hyperframe/flags.py
@@ -0,0 +1,40 @@
+# -*- coding: utf-8 -*-
+"""
+hyperframe/flags
+~~~~~~~~~~~~~~~~
+
+Defines basic Flag and Flags data structures.
+"""
+import collections
+
+
+Flag = collections.namedtuple("Flag", ["name", "bit"])
+
+
+class Flags(collections.MutableSet):
+    """
+    A simple MutableSet implementation that will only accept known flags as elements.
+
+    Will behave like a regular set(), except that a ValueError will be thrown when .add()ing
+    unexpected flags.
+    """
+    def __init__(self, defined_flags):
+        self._valid_flags = set(flag.name for flag in defined_flags)
+        self._flags = set()
+
+    def __contains__(self, x):
+        return self._flags.__contains__(x)
+
+    def __iter__(self):
+        return self._flags.__iter__()
+
+    def __len__(self):
+        return self._flags.__len__()
+
+    def discard(self, value):
+        return self._flags.discard(value)
+
+    def add(self, value):
+        if value not in self._valid_flags:
+            raise ValueError("Unexpected flag: {}".format(value))
+        return self._flags.add(value)
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hyperframe/frame.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hyperframe/frame.py
new file mode 100644
index 00000000000..22e20031177
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/hyperframe/frame.py
@@ -0,0 +1,625 @@
+# -*- coding: utf-8 -*-
+"""
+hyperframe/frame
+~~~~~~~~~~~~~~~~
+
+Defines framing logic for HTTP/2. Provides both classes to represent framed
+data and logic for aiding the connection when it comes to reading from the
+socket.
+"""
+import collections
+import struct
+
+from .flags import Flag, Flags
+
+# The maximum initial length of a frame. Some frames have shorter maximum lengths.
+FRAME_MAX_LEN = (2 ** 14)
+
+# The maximum allowed length of a frame.
+FRAME_MAX_ALLOWED_LEN = (2 ** 24) - 1
+
+
+class Frame(object):
+    """
+    The base class for all HTTP/2 frames.
+    """
+    # The flags defined on this type of frame.
+    defined_flags = []
+
+    # The type of the frame.
+    type = None
+
+    # If 'has-stream', the frame's stream_id must be non-zero. If 'no-stream',
+    # it must be zero. If 'either', it's not checked.
+    stream_association = None
+
+    def __init__(self, stream_id, flags=()):
+        self.stream_id = stream_id
+        self.flags = Flags(self.defined_flags)
+        self.body_len = 0
+
+        for flag in flags:
+            self.flags.add(flag)
+
+        if self.stream_association == 'has-stream' and not self.stream_id:
+            raise ValueError('Stream ID must be non-zero')
+        if self.stream_association == 'no-stream' and self.stream_id:
+            raise ValueError('Stream ID must be zero')
+
+    def __repr__(self):
+        flags = ", ".join(self.flags) or "None"
+        body = self.serialize_body()
+        if len(body) > 100:
+            body = str(body[:100]) + "..."
+        return (
+            "{type}(Stream: {stream}; Flags: {flags}): {body}"
+        ).format(type=type(self).__name__, stream=self.stream_id, flags=flags, body=body)
+
+    @staticmethod
+    def parse_frame_header(header):
+        """
+        Takes a 9-byte frame header and returns a tuple of the appropriate
+        Frame object and the length that needs to be read from the socket.
+        """
+        fields = struct.unpack("!HBBBL", header)
+        # First 24 bits are frame length.
+        length = (fields[0] << 8) + fields[1]
+        type = fields[2]
+        flags = fields[3]
+        stream_id = fields[4]
+
+        if type not in FRAMES:
+            raise ValueError("Unknown frame type %d" % type)
+
+        frame = FRAMES[type](stream_id)
+        frame.parse_flags(flags)
+        return (frame, length)
+
+    def parse_flags(self, flag_byte):
+        for flag, flag_bit in self.defined_flags:
+            if flag_byte & flag_bit:
+                self.flags.add(flag)
+
+        return self.flags
+
+    def serialize(self):
+        body = self.serialize_body()
+        self.body_len = len(body)
+
+        # Build the common frame header.
+        # First, get the flags.
+        flags = 0
+
+        for flag, flag_bit in self.defined_flags:
+            if flag in self.flags:
+                flags |= flag_bit
+
+        header = struct.pack(
+            "!HBBBL",
+            (self.body_len & 0xFFFF00) >> 8,  # Length is spread over top 24 bits
+            self.body_len & 0x0000FF,
+            self.type,
+            flags,
+            self.stream_id & 0x7FFFFFFF  # Stream ID is 32 bits.
+        )
+
+        return header + body
+
+    def serialize_body(self):
+        raise NotImplementedError()
+
+    def parse_body(self, data):
+        raise NotImplementedError()
+
+
+class Padding(object):
+    """
+    Mixin for frames that contain padding.
+    """
+    def __init__(self, stream_id, pad_length=0, **kwargs):
+        super(Padding, self).__init__(stream_id, **kwargs)
+
+        self.pad_length = pad_length
+
+
+    def serialize_padding_data(self):
+        if 'PADDED' in self.flags:
+            return struct.pack('!B', self.pad_length)
+        return b''
+
+    def parse_padding_data(self, data):
+        if 'PADDED' in self.flags:
+            self.pad_length = struct.unpack('!B', data[:1])[0]
+            return 1
+        return 0
+
+    @property
+    def total_padding(self):
+        """Return the total length of the padding, if any."""
+        return self.pad_length
+
+
+class Priority(object):
+    """
+    Mixin for frames that contain priority data.
+    """
+    def __init__(self, stream_id, depends_on=None, stream_weight=None, exclusive=None, **kwargs):
+        super(Priority, self).__init__(stream_id, **kwargs)
+
+        # The stream ID of the stream on which this stream depends.
+        self.depends_on = depends_on
+
+        # The weight of the stream. This is an integer between 0 and 256.
+        self.stream_weight = stream_weight
+
+        # Whether the exclusive bit was set.
+        self.exclusive = exclusive
+
+    def serialize_priority_data(self):
+        return struct.pack(
+            "!LB",
+            self.depends_on | (int(self.exclusive) << 31),
+            self.stream_weight
+        )
+
+    def parse_priority_data(self, data):
+        MASK = 0x80000000
+        self.depends_on, self.stream_weight = struct.unpack(
+            "!LB", data[:5]
+        )
+        self.exclusive = bool(self.depends_on & MASK)
+        self.depends_on &= ~MASK
+        return 5
+
+
+class DataFrame(Padding, Frame):
+    """
+    DATA frames convey arbitrary, variable-length sequences of octets
+    associated with a stream. One or more DATA frames are used, for instance,
+    to carry HTTP request or response payloads.
+    """
+    defined_flags = [
+        Flag('END_STREAM', 0x01),
+        Flag('PADDED', 0x08),
+    ]
+
+    type = 0x0
+
+    stream_association = 'has-stream'
+
+    def __init__(self, stream_id, data=b'', **kwargs):
+        super(DataFrame, self).__init__(stream_id, **kwargs)
+
+        self.data = data
+
+    def serialize_body(self):
+        padding_data = self.serialize_padding_data()
+        padding = b'\0' * self.total_padding
+        return b''.join([padding_data, self.data, padding])
+
+    def parse_body(self, data):
+        padding_data_length = self.parse_padding_data(data)
+        self.data = data[padding_data_length:len(data)-self.total_padding].tobytes()
+        self.body_len = len(data)
+
+    @property
+    def flow_controlled_length(self):
+        """
+        If the frame is padded we need to include the padding length byte in
+        the flow control used.
+        """
+        padding_len = self.total_padding + 1 if self.total_padding else 0
+        return len(self.data) + padding_len
+
+
+class PriorityFrame(Priority, Frame):
+    """
+    The PRIORITY frame specifies the sender-advised priority of a stream. It
+    can be sent at any time for an existing stream. This enables
+    reprioritisation of existing streams.
+    """
+    defined_flags = []
+
+    type = 0x02
+
+    stream_association = 'has-stream'
+
+    def serialize_body(self):
+        return self.serialize_priority_data()
+
+    def parse_body(self, data):
+        self.parse_priority_data(data)
+        self.body_len = len(data)
+
+
+class RstStreamFrame(Frame):
+    """
+    The RST_STREAM frame allows for abnormal termination of a stream. When sent
+    by the initiator of a stream, it indicates that they wish to cancel the
+    stream or that an error condition has occurred. When sent by the receiver
+    of a stream, it indicates that either the receiver is rejecting the stream,
+    requesting that the stream be cancelled or that an error condition has
+    occurred.
+    """
+    defined_flags = []
+
+    type = 0x03
+
+    stream_association = 'has-stream'
+
+    def __init__(self, stream_id, error_code=0, **kwargs):
+        super(RstStreamFrame, self).__init__(stream_id, **kwargs)
+
+        self.error_code = error_code
+
+    def serialize_body(self):
+        return struct.pack("!L", self.error_code)
+
+    def parse_body(self, data):
+        if len(data) != 4:
+            raise ValueError()
+
+        self.error_code = struct.unpack("!L", data)[0]
+        self.body_len = len(data)
+
+
+class SettingsFrame(Frame):
+    """
+    The SETTINGS frame conveys configuration parameters that affect how
+    endpoints communicate. The parameters are either constraints on peer
+    behavior or preferences.
+
+    Settings are not negotiated. Settings describe characteristics of the
+    sending peer, which are used by the receiving peer. Different values for
+    the same setting can be advertised by each peer. For example, a client
+    might set a high initial flow control window, whereas a server might set a
+    lower value to conserve resources.
+    """
+    defined_flags = [Flag('ACK', 0x01)]
+
+    type = 0x04
+
+    stream_association = 'no-stream'
+
+    # We need to define the known settings, they may as well be class
+    # attributes.
+    HEADER_TABLE_SIZE             = 0x01
+    ENABLE_PUSH                   = 0x02
+    MAX_CONCURRENT_STREAMS        = 0x03
+    INITIAL_WINDOW_SIZE           = 0x04
+    SETTINGS_MAX_FRAME_SIZE       = 0x05
+    SETTINGS_MAX_HEADER_LIST_SIZE = 0x06
+
+    def __init__(self, stream_id=0, settings=None, **kwargs):
+        super(SettingsFrame, self).__init__(stream_id, **kwargs)
+
+        if settings and "ACK" in kwargs.get("flags", ()):
+            raise ValueError("Settings must be empty if ACK flag is set.")
+
+        # A dictionary of the setting type byte to the value.
+        self.settings = settings or {}
+
+    def serialize_body(self):
+        settings = [struct.pack("!HL", setting & 0xFF, value)
+                    for setting, value in self.settings.items()]
+        return b''.join(settings)
+
+    def parse_body(self, data):
+        for i in range(0, len(data), 6):
+            name, value = struct.unpack("!HL", data[i:i+6])
+            self.settings[name] = value
+
+        self.body_len = len(data)
+
+
+class PushPromiseFrame(Padding, Frame):
+    """
+    The PUSH_PROMISE frame is used to notify the peer endpoint in advance of
+    streams the sender intends to initiate.
+    """
+    defined_flags = [
+        Flag('END_HEADERS', 0x04),
+        Flag('PADDED', 0x08)
+    ]
+
+    type = 0x05
+
+    stream_association = 'has-stream'
+
+    def __init__(self, stream_id, promised_stream_id=0, data=b'', **kwargs):
+        super(PushPromiseFrame, self).__init__(stream_id, **kwargs)
+
+        self.promised_stream_id = promised_stream_id
+        self.data = data
+
+    def serialize_body(self):
+        padding_data = self.serialize_padding_data()
+        padding = b'\0' * self.total_padding
+        data = struct.pack("!L", self.promised_stream_id)
+        return b''.join([padding_data, data, self.data, padding])
+
+    def parse_body(self, data):
+        padding_data_length = self.parse_padding_data(data)
+        self.promised_stream_id = struct.unpack("!L", data[padding_data_length:padding_data_length + 4])[0]
+        self.data = data[padding_data_length + 4:].tobytes()
+        self.body_len = len(data)
+
+
+class PingFrame(Frame):
+    """
+    The PING frame is a mechanism for measuring a minimal round-trip time from
+    the sender, as well as determining whether an idle connection is still
+    functional. PING frames can be sent from any endpoint.
+    """
+    defined_flags = [Flag('ACK', 0x01)]
+
+    type = 0x06
+
+    stream_association = 'no-stream'
+
+    def __init__(self, stream_id=0, opaque_data=b'', **kwargs):
+        super(PingFrame, self).__init__(stream_id, **kwargs)
+
+        self.opaque_data = opaque_data
+
+    def serialize_body(self):
+        if len(self.opaque_data) > 8:
+            raise ValueError()
+
+        data = self.opaque_data
+        data += b'\x00' * (8 - len(self.opaque_data))
+        return data
+
+    def parse_body(self, data):
+        if len(data) > 8:
+            raise ValueError()
+
+        self.opaque_data = data.tobytes()
+        self.body_len = len(data)
+
+
+class GoAwayFrame(Frame):
+    """
+    The GOAWAY frame informs the remote peer to stop creating streams on this
+    connection. It can be sent from the client or the server. Once sent, the
+    sender will ignore frames sent on new streams for the remainder of the
+    connection.
+    """
+    type = 0x07
+
+    stream_association = 'no-stream'
+
+    def __init__(self, stream_id=0, last_stream_id=0, error_code=0, additional_data=b'', **kwargs):
+        super(GoAwayFrame, self).__init__(stream_id, **kwargs)
+
+        self.last_stream_id = last_stream_id
+        self.error_code = error_code
+        self.additional_data = additional_data
+
+    def serialize_body(self):
+        data = struct.pack(
+            "!LL",
+            self.last_stream_id & 0x7FFFFFFF,
+            self.error_code
+        )
+        data += self.additional_data
+
+        return data
+
+    def parse_body(self, data):
+        self.last_stream_id, self.error_code = struct.unpack("!LL", data[:8])
+        self.body_len = len(data)
+
+        if len(data) > 8:
+            self.additional_data = data[8:].tobytes()
+
+
+class WindowUpdateFrame(Frame):
+    """
+    The WINDOW_UPDATE frame is used to implement flow control.
+
+    Flow control operates at two levels: on each individual stream and on the
+    entire connection.
+
+    Both types of flow control are hop by hop; that is, only between the two
+    endpoints. Intermediaries do not forward WINDOW_UPDATE frames between
+    dependent connections. However, throttling of data transfer by any receiver
+    can indirectly cause the propagation of flow control information toward the
+    original sender.
+    """
+    type = 0x08
+
+    stream_association = 'either'
+
+    def __init__(self, stream_id, window_increment=0, **kwargs):
+        super(WindowUpdateFrame, self).__init__(stream_id, **kwargs)
+
+        self.window_increment = window_increment
+
+    def serialize_body(self):
+        return struct.pack("!L", self.window_increment & 0x7FFFFFFF)
+
+    def parse_body(self, data):
+        self.window_increment = struct.unpack("!L", data)[0]
+        self.body_len = len(data)
+
+
+class HeadersFrame(Padding, Priority, Frame):
+    """
+    The HEADERS frame carries name-value pairs. It is used to open a stream.
+    HEADERS frames can be sent on a stream in the "open" or "half closed
+    (remote)" states.
+
+    The HeadersFrame class is actually basically a data frame in this
+    implementation, because of the requirement to control the sizes of frames.
+    A header block fragment that doesn't fit in an entire HEADERS frame needs
+    to be followed with CONTINUATION frames. From the perspective of the frame
+    building code the header block is an opaque data segment.
+    """
+    type = 0x01
+
+    stream_association = 'has-stream'
+
+    defined_flags = [
+        Flag('END_STREAM', 0x01),
+        Flag('END_HEADERS', 0x04),
+        Flag('PADDED', 0x08),
+        Flag('PRIORITY', 0x20),
+    ]
+
+    def __init__(self, stream_id, data=b'', **kwargs):
+        super(HeadersFrame, self).__init__(stream_id, **kwargs)
+
+        self.data = data
+
+    def serialize_body(self):
+        padding_data = self.serialize_padding_data()
+        padding = b'\0' * self.total_padding
+
+        if 'PRIORITY' in self.flags:
+            priority_data = self.serialize_priority_data()
+        else:
+            priority_data = b''
+
+        return b''.join([padding_data, priority_data, self.data, padding])
+
+    def parse_body(self, data):
+        padding_data_length = self.parse_padding_data(data)
+        data = data[padding_data_length:]
+
+        if 'PRIORITY' in self.flags:
+            priority_data_length = self.parse_priority_data(data)
+        else:
+            priority_data_length = 0
+
+        self.body_len = len(data)
+        self.data = data[priority_data_length:len(data)-self.total_padding].tobytes()
+
+
+class ContinuationFrame(Frame):
+    """
+    The CONTINUATION frame is used to continue a sequence of header block
+    fragments. Any number of CONTINUATION frames can be sent on an existing
+    stream, as long as the preceding frame on the same stream is one of
+    HEADERS, PUSH_PROMISE or CONTINUATION without the END_HEADERS flag set.
+
+    Much like the HEADERS frame, hyper treats this as an opaque data frame with
+    different flags and a different type.
+    """
+    type = 0x09
+
+    stream_association = 'has-stream'
+
+    defined_flags = [Flag('END_HEADERS', 0x04),]
+
+    def __init__(self, stream_id, data=b'', **kwargs):
+        super(ContinuationFrame, self).__init__(stream_id, **kwargs)
+
+        self.data = data
+
+    def serialize_body(self):
+        return self.data
+
+    def parse_body(self, data):
+        self.data = data.tobytes()
+        self.body_len = len(data)
+
+
+Origin = collections.namedtuple('Origin', ['scheme', 'host', 'port'])
+
+
+class AltSvcFrame(Frame):
+    """
+    The ALTSVC frame is used to advertise alternate services that the current
+    host, or a different one, can understand.
+    """
+    type = 0xA
+
+    stream_association = 'no-stream'
+
+    def __init__(self, stream_id=0, host=b'', port=0, protocol_id=b'', max_age=0, origin=None, **kwargs):
+        super(AltSvcFrame, self).__init__(stream_id, **kwargs)
+
+        self.host = host
+        self.port = port
+        self.protocol_id = protocol_id
+        self.max_age = max_age
+        self.origin = origin
+
+    def serialize_origin(self):
+        if self.origin is not None:
+            if self.origin.port is None:
+                hostport = self.origin.host
+            else:
+                hostport = self.origin.host + b':' + str(self.origin.port).encode('ascii')
+            return self.origin.scheme + b'://' + hostport
+        return b''
+
+    def parse_origin(self, data):
+        if len(data) > 0:
+            data = data.tobytes()
+            scheme, hostport = data.split(b'://')
+            host, _, port = hostport.partition(b':')
+            self.origin = Origin(scheme=scheme, host=host,
+                                 port=int(port) if len(port) > 0 else None)
+
+    def serialize_body(self):
+        first = struct.pack("!LHxB", self.max_age, self.port, len(self.protocol_id))
+        host_length = struct.pack("!B", len(self.host))
+        return b''.join([first, self.protocol_id, host_length, self.host,
+                         self.serialize_origin()])
+
+    def parse_body(self, data):
+        self.body_len = len(data)
+        self.max_age, self.port, protocol_id_length = struct.unpack("!LHxB", data[:8])
+        pos = 8
+        self.protocol_id = data[pos:pos+protocol_id_length].tobytes()
+        pos += protocol_id_length
+        host_length = struct.unpack("!B", data[pos:pos+1])[0]
+        pos += 1
+        self.host = data[pos:pos+host_length].tobytes()
+        pos += host_length
+        self.parse_origin(data[pos:])
+
+
+class BlockedFrame(Frame):
+    """
+    The BLOCKED frame indicates that the sender is unable to send data due to a
+    closed flow control window.
+
+    The BLOCKED frame is used to provide feedback about the performance of flow
+    control for the purposes of performance tuning and debugging. The BLOCKED
+    frame can be sent by a peer when flow controlled data cannot be sent due to
+    the connection- or stream-level flow control. This frame MUST NOT be sent
+    if there are other reasons preventing data from being sent, either a lack
+    of available data, or the underlying transport being blocked.
+    """
+    type = 0x0B
+
+    stream_association = 'both'
+
+    defined_flags = []
+
+    def serialize_body(self):
+        return b''
+
+    def parse_body(self, data):
+        pass
+
+
+# A map of type byte to frame class.
+_FRAME_CLASSES = [
+    DataFrame,
+    HeadersFrame,
+    PriorityFrame,
+    RstStreamFrame,
+    SettingsFrame,
+    PushPromiseFrame,
+    PingFrame,
+    GoAwayFrame,
+    WindowUpdateFrame,
+    ContinuationFrame,
+    AltSvcFrame,
+    BlockedFrame
+]
+FRAMES = {cls.type: cls for cls in _FRAME_CLASSES}
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/LICENSE b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/LICENSE
new file mode 100644
index 00000000000..72ce24cf028
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/LICENSE
@@ -0,0 +1,13 @@
+Copyright 2014 Ian Cordasco, Rackspace
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/__init__.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/__init__.py
new file mode 100644
index 00000000000..a3aea4c4da2
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/__init__.py
@@ -0,0 +1,45 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) 2014 Rackspace
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+rfc3986
+=======
+
+An implementation of semantics and validations described in RFC 3986. See
+http://rfc3986.rtfd.org/ for documentation.
+
+:copyright: (c) 2014 Rackspace
+:license: Apache v2.0, see LICENSE for details
+"""
+
+__title__ = 'rfc3986'
+__author__ = 'Ian Cordasco'
+__author_email__ = 'ian.cordasco@rackspace.com'
+__license__ = 'Apache v2.0'
+__copyright__ = 'Copyright 2014 Rackspace'
+__version__ = '0.3.0'
+
+from .api import (URIReference, uri_reference, is_valid_uri, normalize_uri,
+                  urlparse)
+from .parseresult import ParseResult
+
+__all__ = (
+    'ParseResult',
+    'URIReference',
+    'is_valid_uri',
+    'normalize_uri',
+    'uri_reference',
+    'urlparse',
+)
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/api.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/api.py
new file mode 100644
index 00000000000..3e9e401aeba
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/api.py
@@ -0,0 +1,92 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) 2014 Rackspace
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""
+rfc3986.api
+~~~~~~~~~~~
+
+This defines the simple API to rfc3986. This module defines 3 functions and
+provides access to the class ``URIReference``.
+"""
+
+from .uri import URIReference
+from .parseresult import ParseResult
+
+
+def uri_reference(uri, encoding='utf-8'):
+    """Parse a URI string into a URIReference.
+
+    This is a convenience function. You could achieve the same end by using
+    ``URIReference.from_string(uri)``.
+
+    :param str uri: The URI which needs to be parsed into a reference.
+    :param str encoding: The encoding of the string provided
+    :returns: A parsed URI
+    :rtype: :class:`URIReference`
+    """
+    return URIReference.from_string(uri, encoding)
+
+
+def is_valid_uri(uri, encoding='utf-8', **kwargs):
+    """Determine if the URI given is valid.
+
+    This is a convenience function. You could use either
+    ``uri_reference(uri).is_valid()`` or
+    ``URIReference.from_string(uri).is_valid()`` to achieve the same result.
+
+    :param str uri: The URI to be validated.
+    :param str encoding: The encoding of the string provided
+    :param bool require_scheme: Set to ``True`` if you wish to require the
+        presence of the scheme component.
+    :param bool require_authority: Set to ``True`` if you wish to require the
+        presence of the authority component.
+    :param bool require_path: Set to ``True`` if you wish to require the
+        presence of the path component.
+    :param bool require_query: Set to ``True`` if you wish to require the
+        presence of the query component.
+    :param bool require_fragment: Set to ``True`` if you wish to require the
+        presence of the fragment component.
+    :returns: ``True`` if the URI is valid, ``False`` otherwise.
+    :rtype: bool
+    """
+    return URIReference.from_string(uri, encoding).is_valid(**kwargs)
+
+
+def normalize_uri(uri, encoding='utf-8'):
+    """Normalize the given URI.
+
+    This is a convenience function. You could use either
+    ``uri_reference(uri).normalize().unsplit()`` or
+    ``URIReference.from_string(uri).normalize().unsplit()`` instead.
+
+    :param str uri: The URI to be normalized.
+    :param str encoding: The encoding of the string provided
+    :returns: The normalized URI.
+    :rtype: str
+    """
+    normalized_reference = URIReference.from_string(uri, encoding).normalize()
+    return normalized_reference.unsplit()
+
+
+def urlparse(uri, encoding='utf-8'):
+    """Parse a given URI and return a ParseResult.
+
+    This is a partial replacement of the standard library's urlparse function.
+
+    :param str uri: The URI to be parsed.
+    :param str encoding: The encoding of the string provided.
+    :returns: A parsed URI
+    :rtype: :class:`~rfc3986.parseresult.ParseResult`
+    """
+    return ParseResult.from_string(uri, encoding, strict=False)
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/compat.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/compat.py
new file mode 100644
index 00000000000..6fc7f6d808d
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/compat.py
@@ -0,0 +1,31 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) 2014 Rackspace
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import sys
+
+
+if sys.version_info >= (3, 0):
+    unicode = str  # Python 3.x
+
+
+def to_str(b, encoding):
+    if hasattr(b, 'decode') and not isinstance(b, unicode):
+        b = b.decode('utf-8')
+    return b
+
+
+def to_bytes(s, encoding):
+    if hasattr(s, 'encode') and not isinstance(s, bytes):
+        s = s.encode('utf-8')
+    return s
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/exceptions.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/exceptions.py
new file mode 100644
index 00000000000..f9adbde718a
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/exceptions.py
@@ -0,0 +1,21 @@
+# -*- coding: utf-8 -*-
+class RFC3986Exception(Exception):
+    pass
+
+
+class InvalidAuthority(RFC3986Exception):
+    def __init__(self, authority):
+        super(InvalidAuthority, self).__init__(
+            "The authority ({0}) is not valid.".format(authority))
+
+
+class InvalidPort(RFC3986Exception):
+    def __init__(self, port):
+        super(InvalidPort, self).__init__(
+            'The port ("{0}") is not valid.'.format(port))
+
+
+class ResolutionError(RFC3986Exception):
+    def __init__(self, uri):
+        super(ResolutionError, self).__init__(
+            "{0} is not an absolute URI.".format(uri.unsplit()))
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/misc.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/misc.py
new file mode 100644
index 00000000000..c599434cde1
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/misc.py
@@ -0,0 +1,214 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) 2014 Rackspace
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""
+rfc3986.misc
+~~~~~~~~~~~~
+
+This module contains important constants, patterns, and compiled regular
+expressions for parsing and validating URIs and their components.
+"""
+
+import re
+
+# These are enumerated for the named tuple used as a superclass of
+# URIReference
+URI_COMPONENTS = ['scheme', 'authority', 'path', 'query', 'fragment']
+
+important_characters = {
+    'generic_delimiters': ":/?#[]@",
+    'sub_delimiters': "!$&'()*+,;=",
+    # We need to escape the '*' in this case
+    're_sub_delimiters': "!$&'()\*+,;=",
+    'unreserved_chars': ('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
+                         '0123456789._~-'),
+    # We need to escape the '-' in this case:
+    're_unreserved': 'A-Za-z0-9._~\-',
+    }
+# For details about delimiters and reserved characters, see:
+# http://tools.ietf.org/html/rfc3986#section-2.2
+GENERIC_DELIMITERS = set(important_characters['generic_delimiters'])
+SUB_DELIMITERS = set(important_characters['sub_delimiters'])
+RESERVED_CHARS = GENERIC_DELIMITERS.union(SUB_DELIMITERS)
+# For details about unreserved characters, see:
+# http://tools.ietf.org/html/rfc3986#section-2.3
+UNRESERVED_CHARS = set(important_characters['unreserved_chars'])
+NON_PCT_ENCODED = RESERVED_CHARS.union(UNRESERVED_CHARS).union('%')
+
+# Extracted from http://tools.ietf.org/html/rfc3986#appendix-B
+component_pattern_dict = {
+    'scheme': '[^:/?#]+',
+    'authority': '[^/?#]*',
+    'path': '[^?#]*',
+    'query': '[^#]*',
+    'fragment': '.*',
+    }
+
+# See http://tools.ietf.org/html/rfc3986#appendix-B
+# In this case, we name each of the important matches so we can use
+# SRE_Match#groupdict to parse the values out if we so choose. This is also
+# modified to ignore other matches that are not important to the parsing of
+# the reference so we can also simply use SRE_Match#groups.
+expression = ('(?:(?P<scheme>{scheme}):)?(?://(?P<authority>{authority}))?'
+              '(?P<path>{path})(?:\?(?P<query>{query}))?'
+              '(?:#(?P<fragment>{fragment}))?'
+              ).format(**component_pattern_dict)
+
+URI_MATCHER = re.compile(expression)
+
+# #########################
+# Authority Matcher Section
+# #########################
+
+# Host patterns, see: http://tools.ietf.org/html/rfc3986#section-3.2.2
+# The pattern for a regular name, e.g.,  www.google.com, api.github.com
+reg_name = '(({0})*|[{1}]*)'.format(
+    '%[0-9A-Fa-f]{2}',
+    important_characters['re_sub_delimiters'] +
+    important_characters['re_unreserved']
+    )
+# The pattern for an IPv4 address, e.g., 192.168.255.255, 127.0.0.1,
+ipv4 = '(\d{1,3}.){3}\d{1,3}'
+# Hexadecimal characters used in each piece of an IPv6 address
+hexdig = '[0-9A-Fa-f]{1,4}'
+# Least-significant 32 bits of an IPv6 address
+ls32 = '({hex}:{hex}|{ipv4})'.format(hex=hexdig, ipv4=ipv4)
+# Substitutions into the following patterns for IPv6 patterns defined
+# http://tools.ietf.org/html/rfc3986#page-20
+subs = {'hex': hexdig, 'ls32': ls32}
+
+# Below: h16 = hexdig, see: https://tools.ietf.org/html/rfc5234 for details
+# about ABNF (Augmented Backus-Naur Form) use in the comments
+variations = [
+    #                            6( h16 ":" ) ls32
+    '(%(hex)s:){6}%(ls32)s' % subs,
+    #                       "::" 5( h16 ":" ) ls32
+    '::(%(hex)s:){5}%(ls32)s' % subs,
+    # [               h16 ] "::" 4( h16 ":" ) ls32
+    '(%(hex)s)?::(%(hex)s:){4}%(ls32)s' % subs,
+    # [ *1( h16 ":" ) h16 ] "::" 3( h16 ":" ) ls32
+    '((%(hex)s:)?%(hex)s)?::(%(hex)s:){3}%(ls32)s' % subs,
+    # [ *2( h16 ":" ) h16 ] "::" 2( h16 ":" ) ls32
+    '((%(hex)s:){0,2}%(hex)s)?::(%(hex)s:){2}%(ls32)s' % subs,
+    # [ *3( h16 ":" ) h16 ] "::"    h16 ":"   ls32
+    '((%(hex)s:){0,3}%(hex)s)?::%(hex)s:%(ls32)s' % subs,
+    # [ *4( h16 ":" ) h16 ] "::"              ls32
+    '((%(hex)s:){0,4}%(hex)s)?::%(ls32)s' % subs,
+    # [ *5( h16 ":" ) h16 ] "::"              h16
+    '((%(hex)s:){0,5}%(hex)s)?::%(hex)s' % subs,
+    # [ *6( h16 ":" ) h16 ] "::"
+    '((%(hex)s:){0,6}%(hex)s)?::' % subs,
+    ]
+
+ipv6 = '(({0})|({1})|({2})|({3})|({4})|({5})|({6})|({7}))'.format(*variations)
+
+ipv_future = 'v[0-9A-Fa-f]+.[%s]+' % (
+    important_characters['re_unreserved'] +
+    important_characters['re_sub_delimiters'] +
+    ':')
+
+ip_literal = '\[({0}|{1})\]'.format(ipv6, ipv_future)
+
+# Pattern for matching the host piece of the authority
+HOST_PATTERN = '({0}|{1}|{2})'.format(reg_name, ipv4, ip_literal)
+
+SUBAUTHORITY_MATCHER = re.compile((
+    '^(?:(?P<userinfo>[A-Za-z0-9_.~\-%:]+)@)?'  # userinfo
+    '(?P<host>{0}?)'  # host
+    ':?(?P<port>\d+)?$'  # port
+    ).format(HOST_PATTERN))
+
+IPv4_MATCHER = re.compile('^' + ipv4 + '$')
+
+
+# ####################
+# Path Matcher Section
+# ####################
+
+# See http://tools.ietf.org/html/rfc3986#section-3.3 for more information
+# about the path patterns defined below.
+
+# Percent encoded character values
+pct_encoded = '%[A-Fa-f0-9]{2}'
+pchar = ('([' + important_characters['re_unreserved']
+         + important_characters['re_sub_delimiters']
+         + ':@]|%s)' % pct_encoded)
+segments = {
+    'segment': pchar + '*',
+    # Non-zero length segment
+    'segment-nz': pchar + '+',
+    # Non-zero length segment without ":"
+    'segment-nz-nc': pchar.replace(':', '') + '+'
+    }
+
+# Path types taken from Section 3.3 (linked above)
+path_empty = '^$'
+path_rootless = '%(segment-nz)s(/%(segment)s)*' % segments
+path_noscheme = '%(segment-nz-nc)s(/%(segment)s)*' % segments
+path_absolute = '/(%s)?' % path_rootless
+path_abempty = '(/%(segment)s)*' % segments
+
+# Matcher used to validate path components
+PATH_MATCHER = re.compile('^(%s|%s|%s|%s|%s)$' % (
+    path_abempty, path_absolute, path_noscheme, path_rootless, path_empty
+    ))
+
+
+# ##################################
+# Query and Fragment Matcher Section
+# ##################################
+
+QUERY_MATCHER = re.compile(
+    '^([/?:@' + important_characters['re_unreserved']
+    + important_characters['re_sub_delimiters']
+    + ']|%s)*$' % pct_encoded)
+
+FRAGMENT_MATCHER = QUERY_MATCHER
+
+# Scheme validation, see: http://tools.ietf.org/html/rfc3986#section-3.1
+SCHEME_MATCHER = re.compile('^[A-Za-z][A-Za-z0-9+.\-]*$')
+
+# Relative reference matcher
+
+# See http://tools.ietf.org/html/rfc3986#section-4.2 for details
+relative_part = '(//%s%s|%s|%s|%s)' % (
+    component_pattern_dict['authority'], path_abempty, path_absolute,
+    path_noscheme, path_empty
+    )
+
+RELATIVE_REF_MATCHER = re.compile('^%s(\?%s)?(#%s)?$' % (
+    relative_part, QUERY_MATCHER.pattern, FRAGMENT_MATCHER.pattern
+    ))
+
+# See http://tools.ietf.org/html/rfc3986#section-3 for definition
+hier_part = '(//%s%s|%s|%s|%s)' % (
+    component_pattern_dict['authority'], path_abempty, path_absolute,
+    path_rootless, path_empty
+    )
+
+# See http://tools.ietf.org/html/rfc3986#section-4.3
+ABSOLUTE_URI_MATCHER = re.compile('^%s:%s(\?%s)?$' % (
+    component_pattern_dict['scheme'], hier_part, QUERY_MATCHER.pattern[1:-1]
+    ))
+
+
+# Path merger as defined in http://tools.ietf.org/html/rfc3986#section-5.2.3
+def merge_paths(base_uri, relative_path):
+    """Merge a base URI's path with a relative URI's path."""
+    if base_uri.path is None and base_uri.authority is not None:
+        return '/' + relative_path
+    else:
+        path = base_uri.path or ''
+        index = path.rfind('/')
+        return path[:index] + '/' + relative_path
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/normalizers.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/normalizers.py
new file mode 100644
index 00000000000..bb0630cb326
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/normalizers.py
@@ -0,0 +1,115 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) 2014 Rackspace
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import re
+
+from .compat import to_bytes
+from .misc import NON_PCT_ENCODED
+
+
+def normalize_scheme(scheme):
+    return scheme.lower()
+
+
+def normalize_authority(authority):
+    userinfo, host, port = authority
+    result = ''
+    if userinfo:
+        result += normalize_percent_characters(userinfo) + '@'
+    if host:
+        result += host.lower()
+    if port:
+        result += ':' + port
+    return result
+
+
+def normalize_path(path):
+    if not path:
+        return path
+
+    path = normalize_percent_characters(path)
+    return remove_dot_segments(path)
+
+
+def normalize_query(query):
+    return normalize_percent_characters(query)
+
+
+def normalize_fragment(fragment):
+    return normalize_percent_characters(fragment)
+
+
+PERCENT_MATCHER = re.compile('%[A-Fa-f0-9]{2}')
+
+
+def normalize_percent_characters(s):
+    """All percent characters should be upper-cased.
+
+    For example, ``"%3afoo%DF%ab"`` should be turned into ``"%3Afoo%DF%AB"``.
+    """
+    matches = set(PERCENT_MATCHER.findall(s))
+    for m in matches:
+        if not m.isupper():
+            s = s.replace(m, m.upper())
+    return s
+
+
+def remove_dot_segments(s):
+    # See http://tools.ietf.org/html/rfc3986#section-5.2.4 for pseudo-code
+    segments = s.split('/')  # Turn the path into a list of segments
+    output = []  # Initialize the variable to use to store output
+
+    for segment in segments:
+        # '.' is the current directory, so ignore it, it is superfluous
+        if segment == '.':
+            continue
+        # Anything other than '..', should be appended to the output
+        elif segment != '..':
+            output.append(segment)
+        # In this case segment == '..', if we can, we should pop the last
+        # element
+        elif output:
+            output.pop()
+
+    # If the path starts with '/' and the output is empty or the first string
+    # is non-empty
+    if s.startswith('/') and (not output or output[0]):
+        output.insert(0, '')
+
+    # If the path starts with '/.' or '/..' ensure we add one more empty
+    # string to add a trailing '/'
+    if s.endswith(('/.', '/..')):
+        output.append('')
+
+    return '/'.join(output)
+
+
+def encode_component(uri_component, encoding):
+    if uri_component is None:
+        return uri_component
+
+    uri_bytes = to_bytes(uri_component, encoding)
+
+    encoded_uri = bytearray()
+
+    for i in range(0, len(uri_bytes)):
+        # Will return a single character bytestring on both Python 2 & 3
+        byte = uri_bytes[i:i+1]
+        byte_ord = ord(byte)
+        if byte_ord < 128 and byte.decode() in NON_PCT_ENCODED:
+            encoded_uri.extend(byte)
+            continue
+        encoded_uri.extend('%{0:02x}'.format(byte_ord).encode())
+
+    return encoded_uri.decode(encoding)
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/parseresult.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/parseresult.py
new file mode 100644
index 00000000000..2def55b636f
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/parseresult.py
@@ -0,0 +1,303 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) 2015 Ian Cordasco
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+from collections import namedtuple
+
+from . import compat
+from . import exceptions
+from . import normalizers
+from . import uri
+
+__all__ = ('ParseResult', 'ParseResultBytes')
+
+PARSED_COMPONENTS = ('scheme', 'userinfo', 'host', 'port', 'path', 'query',
+                     'fragment')
+
+
+class ParseResultMixin(object):
+    def _generate_authority(self, attributes):
+        # I swear I did not align the comparisons below. That's just how they
+        # happened to align based on pep8 and attribute lengths.
+        userinfo, host, port = (attributes[p]
+                                for p in ('userinfo', 'host', 'port'))
+        if (self.userinfo != userinfo or
+                self.host != host or
+                self.port != port):
+            if port:
+                port = '{0}'.format(port)
+            return normalizers.normalize_authority(
+                (compat.to_str(userinfo, self.encoding),
+                 compat.to_str(host, self.encoding),
+                 port)
+            )
+        return self.authority
+
+    def geturl(self):
+        """Standard library shim to the unsplit method."""
+        return self.unsplit()
+
+    @property
+    def hostname(self):
+        """Standard library shim for the host portion of the URI."""
+        return self.host
+
+    @property
+    def netloc(self):
+        """Standard library shim for the authority portion of the URI."""
+        return self.authority
+
+    @property
+    def params(self):
+        """Standard library shim for the query portion of the URI."""
+        return self.query
+
+
+class ParseResult(namedtuple('ParseResult', PARSED_COMPONENTS),
+                  ParseResultMixin):
+    slots = ()
+
+    def __new__(cls, scheme, userinfo, host, port, path, query, fragment,
+                uri_ref, encoding='utf-8'):
+        parse_result = super(ParseResult, cls).__new__(
+            cls,
+            scheme or None,
+            userinfo or None,
+            host,
+            port or None,
+            path or None,
+            query or None,
+            fragment or None)
+        parse_result.encoding = encoding
+        parse_result.reference = uri_ref
+        return parse_result
+
+    @classmethod
+    def from_string(cls, uri_string, encoding='utf-8', strict=True):
+        """Parse a URI from the given unicode URI string.
+
+        :param str uri_string: Unicode URI to be parsed into a reference.
+        :param str encoding: The encoding of the string provided
+        :param bool strict: Parse strictly according to :rfc:`3986` if True.
+            If False, parse similarly to the standard library's urlparse
+            function.
+        :returns: :class:`ParseResult` or subclass thereof
+        """
+        reference = uri.URIReference.from_string(uri_string, encoding)
+        try:
+            subauthority = reference.authority_info()
+        except exceptions.InvalidAuthority:
+            if strict:
+                raise
+            userinfo, host, port = split_authority(reference.authority)
+        else:
+            # Thanks to Richard Barrell for this idea:
+            # https://twitter.com/0x2ba22e11/status/617338811975139328
+            userinfo, host, port = (subauthority.get(p)
+                                    for p in ('userinfo', 'host', 'port'))
+
+        if port:
+            try:
+                port = int(port)
+            except ValueError:
+                raise exceptions.InvalidPort(port)
+
+        return cls(scheme=reference.scheme,
+                   userinfo=userinfo,
+                   host=host,
+                   port=port,
+                   path=reference.path,
+                   query=reference.query,
+                   fragment=reference.fragment,
+                   uri_ref=reference,
+                   encoding=encoding)
+
+    @property
+    def authority(self):
+        """Normalized authority generated from the subauthority parts."""
+        return self.reference.authority
+
+    def copy_with(self, scheme=None, userinfo=None, host=None, port=None,
+                  path=None, query=None, fragment=None):
+        attributes = zip(PARSED_COMPONENTS,
+                         (scheme, userinfo, host, port, path, query, fragment))
+        attrs_dict = {}
+        for name, value in attributes:
+            if value is None:
+                value = getattr(self, name)
+            attrs_dict[name] = value
+        authority = self._generate_authority(attrs_dict)
+        ref = self.reference.copy_with(scheme=attrs_dict['scheme'],
+                                       authority=authority,
+                                       path=attrs_dict['path'],
+                                       query=attrs_dict['query'],
+                                       fragment=attrs_dict['fragment'])
+        return ParseResult(uri_ref=ref, encoding=self.encoding, **attrs_dict)
+
+    def encode(self, encoding=None):
+        encoding = encoding or self.encoding
+        attrs = dict(
+            zip(PARSED_COMPONENTS,
+                (attr.encode(encoding) if hasattr(attr, 'encode') else attr
+                 for attr in self)))
+        return ParseResultBytes(
+            uri_ref=self.reference,
+            encoding=encoding,
+            **attrs
+        )
+
+    def unsplit(self, use_idna=False):
+        """Create a URI string from the components.
+
+        :returns: The parsed URI reconstituted as a string.
+        :rtype: str
+        """
+        parse_result = self
+        if use_idna and self.host:
+            hostbytes = self.host.encode('idna')
+            host = hostbytes.decode(self.encoding)
+            parse_result = self.copy_with(host=host)
+        return parse_result.reference.unsplit()
+
+
+class ParseResultBytes(namedtuple('ParseResultBytes', PARSED_COMPONENTS),
+                       ParseResultMixin):
+    def __new__(cls, scheme, userinfo, host, port, path, query, fragment,
+                uri_ref, encoding='utf-8'):
+        parse_result = super(ParseResultBytes, cls).__new__(
+            cls,
+            scheme or None,
+            userinfo or None,
+            host,
+            port or None,
+            path or None,
+            query or None,
+            fragment or None)
+        parse_result.encoding = encoding
+        parse_result.reference = uri_ref
+        return parse_result
+
+    @classmethod
+    def from_string(cls, uri_string, encoding='utf-8', strict=True):
+        """Parse a URI from the given unicode URI string.
+
+        :param str uri_string: Unicode URI to be parsed into a reference.
+        :param str encoding: The encoding of the string provided
+        :param bool strict: Parse strictly according to :rfc:`3986` if True.
+            If False, parse similarly to the standard library's urlparse
+            function.
+        :returns: :class:`ParseResultBytes` or subclass thereof
+        """
+        reference = uri.URIReference.from_string(uri_string, encoding)
+        try:
+            subauthority = reference.authority_info()
+        except exceptions.InvalidAuthority:
+            if strict:
+                raise
+            userinfo, host, port = split_authority(reference.authority)
+        else:
+            # Thanks to Richard Barrell for this idea:
+            # https://twitter.com/0x2ba22e11/status/617338811975139328
+            userinfo, host, port = (subauthority.get(p)
+                                    for p in ('userinfo', 'host', 'port'))
+
+        if port:
+            try:
+                port = int(port)
+            except ValueError:
+                raise exceptions.InvalidPort(port)
+
+        to_bytes = compat.to_bytes
+        return cls(scheme=to_bytes(reference.scheme, encoding),
+                   userinfo=to_bytes(userinfo, encoding),
+                   host=to_bytes(host, encoding),
+                   port=port,
+                   path=to_bytes(reference.path, encoding),
+                   query=to_bytes(reference.query, encoding),
+                   fragment=to_bytes(reference.fragment, encoding),
+                   uri_ref=reference,
+                   encoding=encoding)
+
+    @property
+    def authority(self):
+        """Normalized authority generated from the subauthority parts."""
+        return self.reference.authority.encode(self.encoding)
+
+    def copy_with(self, scheme=None, userinfo=None, host=None, port=None,
+                  path=None, query=None, fragment=None):
+        attributes = zip(PARSED_COMPONENTS,
+                         (scheme, userinfo, host, port, path, query, fragment))
+        attrs_dict = {}
+        for name, value in attributes:
+            if value is None:
+                value = getattr(self, name)
+            if not isinstance(value, bytes) and hasattr(value, 'encode'):
+                value = value.encode(self.encoding)
+            attrs_dict[name] = value
+        authority = self._generate_authority(attrs_dict)
+        to_str = compat.to_str
+        ref = self.reference.copy_with(
+            scheme=to_str(attrs_dict['scheme'], self.encoding),
+            authority=authority,
+            path=to_str(attrs_dict['path'], self.encoding),
+            query=to_str(attrs_dict['query'], self.encoding),
+            fragment=to_str(attrs_dict['fragment'], self.encoding)
+        )
+        return ParseResultBytes(
+            uri_ref=ref,
+            encoding=self.encoding,
+            **attrs_dict
+        )
+
+    def unsplit(self, use_idna=False):
+        """Create a URI bytes object from the components.
+
+        :returns: The parsed URI reconstituted as a string.
+        :rtype: bytes
+        """
+        parse_result = self
+        if use_idna and self.host:
+            # self.host is bytes, to encode to idna, we need to decode it
+            # first
+            host = self.host.decode(self.encoding)
+            hostbytes = host.encode('idna')
+            parse_result = self.copy_with(host=hostbytes)
+        uri = parse_result.reference.unsplit()
+        return uri.encode(self.encoding)
+
+
+def split_authority(authority):
+    # Initialize our expected return values
+    userinfo = host = port = None
+    # Initialize an extra var we may need to use
+    extra_host = None
+    # Set-up rest in case there is no userinfo portion
+    rest = authority
+
+    if '@' in authority:
+        userinfo, rest = authority.rsplit('@', 1)
+
+    # Handle IPv6 host addresses
+    if rest.startswith('['):
+        host, rest = rest.split(']', 1)
+        host += ']'
+
+    if ':' in rest:
+        extra_host, port = rest.split(':', 1)
+    elif not host and rest:
+        host = rest
+
+    if extra_host and not host:
+        host = extra_host
+
+    return userinfo, host, port
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/uri.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/uri.py
new file mode 100644
index 00000000000..b7f5ccb79ca
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/packages/rfc3986/uri.py
@@ -0,0 +1,385 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) 2014 Rackspace
+# Copyright (c) 2015 Ian Cordasco
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+from collections import namedtuple
+
+from .compat import to_str
+from .exceptions import InvalidAuthority, ResolutionError
+from .misc import (
+    ABSOLUTE_URI_MATCHER, FRAGMENT_MATCHER, IPv4_MATCHER, PATH_MATCHER,
+    QUERY_MATCHER, SCHEME_MATCHER, SUBAUTHORITY_MATCHER, URI_MATCHER,
+    URI_COMPONENTS, merge_paths
+    )
+from .normalizers import (
+    encode_component, normalize_scheme, normalize_authority, normalize_path,
+    normalize_query, normalize_fragment
+    )
+
+
+class URIReference(namedtuple('URIReference', URI_COMPONENTS)):
+    slots = ()
+
+    def __new__(cls, scheme, authority, path, query, fragment,
+                encoding='utf-8'):
+        ref = super(URIReference, cls).__new__(
+            cls,
+            scheme or None,
+            authority or None,
+            path or None,
+            query or None,
+            fragment or None)
+        ref.encoding = encoding
+        return ref
+
+    def __eq__(self, other):
+        other_ref = other
+        if isinstance(other, tuple):
+            other_ref = URIReference(*other)
+        elif not isinstance(other, URIReference):
+            try:
+                other_ref = URIReference.from_string(other)
+            except TypeError:
+                raise TypeError(
+                    'Unable to compare URIReference() to {0}()'.format(
+                        type(other).__name__))
+
+        # See http://tools.ietf.org/html/rfc3986#section-6.2
+        naive_equality = tuple(self) == tuple(other_ref)
+        return naive_equality or self.normalized_equality(other_ref)
+
+    @classmethod
+    def from_string(cls, uri_string, encoding='utf-8'):
+        """Parse a URI reference from the given unicode URI string.
+
+        :param str uri_string: Unicode URI to be parsed into a reference.
+        :param str encoding: The encoding of the string provided
+        :returns: :class:`URIReference` or subclass thereof
+        """
+        uri_string = to_str(uri_string, encoding)
+
+        split_uri = URI_MATCHER.match(uri_string).groupdict()
+        return cls(split_uri['scheme'], split_uri['authority'],
+                   encode_component(split_uri['path'], encoding),
+                   encode_component(split_uri['query'], encoding),
+                   encode_component(split_uri['fragment'], encoding), encoding)
+
+    def authority_info(self):
+        """Returns a dictionary with the ``userinfo``, ``host``, and ``port``.
+
+        If the authority is not valid, it will raise a ``InvalidAuthority``
+        Exception.
+
+        :returns:
+            ``{'userinfo': 'username:password', 'host': 'www.example.com',
+            'port': '80'}``
+        :rtype: dict
+        :raises InvalidAuthority: If the authority is not ``None`` and can not
+            be parsed.
+        """
+        if not self.authority:
+            return {'userinfo': None, 'host': None, 'port': None}
+
+        match = SUBAUTHORITY_MATCHER.match(self.authority)
+
+        if match is None:
+            # In this case, we have an authority that was parsed from the URI
+            # Reference, but it cannot be further parsed by our
+            # SUBAUTHORITY_MATCHER. In this case it must not be a valid
+            # authority.
+            raise InvalidAuthority(self.authority.encode(self.encoding))
+
+        # We had a match, now let's ensure that it is actually a valid host
+        # address if it is IPv4
+        matches = match.groupdict()
+        host = matches.get('host')
+
+        if (host and IPv4_MATCHER.match(host) and not
+                valid_ipv4_host_address(host)):
+            # If we have a host, it appears to be IPv4 and it does not have
+            # valid bytes, it is an InvalidAuthority.
+            raise InvalidAuthority(self.authority.encode(self.encoding))
+
+        return matches
+
+    @property
+    def host(self):
+        """If present, a string representing the host."""
+        try:
+            authority = self.authority_info()
+        except InvalidAuthority:
+            return None
+        return authority['host']
+
+    @property
+    def port(self):
+        """If present, the port (as a string) extracted from the authority."""
+        try:
+            authority = self.authority_info()
+        except InvalidAuthority:
+            return None
+        return authority['port']
+
+    @property
+    def userinfo(self):
+        """If present, the userinfo extracted from the authority."""
+        try:
+            authority = self.authority_info()
+        except InvalidAuthority:
+            return None
+        return authority['userinfo']
+
+    def is_absolute(self):
+        """Determine if this URI Reference is an absolute URI.
+
+        See http://tools.ietf.org/html/rfc3986#section-4.3 for explanation.
+
+        :returns: ``True`` if it is an absolute URI, ``False`` otherwise.
+        :rtype: bool
+        """
+        return bool(ABSOLUTE_URI_MATCHER.match(self.unsplit()))
+
+    def is_valid(self, **kwargs):
+        """Determines if the URI is valid.
+
+        :param bool require_scheme: Set to ``True`` if you wish to require the
+            presence of the scheme component.
+        :param bool require_authority: Set to ``True`` if you wish to require
+            the presence of the authority component.
+        :param bool require_path: Set to ``True`` if you wish to require the
+            presence of the path component.
+        :param bool require_query: Set to ``True`` if you wish to require the
+            presence of the query component.
+        :param bool require_fragment: Set to ``True`` if you wish to require
+            the presence of the fragment component.
+        :returns: ``True`` if the URI is valid. ``False`` otherwise.
+        :rtype: bool
+        """
+        validators = [
+            (self.scheme_is_valid, kwargs.get('require_scheme', False)),
+            (self.authority_is_valid, kwargs.get('require_authority', False)),
+            (self.path_is_valid, kwargs.get('require_path', False)),
+            (self.query_is_valid, kwargs.get('require_query', False)),
+            (self.fragment_is_valid, kwargs.get('require_fragment', False)),
+            ]
+        return all(v(r) for v, r in validators)
+
+    def _is_valid(self, value, matcher, require):
+        if require:
+            return (value is not None
+                    and matcher.match(value))
+
+        # require is False and value is not None
+        return value is None or matcher.match(value)
+
+    def authority_is_valid(self, require=False):
+        """Determines if the authority component is valid.
+
+        :param str require: Set to ``True`` to require the presence of this
+            component.
+        :returns: ``True`` if the authority is valid. ``False`` otherwise.
+        :rtype: bool
+        """
+        try:
+            self.authority_info()
+        except InvalidAuthority:
+            return False
+
+        is_valid = self._is_valid(self.authority,
+                                  SUBAUTHORITY_MATCHER,
+                                  require)
+
+        # Ensure that IPv4 addresses have valid bytes
+        if is_valid and self.host and IPv4_MATCHER.match(self.host):
+            return valid_ipv4_host_address(self.host)
+
+        # Perhaps the host didn't exist or if it did, it wasn't an IPv4-like
+        # address. In either case, we want to rely on the `_is_valid` check,
+        # so let's return that.
+        return is_valid
+
+    def scheme_is_valid(self, require=False):
+        """Determines if the scheme component is valid.
+
+        :param str require: Set to ``True`` to require the presence of this
+            component.
+        :returns: ``True`` if the scheme is valid. ``False`` otherwise.
+        :rtype: bool
+        """
+        return self._is_valid(self.scheme, SCHEME_MATCHER, require)
+
+    def path_is_valid(self, require=False):
+        """Determines if the path component is valid.
+
+        :param str require: Set to ``True`` to require the presence of this
+            component.
+        :returns: ``True`` if the path is valid. ``False`` otherwise.
+        :rtype: bool
+        """
+        return self._is_valid(self.path, PATH_MATCHER, require)
+
+    def query_is_valid(self, require=False):
+        """Determines if the query component is valid.
+
+        :param str require: Set to ``True`` to require the presence of this
+            component.
+        :returns: ``True`` if the query is valid. ``False`` otherwise.
+        :rtype: bool
+        """
+        return self._is_valid(self.query, QUERY_MATCHER, require)
+
+    def fragment_is_valid(self, require=False):
+        """Determines if the fragment component is valid.
+
+        :param str require: Set to ``True`` to require the presence of this
+            component.
+        :returns: ``True`` if the fragment is valid. ``False`` otherwise.
+        :rtype: bool
+        """
+        return self._is_valid(self.fragment, FRAGMENT_MATCHER, require)
+
+    def normalize(self):
+        """Normalize this reference as described in Section 6.2.2
+
+        This is not an in-place normalization. Instead this creates a new
+        URIReference.
+
+        :returns: A new reference object with normalized components.
+        :rtype: URIReference
+        """
+        # See http://tools.ietf.org/html/rfc3986#section-6.2.2 for logic in
+        # this method.
+        return URIReference(normalize_scheme(self.scheme or ''),
+                            normalize_authority(
+                                (self.userinfo, self.host, self.port)),
+                            normalize_path(self.path or ''),
+                            normalize_query(self.query or ''),
+                            normalize_fragment(self.fragment or ''))
+
+    def normalized_equality(self, other_ref):
+        """Compare this URIReference to another URIReference.
+
+        :param URIReference other_ref: (required), The reference with which
+            we're comparing.
+        :returns: ``True`` if the references are equal, ``False`` otherwise.
+        :rtype: bool
+        """
+        return tuple(self.normalize()) == tuple(other_ref.normalize())
+
+    def resolve_with(self, base_uri, strict=False):
+        """Use an absolute URI Reference to resolve this relative reference.
+
+        Assuming this is a relative reference that you would like to resolve,
+        use the provided base URI to resolve it.
+
+        See http://tools.ietf.org/html/rfc3986#section-5 for more information.
+
+        :param base_uri: Either a string or URIReference. It must be an
+            absolute URI or it will raise an exception.
+        :returns: A new URIReference which is the result of resolving this
+            reference using ``base_uri``.
+        :rtype: :class:`URIReference`
+        :raises ResolutionError: If the ``base_uri`` is not an absolute URI.
+        """
+        if not isinstance(base_uri, URIReference):
+            base_uri = URIReference.from_string(base_uri)
+
+        if not base_uri.is_absolute():
+            raise ResolutionError(base_uri)
+
+        # This is optional per
+        # http://tools.ietf.org/html/rfc3986#section-5.2.1
+        base_uri = base_uri.normalize()
+
+        # The reference we're resolving
+        resolving = self
+
+        if not strict and resolving.scheme == base_uri.scheme:
+            resolving = resolving.copy_with(scheme=None)
+
+        # http://tools.ietf.org/html/rfc3986#page-32
+        if resolving.scheme is not None:
+            target = resolving.copy_with(path=normalize_path(resolving.path))
+        else:
+            if resolving.authority is not None:
+                target = resolving.copy_with(
+                    scheme=base_uri.scheme,
+                    path=normalize_path(resolving.path)
+                )
+            else:
+                if resolving.path is None:
+                    if resolving.query is not None:
+                        query = resolving.query
+                    else:
+                        query = base_uri.query
+                    target = resolving.copy_with(
+                        scheme=base_uri.scheme,
+                        authority=base_uri.authority,
+                        path=base_uri.path,
+                        query=query
+                    )
+                else:
+                    if resolving.path.startswith('/'):
+                        path = normalize_path(resolving.path)
+                    else:
+                        path = normalize_path(
+                            merge_paths(base_uri, resolving.path)
+                        )
+                    target = resolving.copy_with(
+                        scheme=base_uri.scheme,
+                        authority=base_uri.authority,
+                        path=path,
+                        query=resolving.query
+                    )
+        return target
+
+    def unsplit(self):
+        """Create a URI string from the components.
+
+        :returns: The URI Reference reconstituted as a string.
+        :rtype: str
+        """
+        # See http://tools.ietf.org/html/rfc3986#section-5.3
+        result_list = []
+        if self.scheme:
+            result_list.extend([self.scheme, ':'])
+        if self.authority:
+            result_list.extend(['//', self.authority])
+        if self.path:
+            result_list.append(self.path)
+        if self.query:
+            result_list.extend(['?', self.query])
+        if self.fragment:
+            result_list.extend(['#', self.fragment])
+        return ''.join(result_list)
+
+    def copy_with(self, scheme=None, authority=None, path=None, query=None,
+                  fragment=None):
+        attributes = {
+            'scheme': scheme,
+            'authority': authority,
+            'path': path,
+            'query': query,
+            'fragment': fragment,
+        }
+        for key, value in list(attributes.items()):
+            if value is None:
+                del attributes[key]
+        return self._replace(**attributes)
+
+
+def valid_ipv4_host_address(host):
+    # If the host exists, and it might be IPv4, check each byte in the
+    # address.
+    return all([0 <= int(byte, base=10) <= 255 for byte in host.split('.')])
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/ssl_compat.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/ssl_compat.py
new file mode 100644
index 00000000000..976b6235931
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/ssl_compat.py
@@ -0,0 +1,307 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/ssl_compat
+~~~~~~~~~
+
+Shoves pyOpenSSL into an API that looks like the standard Python 3.x ssl
+module.
+
+Currently exposes exactly those attributes, classes, and methods that we
+actually use in hyper (all method signatures are complete, however). May be
+expanded to something more general-purpose in the future.
+"""
+try:
+    import StringIO as BytesIO
+except ImportError:
+    from io import BytesIO
+import errno
+import socket
+import time
+
+from OpenSSL import SSL as ossl
+from service_identity.pyopenssl import verify_hostname as _verify
+
+CERT_NONE = ossl.VERIFY_NONE
+CERT_REQUIRED = ossl.VERIFY_PEER | ossl.VERIFY_FAIL_IF_NO_PEER_CERT
+
+_OPENSSL_ATTRS = dict(
+    OP_NO_COMPRESSION='OP_NO_COMPRESSION',
+    PROTOCOL_TLSv1_2='TLSv1_2_METHOD',
+    PROTOCOL_SSLv23='SSLv23_METHOD',
+)
+
+for external, internal in _OPENSSL_ATTRS.items():
+    value = getattr(ossl, internal, None)
+    if value:
+        locals()[external] = value
+
+OP_ALL = 0
+# TODO: Find out the names of these other flags.
+for bit in [31] + list(range(10)):
+    OP_ALL |= 1 << bit
+
+HAS_NPN = True
+
+
+def _proxy(method):
+    def inner(self, *args, **kwargs):
+        return getattr(self._conn, method)(*args, **kwargs)
+    return inner
+
+# Referenced in hyper/http20/connection.py. These values come
+# from the python ssl package, and must be defined in this file
+# for hyper to work in python versions <2.7.9
+SSL_ERROR_WANT_READ = 2
+SSL_ERROR_WANT_WRITE = 3
+
+
+# TODO missing some attributes
+class SSLError(OSError):
+    pass
+
+
+class CertificateError(SSLError):
+    pass
+
+
+def verify_hostname(ssl_sock, server_hostname):
+    """
+    A method nearly compatible with the stdlib's match_hostname.
+    """
+    if isinstance(server_hostname, bytes):
+        server_hostname = server_hostname.decode('ascii')
+    return _verify(ssl_sock._conn, server_hostname)
+
+
+class SSLSocket(object):
+    SSL_TIMEOUT = 3
+    SSL_RETRY = .01
+
+    def __init__(self, conn, server_side, do_handshake_on_connect,
+                 suppress_ragged_eofs, server_hostname, check_hostname):
+        self._conn = conn
+        self._do_handshake_on_connect = do_handshake_on_connect
+        self._suppress_ragged_eofs = suppress_ragged_eofs
+        self._check_hostname = check_hostname
+
+        if server_side:
+            self._conn.set_accept_state()
+        else:
+            if server_hostname:
+                self._conn.set_tlsext_host_name(
+                    server_hostname.encode('utf-8')
+                )
+                self._server_hostname = server_hostname
+            # FIXME does this override do_handshake_on_connect=False?
+            self._conn.set_connect_state()
+
+        if self.connected and self._do_handshake_on_connect:
+            self.do_handshake()
+
+    @property
+    def connected(self):
+        try:
+            self._conn.getpeername()
+        except socket.error as e:
+            if e.errno != errno.ENOTCONN:
+                # It's an exception other than the one we expected if we're not
+                # connected.
+                raise
+            return False
+        return True
+
+    # Lovingly stolen from CherryPy
+    # (http://svn.cherrypy.org/tags/cherrypy-3.2.1/cherrypy/wsgiserver/ssl_pyopenssl.py).
+    def _safe_ssl_call(self, suppress_ragged_eofs, call, *args, **kwargs):
+        """Wrap the given call with SSL error-trapping."""
+        start = time.time()
+        while True:
+            try:
+                return call(*args, **kwargs)
+            except (ossl.WantReadError, ossl.WantWriteError):
+                # Sleep and try again. This is dangerous, because it means
+                # the rest of the stack has no way of differentiating
+                # between a "new handshake" error and "client dropped".
+                # Note this isn't an endless loop: there's a timeout below.
+                time.sleep(self.SSL_RETRY)
+            except ossl.Error as e:
+                if suppress_ragged_eofs and e.args == (-1, 'Unexpected EOF'):
+                    return b''
+                raise socket.error(e.args[0])
+
+            if time.time() - start > self.SSL_TIMEOUT:
+                raise socket.timeout('timed out')
+
+    def connect(self, address):
+        self._conn.connect(address)
+        if self._do_handshake_on_connect:
+            self.do_handshake()
+
+    def do_handshake(self):
+        self._safe_ssl_call(False, self._conn.do_handshake)
+        if self._check_hostname:
+            verify_hostname(self, self._server_hostname)
+
+    def recv(self, bufsize, flags=None):
+        return self._safe_ssl_call(
+            self._suppress_ragged_eofs,
+            self._conn.recv,
+            bufsize,
+            flags
+        )
+
+    def recv_into(self, buffer, bufsize=None, flags=None):
+        # A temporary recv_into implementation. Should be replaced when
+        # PyOpenSSL has merged pyca/pyopenssl#121.
+        if bufsize is None:
+            bufsize = len(buffer)
+
+        data = self.recv(bufsize, flags)
+        data_len = len(data)
+        buffer[0:data_len] = data
+        return data_len
+
+    def send(self, data, flags=None):
+        return self._safe_ssl_call(False, self._conn.send, data, flags)
+
+    def sendall(self, data, flags=None):
+        return self._safe_ssl_call(False, self._conn.sendall, data, flags)
+
+    def selected_npn_protocol(self):
+        proto = self._conn.get_next_proto_negotiated()
+        if isinstance(proto, bytes):
+            proto = proto.decode('ascii')
+
+        return proto if proto else None
+
+    def selected_alpn_protocol(self):
+        proto = self._conn.get_alpn_proto_negotiated()
+        if isinstance(proto, bytes):
+            proto = proto.decode('ascii')
+
+        return proto if proto else None
+
+    def getpeercert(self):
+        def resolve_alias(alias):
+            return dict(
+                C='countryName',
+                ST='stateOrProvinceName',
+                L='localityName',
+                O='organizationName',
+                OU='organizationalUnitName',
+                CN='commonName',
+            ).get(alias, alias)
+
+        def to_components(name):
+            # TODO Verify that these are actually *supposed* to all be
+            # single-element tuples, and that's not just a quirk of the
+            # examples I've seen.
+            return tuple(
+                [
+                    (resolve_alias(k.decode('utf-8'), v.decode('utf-8')),)
+                    for k, v in name.get_components()
+                ]
+            )
+
+        # The standard getpeercert() takes the nice X509 object tree returned
+        # by OpenSSL and turns it into a dict according to some format it seems
+        # to have made up on the spot. Here, we do our best to emulate that.
+        cert = self._conn.get_peer_certificate()
+        result = dict(
+            issuer=to_components(cert.get_issuer()),
+            subject=to_components(cert.get_subject()),
+            version=cert.get_subject(),
+            serialNumber=cert.get_serial_number(),
+            notBefore=cert.get_notBefore(),
+            notAfter=cert.get_notAfter(),
+        )
+        # TODO extensions, including subjectAltName
+        # (see _decode_certificate in _ssl.c)
+        return result
+
+    # a dash of magic to reduce boilerplate
+    methods = ['accept', 'bind', 'close', 'getsockname', 'listen', 'fileno']
+    for method in methods:
+        locals()[method] = _proxy(method)
+
+
+class SSLContext(object):
+    def __init__(self, protocol):
+        self.protocol = protocol
+        self._ctx = ossl.Context(protocol)
+        self.options = OP_ALL
+        self.check_hostname = False
+        self.npn_protos = []
+
+    @property
+    def options(self):
+        return self._options
+
+    @options.setter
+    def options(self, value):
+        self._options = value
+        self._ctx.set_options(value)
+
+    @property
+    def verify_mode(self):
+        return self._ctx.get_verify_mode()
+
+    @verify_mode.setter
+    def verify_mode(self, value):
+        # TODO verify exception is raised on failure
+        self._ctx.set_verify(
+            value, lambda conn, cert, errnum, errdepth, ok: ok
+        )
+
+    def set_default_verify_paths(self):
+        self._ctx.set_default_verify_paths()
+
+    def load_verify_locations(self, cafile=None, capath=None, cadata=None):
+        # TODO factor out common code
+        if cafile is not None:
+            cafile = cafile.encode('utf-8')
+        if capath is not None:
+            capath = capath.encode('utf-8')
+        self._ctx.load_verify_locations(cafile, capath)
+        if cadata is not None:
+            self._ctx.load_verify_locations(BytesIO(cadata))
+
+    def load_cert_chain(self, certfile, keyfile=None, password=None):
+        self._ctx.use_certificate_file(certfile)
+        if password is not None:
+            self._ctx.set_passwd_cb(
+                lambda max_length, prompt_twice, userdata: password
+            )
+        self._ctx.use_privatekey_file(keyfile or certfile)
+
+    def set_npn_protocols(self, protocols):
+        self.protocols = list(map(lambda x: x.encode('ascii'), protocols))
+
+        def cb(conn, protos):
+            # Detect the overlapping set of protocols.
+            overlap = set(protos) & set(self.protocols)
+
+            # Select the option that comes last in the list in the overlap.
+            for p in self.protocols:
+                if p in overlap:
+                    return p
+            else:
+                return b''
+
+        self._ctx.set_npn_select_callback(cb)
+
+    def set_alpn_protocols(self, protocols):
+        protocols = list(map(lambda x: x.encode('ascii'), protocols))
+        self._ctx.set_alpn_protos(protocols)
+
+    def wrap_socket(self,
+                    sock,
+                    server_side=False,
+                    do_handshake_on_connect=True,
+                    suppress_ragged_eofs=True,
+                    server_hostname=None):
+        conn = ossl.Connection(self._ctx, sock)
+        return SSLSocket(conn, server_side, do_handshake_on_connect,
+                         suppress_ragged_eofs, server_hostname,
+                         # TODO what if this is changed after the fact?
+                         self.check_hostname)
diff --git a/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/tls.py b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/tls.py
new file mode 100644
index 00000000000..422b001cda8
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/third_party/hyper/hyper/tls.py
@@ -0,0 +1,133 @@
+# -*- coding: utf-8 -*-
+"""
+hyper/tls
+~~~~~~~~~
+
+Contains the TLS/SSL logic for use in hyper.
+"""
+import os.path as path
+from .common.exceptions import MissingCertFile
+from .compat import ignore_missing, ssl
+
+
+NPN_PROTOCOL = 'h2'
+H2_NPN_PROTOCOLS = [NPN_PROTOCOL, 'h2-16', 'h2-15', 'h2-14']
+SUPPORTED_NPN_PROTOCOLS = H2_NPN_PROTOCOLS + ['http/1.1']
+
+H2C_PROTOCOL = 'h2c'
+
+# We have a singleton SSLContext object. There's no reason to be creating one
+# per connection.
+_context = None
+
+# Work out where our certificates are.
+cert_loc = path.join(path.dirname(__file__), 'certs.pem')
+
+
+def wrap_socket(sock, server_hostname, ssl_context=None, force_proto=None):
+    """
+    A vastly simplified SSL wrapping function. We'll probably extend this to
+    do more things later.
+    """
+
+    global _context
+
+    if ssl_context:
+        # if an SSLContext is provided then use it instead of default context
+        _ssl_context = ssl_context
+    else:
+        # create the singleton SSLContext we use
+        if _context is None:  # pragma: no cover
+            _context = init_context()
+        _ssl_context = _context
+
+    # the spec requires SNI support
+    ssl_sock = _ssl_context.wrap_socket(sock, server_hostname=server_hostname)
+    # Setting SSLContext.check_hostname to True only verifies that the
+    # post-handshake servername matches that of the certificate. We also need
+    # to check that it matches the requested one.
+    if _ssl_context.check_hostname:  # pragma: no cover
+        try:
+            ssl.match_hostname(ssl_sock.getpeercert(), server_hostname)
+        except AttributeError:
+            ssl.verify_hostname(ssl_sock, server_hostname)  # pyopenssl
+
+    # Allow for the protocol to be forced externally.
+    proto = force_proto
+
+    # ALPN is newer, so we prefer it over NPN. The odds of us getting
+    # different answers is pretty low, but let's be sure.
+    with ignore_missing():
+        if proto is None:
+            proto = ssl_sock.selected_alpn_protocol()
+
+    with ignore_missing():
+        if proto is None:
+            proto = ssl_sock.selected_npn_protocol()
+
+    return (ssl_sock, proto)
+
+
+def init_context(cert_path=None, cert=None, cert_password=None):
+    """
+    Create a new ``SSLContext`` that is correctly set up for an HTTP/2
+    connection. This SSL context object can be customized and passed as a
+    parameter to the :class:`HTTPConnection <hyper.HTTPConnection>` class.
+    Provide your own certificate file in case you don’t want to use hyper’s
+    default certificate. The path to the certificate can be absolute or
+    relative to your working directory.
+
+    :param cert_path: (optional) The path to the certificate file of
+        “certification authority” (CA) certificates
+    :param cert: (optional) if string, path to ssl client cert file (.pem).
+        If tuple, ('cert', 'key') pair.
+        The certfile string must be the path to a single file in PEM format
+        containing the certificate as well as any number of CA certificates
+        needed to establish the certificate’s authenticity. The keyfile string,
+        if present, must point to a file containing the private key in.
+        Otherwise the private key will be taken from certfile as well.
+    :param cert_password: (optional) The password argument may be a function to
+        call to get the password for decrypting the private key. It will only
+        be called if the private key is encrypted and a password is necessary.
+        It will be called with no arguments, and it should return a string,
+        bytes, or bytearray. If the return value is a string it will be
+        encoded as UTF-8 before using it to decrypt the key. Alternatively a
+        string, bytes, or bytearray value may be supplied directly as the
+        password argument. It will be ignored if the private key is not
+        encrypted and no password is needed.
+    :returns: An ``SSLContext`` correctly set up for HTTP/2.
+    """
+    cafile = cert_path or cert_loc
+    if not cafile or not path.exists(cafile):
+        err_msg = ("No certificate found at " + str(cafile) + ". Either " +
+                   "ensure the default cert.pem file is included in the " +
+                   "distribution or provide a custom certificate when " +
+                   "creating the connection.")
+        raise MissingCertFile(err_msg)
+
+    context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+    context.set_default_verify_paths()
+    context.load_verify_locations(cafile=cafile)
+    context.verify_mode = ssl.CERT_REQUIRED
+    context.check_hostname = True
+
+    with ignore_missing():
+        context.set_npn_protocols(SUPPORTED_NPN_PROTOCOLS)
+
+    with ignore_missing():
+        context.set_alpn_protocols(SUPPORTED_NPN_PROTOCOLS)
+
+    # required by the spec
+    context.options |= ssl.OP_NO_COMPRESSION
+
+    if cert is not None:
+        try:
+            basestring
+        except NameError:
+            basestring = (str, bytes)
+        if not isinstance(cert, basestring):
+            context.load_cert_chain(cert[0], cert[1], cert_password)
+        else:
+            context.load_cert_chain(cert, password=cert_password)
+
+    return context
diff --git a/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/wptrunner.py b/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/wptrunner.py
index 1ee4d54c71e..aab5996afd9 100644
--- a/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/wptrunner.py
+++ b/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/wptrunner.py
@@ -238,15 +238,10 @@ def run_tests(config, test_paths, product, **kwargs):
                     if test_type == "testharness":
                         run_tests = {"testharness": []}
                         for test in test_loader.tests["testharness"]:
-                            if test.testdriver and not executor_cls.supports_testdriver:
+                            if (test.testdriver and not executor_cls.supports_testdriver) or (
+                                    test.jsshell and not executor_cls.supports_jsshell):
                                 logger.test_start(test.id)
                                 logger.test_end(test.id, status="SKIP")
-                            elif test.jsshell and not executor_cls.supports_jsshell:
-                                # We expect that tests for JavaScript shells
-                                # will not be run along with tests that run in
-                                # a full web browser, so we silently skip them
-                                # here.
-                                pass
                             else:
                                 run_tests["testharness"].append(test)
                     else:
diff --git a/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/base.py b/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/base.py
index ad8109822a8..e49c8287c59 100644
--- a/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/base.py
+++ b/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/base.py
@@ -11,6 +11,10 @@ from six.moves.urllib.request import Request as BaseRequest
 from six.moves.urllib.request import urlopen
 from six import binary_type, iteritems
 
+from hyper import HTTP20Connection, tls
+import ssl
+from localpaths import repo_root
+
 wptserve = pytest.importorskip("wptserve")
 
 logging.basicConfig()
@@ -74,3 +78,28 @@ class TestUsingServer(unittest.TestCase):
             req.add_header("Authorization", "Basic %s" % base64.b64encode('%s:%s' % auth))
 
         return urlopen(req)
+
+
+@pytest.mark.skipif(not wptserve.utils.http2_compatible(), reason="h2 server only works in python 2.7.15")
+class TestUsingH2Server:
+    def setup_method(self, test_method):
+        self.server = wptserve.server.WebTestHttpd(host="localhost",
+                                                   port=0,
+                                                   use_ssl=True,
+                                                   doc_root=doc_root,
+                                                   key_file=os.path.join(repo_root, "tools", "certs", "web-platform.test.key"),
+                                                   certificate=os.path.join(repo_root, "tools", "certs", "web-platform.test.pem"),
+                                                   handler_cls=wptserve.server.Http2WebTestRequestHandler,
+                                                   http2=True)
+        self.server.start(False)
+
+        context = tls.init_context()
+        context.check_hostname = False
+        context.verify_mode = ssl.CERT_NONE
+        context.set_alpn_protocols(['h2'])
+        self.conn = HTTP20Connection('%s:%i' % (self.server.host, self.server.port), enable_push=True, secure=True, ssl_context=context)
+        self.conn.connect()
+
+    def teardown_method(self, test_method):
+        self.conn.close()
+        self.server.stop()
diff --git a/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/docroot/test_h2_data.py b/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/docroot/test_h2_data.py
new file mode 100644
index 00000000000..ffd6586d393
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/docroot/test_h2_data.py
@@ -0,0 +1,2 @@
+def handle_data(frame, request, response):
+    response.content = frame.data[::-1]
diff --git a/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/docroot/test_h2_headers.py b/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/docroot/test_h2_headers.py
new file mode 100644
index 00000000000..60e72d94925
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/docroot/test_h2_headers.py
@@ -0,0 +1,3 @@
+def handle_headers(frame, request, response):
+    response.status = 203
+    response.headers.update([('test', 'passed')])
diff --git a/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/docroot/test_h2_headers_data.py b/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/docroot/test_h2_headers_data.py
new file mode 100644
index 00000000000..74a81f81f24
--- /dev/null
+++ b/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/docroot/test_h2_headers_data.py
@@ -0,0 +1,6 @@
+def handle_headers(frame, request, response):
+    response.status = 203
+    response.headers.update([('test', 'passed')])
+
+def handle_data(frame, request, response):
+    response.content = frame.data[::-1]
diff --git a/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/test_handlers.py b/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/test_handlers.py
index 4c6d37196a1..15c7cb7e803 100644
--- a/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/test_handlers.py
+++ b/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/test_handlers.py
@@ -8,7 +8,7 @@ import pytest
 from six.moves.urllib.error import HTTPError
 
 wptserve = pytest.importorskip("wptserve")
-from .base import TestUsingServer, doc_root
+from .base import TestUsingServer, TestUsingH2Server, doc_root
 
 
 class TestFileHandler(TestUsingServer):
@@ -323,5 +323,79 @@ class TestAsIsHandler(TestUsingServer):
         self.assertEqual("Content", resp.read())
         #Add a check that the response is actually sane
 
+
+class TestH2Handler(TestUsingH2Server):
+    def test_handle_headers(self):
+        self.conn.request("GET", '/test_h2_headers.py')
+        resp = self.conn.get_response()
+
+        assert resp.status == 203
+        assert resp.headers['test'][0] == 'passed'
+        assert resp.read() == ''
+
+    def test_only_main(self):
+        self.conn.request("GET", '/test_tuple_3.py')
+        resp = self.conn.get_response()
+
+        assert resp.status == 202
+        assert resp.headers['Content-Type'][0] == 'text/html'
+        assert resp.headers['X-Test'][0] == 'PASS'
+        assert resp.read() == b'PASS'
+
+    def test_handle_data(self):
+        self.conn.request("POST", '/test_h2_data.py', body="hello world!")
+        resp = self.conn.get_response()
+
+        assert resp.status == 200
+        assert resp.read() == b'!dlrow olleh'
+
+    def test_handle_headers_data(self):
+        self.conn.request("POST", '/test_h2_headers_data.py', body="hello world!")
+        resp = self.conn.get_response()
+
+        assert resp.status == 203
+        assert resp.headers['test'][0] == 'passed'
+        assert resp.read() == b'!dlrow olleh'
+
+    def test_no_main_or_handlers(self):
+        self.conn.request("GET", '/no_main.py')
+        resp = self.conn.get_response()
+
+        assert resp.status == 500
+        assert "No main function or handlers in script " in json.loads(resp.read())["error"]["message"]
+
+    def test_not_found(self):
+        self.conn.request("GET", '/no_exist.py')
+        resp = self.conn.get_response()
+
+        assert resp.status == 404
+
+    def test_requesting_multiple_resources(self):
+        # 1st .py resource
+        self.conn.request("GET", '/test_h2_headers.py')
+        resp = self.conn.get_response()
+
+        assert resp.status == 203
+        assert resp.headers['test'][0] == 'passed'
+        assert resp.read() == ''
+
+        # 2nd .py resource
+        self.conn.request("GET", '/test_tuple_3.py')
+        resp = self.conn.get_response()
+
+        assert resp.status == 202
+        assert resp.headers['Content-Type'][0] == 'text/html'
+        assert resp.headers['X-Test'][0] == 'PASS'
+        assert resp.read() == b'PASS'
+
+        # 3rd .py resource
+        self.conn.request("GET", '/test_h2_headers.py')
+        resp = self.conn.get_response()
+
+        assert resp.status == 203
+        assert resp.headers['test'][0] == 'passed'
+        assert resp.read() == ''
+
+
 if __name__ == '__main__':
     unittest.main()
diff --git a/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/test_response.py b/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/test_response.py
index 0842e024f9e..daf8e6ed002 100644
--- a/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/test_response.py
+++ b/tests/wpt/web-platform-tests/tools/wptserve/tests/functional/test_response.py
@@ -1,13 +1,15 @@
 import sys
 import os
 import unittest
+import json
 from types import MethodType
+from io import BytesIO
 
 import pytest
 
 wptserve = pytest.importorskip("wptserve")
-from .base import TestUsingServer, doc_root
-
+from .base import TestUsingServer, TestUsingH2Server, doc_root
+from hyper.h2.exceptions import ProtocolError
 
 def send_body_as_header(self):
     if self._response.add_required_headers:
@@ -182,5 +184,213 @@ class TestResponse(TestUsingServer):
         resp = self.request(route[1])
         assert resp.read() == resp_content
 
+
+class TestH2Response(TestUsingH2Server):
+    def test_write_without_ending_stream(self):
+        data = b"TEST"
+
+        @wptserve.handlers.handler
+        def handler(request, response):
+            headers = [
+                ('server', 'test-h2'),
+                ('test', 'PASS'),
+            ]
+            response.writer.write_headers(headers, 202)
+            response.writer.write_data_frame(data, False)
+
+            # Should detect stream isn't ended and call `writer.end_stream()`
+
+        route = ("GET", "/h2test/test", handler)
+        self.server.router.register(*route)
+        self.conn.request(route[0], route[1])
+        resp = self.conn.get_response()
+
+        assert resp.status == 202
+        assert [x for x in resp.headers.items()] == [('server', 'test-h2'), ('test', 'PASS')]
+        assert resp.read() == data
+
+    def test_push(self):
+        data = b"TEST"
+        push_data = b"PUSH TEST"
+
+        @wptserve.handlers.handler
+        def handler(request, response):
+            headers = [
+                ('server', 'test-h2'),
+                ('test', 'PASS'),
+            ]
+            response.writer.write_headers(headers, 202)
+
+            promise_headers = [
+                (':method', 'GET'),
+                (':path', '/push-test'),
+                (':scheme', 'https'),
+                (':authority', '%s:%i' % (self.server.host, self.server.port))
+            ]
+            push_headers = [
+                ('server', 'test-h2'),
+                ('content-length', str(len(push_data))),
+                ('content-type', 'text'),
+            ]
+
+            response.writer.write_push(
+                promise_headers,
+                push_stream_id=10,
+                status=203,
+                response_headers=push_headers,
+                response_data=push_data
+            )
+            response.writer.write_data_frame(data, True)
+
+        route = ("GET", "/h2test/test_push", handler)
+        self.server.router.register(*route)
+        self.conn.request(route[0], route[1])
+        resp = self.conn.get_response()
+
+        assert resp.status == 202
+        assert [x for x in resp.headers.items()] == [('server', 'test-h2'), ('test', 'PASS')]
+        assert resp.read() == data
+
+        push_promise = next(self.conn.get_pushes())
+        push = push_promise.get_response()
+        assert push_promise.path == '/push-test'
+        assert push.status == 203
+        assert push.read() == push_data
+
+    def test_set_error(self):
+        @wptserve.handlers.handler
+        def handler(request, response):
+            response.set_error(503, message="Test error")
+
+        route = ("GET", "/h2test/test_set_error", handler)
+        self.server.router.register(*route)
+        self.conn.request(route[0], route[1])
+        resp = self.conn.get_response()
+
+        assert resp.status == 503
+        assert json.loads(resp.read()) == json.loads("{\"error\": {\"message\": \"Test error\", \"code\": 503}}")
+
+    def test_file_like_response(self):
+        @wptserve.handlers.handler
+        def handler(request, response):
+            content = BytesIO("Hello, world!")
+            response.content = content
+
+        route = ("GET", "/h2test/test_file_like_response", handler)
+        self.server.router.register(*route)
+        self.conn.request(route[0], route[1])
+        resp = self.conn.get_response()
+
+        assert resp.status == 200
+        assert resp.read() == "Hello, world!"
+
+    def test_list_response(self):
+        @wptserve.handlers.handler
+        def handler(request, response):
+            response.content = ['hello', 'world']
+
+        route = ("GET", "/h2test/test_file_like_response", handler)
+        self.server.router.register(*route)
+        self.conn.request(route[0], route[1])
+        resp = self.conn.get_response()
+
+        assert resp.status == 200
+        assert resp.read() == "helloworld"
+
+    def test_content_longer_than_frame_size(self):
+        @wptserve.handlers.handler
+        def handler(request, response):
+            size = response.writer.get_max_payload_size()
+            content = "a" * (size + 5)
+            return [('payload_size', size)], content
+
+        route = ("GET", "/h2test/test_content_longer_than_frame_size", handler)
+        self.server.router.register(*route)
+        self.conn.request(route[0], route[1])
+        resp = self.conn.get_response()
+
+        assert resp.status == 200
+        payload_size = int(resp.headers['payload_size'][0])
+        assert payload_size
+        assert resp.read() == "a" * (payload_size + 5)
+
+    def test_encode(self):
+        @wptserve.handlers.handler
+        def handler(request, response):
+            response.encoding = "utf8"
+            t = response.writer.encode(u"hello")
+            assert t == "hello"
+
+            with pytest.raises(ValueError):
+                response.writer.encode(None)
+
+        route = ("GET", "/h2test/test_content_longer_than_frame_size", handler)
+        self.server.router.register(*route)
+        self.conn.request(route[0], route[1])
+        self.conn.get_response()
+
+    def test_raw_header_frame(self):
+        @wptserve.handlers.handler
+        def handler(request, response):
+            response.writer.write_raw_header_frame([
+                (':status', '204'),
+                ('server', 'TEST-H2')
+            ], end_headers=True)
+
+        route = ("GET", "/h2test/test_file_like_response", handler)
+        self.server.router.register(*route)
+        self.conn.request(route[0], route[1])
+        resp = self.conn.get_response()
+
+        assert resp.status == 204
+        assert resp.headers['server'][0] == 'TEST-H2'
+        assert resp.read() == ''
+
+    def test_raw_header_frame_invalid(self):
+        @wptserve.handlers.handler
+        def handler(request, response):
+            response.writer.write_raw_header_frame([
+                ('server', 'TEST-H2'),
+                (':status', '204')
+            ], end_headers=True)
+
+        route = ("GET", "/h2test/test_file_like_response", handler)
+        self.server.router.register(*route)
+        self.conn.request(route[0], route[1])
+        with pytest.raises(ProtocolError):
+            # The server can send an invalid HEADER frame, which will cause a protocol error in client
+            self.conn.get_response()
+
+    def test_raw_data_frame(self):
+        @wptserve.handlers.handler
+        def handler(request, response):
+            response.writer.write_raw_data_frame(data=b'Hello world', end_stream=True)
+
+        route = ("GET", "/h2test/test_file_like_response", handler)
+        self.server.router.register(*route)
+        sid = self.conn.request(route[0], route[1])
+
+        assert self.conn.streams[sid]._read() == 'Hello world'
+
+    def test_raw_header_continuation_frame(self):
+        @wptserve.handlers.handler
+        def handler(request, response):
+            response.writer.write_raw_header_frame([
+                (':status', '204')
+            ])
+
+            response.writer.write_raw_continuation_frame([
+                ('server', 'TEST-H2')
+            ], end_headers=True)
+
+        route = ("GET", "/h2test/test_file_like_response", handler)
+        self.server.router.register(*route)
+        self.conn.request(route[0], route[1])
+        resp = self.conn.get_response()
+
+        assert resp.status == 204
+        assert resp.headers['server'][0] == 'TEST-H2'
+        assert resp.read() == ''
+
 if __name__ == '__main__':
     unittest.main()
diff --git a/tests/wpt/web-platform-tests/tools/wptserve/wptserve/handlers.py b/tests/wpt/web-platform-tests/tools/wptserve/wptserve/handlers.py
index 9e6fe9bbc76..7fbe4234ea0 100644
--- a/tests/wpt/web-platform-tests/tools/wptserve/wptserve/handlers.py
+++ b/tests/wpt/web-platform-tests/tools/wptserve/wptserve/handlers.py
@@ -7,6 +7,8 @@ import traceback
 from six.moves.urllib.parse import parse_qs, quote, unquote, urljoin
 from six import iteritems
 
+from h2.events import RequestReceived, DataReceived
+
 from .constants import content_types
 from .pipes import Pipeline, template
 from .ranges import RangeParser
@@ -230,7 +232,17 @@ class PythonScriptHandler(object):
     def __repr__(self):
         return "<%s base_path:%s url_base:%s>" % (self.__class__.__name__, self.base_path, self.url_base)
 
-    def __call__(self, request, response):
+    def _set_path_and_load_file(self, request, response, func):
+        """
+        This modifies the `sys.path` and loads the requested python file as an environ variable.
+
+        Once the environ is loaded, the passed `func` is run with this loaded environ.
+
+        :param request: The request object
+        :param response: The response object
+        :param func: The function to be run with the loaded environ with the modified filepath. Signature: (request, response, environ, path)
+        :return: The return of func
+        """
         path = filesystem_path(self.base_path, request, self.url_base)
 
         sys_path = sys.path[:]
@@ -240,18 +252,54 @@ class PythonScriptHandler(object):
             sys.path.insert(0, os.path.dirname(path))
             with open(path, 'rb') as f:
                 exec(compile(f.read(), path, 'exec'), environ, environ)
-            if "main" in environ:
-                handler = FunctionHandler(environ["main"])
-                handler(request, response)
-                wrap_pipeline(path, request, response)
-            else:
-                raise HTTPException(500, "No main function in script %s" % path)
+
+            if func is not None:
+                return func(request, response, environ, path)
+
         except IOError:
             raise HTTPException(404)
         finally:
             sys.path = sys_path
             sys.modules = sys_modules
 
+    def __call__(self, request, response):
+        def func(request, response, environ, path):
+            if "main" in environ:
+                handler = FunctionHandler(environ["main"])
+                handler(request, response)
+                wrap_pipeline(path, request, response)
+            else:
+                raise HTTPException(500, "No main function in script %s" % path)
+
+        self._set_path_and_load_file(request, response, func)
+
+
+    def frame_handler(self, request):
+        """
+        This creates a FunctionHandler with one or more of the handling functions.
+
+        Used by the H2 server.
+
+        :param request: The request object used to generate the handler.
+        :return: A FunctionHandler object with one or more of these functions: `handle_headers`, `handle_data` or `main`
+        """
+        def func(request, response, environ, path):
+            def _main(req, resp):
+                pass
+
+            handler = FunctionHandler(_main)
+            if "main" in environ:
+                handler.func = environ["main"]
+            if "handle_headers" in environ:
+                handler.handle_headers = environ["handle_headers"]
+            if "handle_data" in environ:
+                handler.handle_data = environ["handle_data"]
+
+            if handler.func is _main and not hasattr(handler, "handle_headers") and not hasattr(handler, "handle_data"):
+                raise HTTPException(500, "No main function or handlers in script %s" % path)
+
+            return handler
+        return self._set_path_and_load_file(request, None, func)
 
 python_script_handler = PythonScriptHandler()
 
@@ -287,7 +335,6 @@ class FunctionHandler(object):
 def handler(func):
     return FunctionHandler(func)
 
-
 class JsonHandler(object):
     def __init__(self, func):
         self.func = func
diff --git a/tests/wpt/web-platform-tests/tools/wptserve/wptserve/request.py b/tests/wpt/web-platform-tests/tools/wptserve/wptserve/request.py
index 5088946c0f6..cb575ccdba4 100644
--- a/tests/wpt/web-platform-tests/tools/wptserve/wptserve/request.py
+++ b/tests/wpt/web-platform-tests/tools/wptserve/wptserve/request.py
@@ -278,6 +278,7 @@ class Request(object):
 
         self.raw_input = InputFile(request_handler.rfile,
                                    int(self.headers.get("Content-Length", 0)))
+
         self._body = None
 
         self._GET = None
@@ -285,8 +286,6 @@ class Request(object):
         self._cookies = None
         self._auth = None
 
-        self.h2_stream_id = request_handler.h2_stream_id if hasattr(request_handler, 'h2_stream_id') else None
-
         self.server = Server(self)
 
     def __repr__(self):
@@ -349,6 +348,13 @@ class Request(object):
         return self._auth
 
 
+class H2Request(Request):
+    def __init__(self, request_handler):
+        self.h2_stream_id = request_handler.h2_stream_id
+        self.frames = []
+        super(H2Request, self).__init__(request_handler)
+
+
 class RequestHeaders(dict):
     """Dictionary-like API for accessing request headers."""
     def __init__(self, items):
diff --git a/tests/wpt/web-platform-tests/tools/wptserve/wptserve/response.py b/tests/wpt/web-platform-tests/tools/wptserve/wptserve/response.py
index dd0acfd6906..bc21452eeff 100644
--- a/tests/wpt/web-platform-tests/tools/wptserve/wptserve/response.py
+++ b/tests/wpt/web-platform-tests/tools/wptserve/wptserve/response.py
@@ -9,6 +9,8 @@ from .logger import get_logger
 from io import BytesIO
 
 from six import binary_type, text_type, itervalues
+from hyperframe.frame import HeadersFrame, DataFrame, ContinuationFrame
+from hpack.struct import HeaderTuple
 
 missing = object()
 
@@ -369,11 +371,11 @@ class H2Response(Response):
                 item = item_iter.next()
                 while True:
                     check_last = item_iter.next()
-                    self.writer.write_content(item, last=False)
+                    self.writer.write_data(item, last=False)
                     item = check_last
             except StopIteration:
                 if item:
-                    self.writer.write_content(item, last=True)
+                    self.writer.write_data(item, last=True)
 
 
 class H2ResponseWriter(object):
@@ -383,11 +385,12 @@ class H2ResponseWriter(object):
         self.h2conn = handler.conn
         self._response = response
         self._handler = handler
+        self.stream_ended = False
         self.content_written = False
         self.request = response.request
         self.logger = response.logger
 
-    def write_headers(self, headers, status_code, status_message=None):
+    def write_headers(self, headers, status_code, status_message=None, stream_id=None, last=False):
         formatted_headers = []
         secondary_headers = []  # Non ':' prefixed headers are to be added afterwards
 
@@ -403,13 +406,14 @@ class H2ResponseWriter(object):
 
         with self.h2conn as connection:
             connection.send_headers(
-                stream_id=self.request.h2_stream_id,
+                stream_id=self.request.h2_stream_id if stream_id is None else stream_id,
                 headers=formatted_headers,
+                end_stream=last or self.request.method == "HEAD"
             )
 
             self.write(connection)
 
-    def write_content(self, item, last=False):
+    def write_data(self, item, last=False, stream_id=None):
         if isinstance(item, (text_type, binary_type)):
             data = BytesIO(self.encode(item))
         else:
@@ -423,30 +427,113 @@ class H2ResponseWriter(object):
         # If the data is longer than max payload size, need to write it in chunks
         payload_size = self.get_max_payload_size()
         while data_len > payload_size:
-            self.write_content_frame(data.read(payload_size), False)
+            self.write_data_frame(data.read(payload_size), False, stream_id)
             data_len -= payload_size
             payload_size = self.get_max_payload_size()
 
-        self.write_content_frame(data.read(), last)
+        self.write_data_frame(data.read(), last, stream_id)
 
-    def write_content_frame(self, data, last):
+    def write_data_frame(self, data, last, stream_id=None):
         with self.h2conn as connection:
             connection.send_data(
-                stream_id=self.request.h2_stream_id,
+                stream_id=self.request.h2_stream_id if stream_id is None else stream_id,
                 data=data,
                 end_stream=last,
             )
             self.write(connection)
-        self.content_written = last
+        self.stream_ended = last
+
+    def write_push(self, promise_headers, push_stream_id=None, status=None, response_headers=None, response_data=None):
+        """Write a push promise, and optionally write the push content.
+
+        This will write a push promise to the request stream. If you do not provide headers and data for the response,
+        then no response will be pushed, and you should push them yourself using the ID returned from this function
+
+        :param promise_headers: A list of header tuples that matches what the client would use to
+                                request the pushed response
+        :param push_stream_id: The ID of the stream the response should be pushed to. If none given, will
+                               use the next available id.
+        :param status: The status code of the response, REQUIRED if response_headers given
+        :param response_headers: The headers of the response
+        :param response_data: The response data.
+        :return: The ID of the push stream
+        """
+        with self.h2conn as connection:
+            push_stream_id = push_stream_id if push_stream_id is not None else connection.get_next_available_stream_id()
+            connection.push_stream(self.request.h2_stream_id, push_stream_id, promise_headers)
+            self.write(connection)
+
+        has_data = response_data is not None
+        if response_headers is not None:
+            assert status is not None
+            self.write_headers(response_headers, status, stream_id=push_stream_id, last=not has_data)
+
+        if has_data:
+            self.write_data(response_data, last=True, stream_id=push_stream_id)
+
+        return push_stream_id
+
+    def end_stream(self, stream_id=None):
+        with self.h2conn as connection:
+            connection.end_stream(stream_id if stream_id is not None else self.request.h2_stream_id)
+            self.write(connection)
+        self.stream_ended = True
+
+    def write_raw_header_frame(self, headers, stream_id=None, end_stream=False, end_headers=False, frame_cls=HeadersFrame):
+        """This bypasses state checking and such, and sends a header regardless"""
+        if not stream_id:
+            stream_id = self.request.h2_stream_id
+
+        header_t = []
+        for header, value in headers:
+            header_t.append(HeaderTuple(header, value))
+
+        with self.h2conn as connection:
+            frame = frame_cls(stream_id, data=connection.encoder.encode(header_t))
+
+            if end_stream:
+                self.stream_ended = True
+                frame.flags.add('END_STREAM')
+            if end_headers:
+                frame.flags.add('END_HEADERS')
+
+            data = frame.serialize()
+            self.write_raw(data)
+
+    def write_raw_data_frame(self, data, stream_id=None, end_stream=False):
+        """This bypasses state checking and such, and sends a data frame regardless"""
+        if not stream_id:
+            stream_id = self.request.h2_stream_id
+
+        frame = DataFrame(stream_id, data=data)
+
+        if end_stream:
+            self.stream_ended = True
+            frame.flags.add('END_STREAM')
+
+        data = frame.serialize()
+        self.write_raw(data)
+
+    def write_raw_continuation_frame(self, headers, stream_id=None, end_headers=False):
+        """This bypasses state checking and such, and sends a continuation frame regardless"""
+        self.write_raw_header_frame(headers, stream_id=stream_id, end_headers=end_headers, frame_cls=ContinuationFrame)
+
 
     def get_max_payload_size(self):
         with self.h2conn as connection:
             return min(connection.remote_settings.max_frame_size, connection.local_flow_control_window(self.request.h2_stream_id)) - 9
 
     def write(self, connection):
+        self.content_written = True
         data = connection.data_to_send()
         self.socket.sendall(data)
 
+    def write_raw(self, raw_data):
+        """Used for sending raw bytes/data through the socket"""
+
+        self.content_written = True
+        self.socket.sendall(raw_data)
+
     def encode(self, data):
         """Convert unicode to bytes according to response.encoding."""
         if isinstance(data, binary_type):
diff --git a/tests/wpt/web-platform-tests/tools/wptserve/wptserve/server.py b/tests/wpt/web-platform-tests/tools/wptserve/wptserve/server.py
index 61a758ab651..8370cca0d38 100644
--- a/tests/wpt/web-platform-tests/tools/wptserve/wptserve/server.py
+++ b/tests/wpt/web-platform-tests/tools/wptserve/wptserve/server.py
@@ -12,16 +12,18 @@ from six import binary_type, text_type
 import uuid
 from collections import OrderedDict
 
+from six.moves.queue import Queue
+
 from h2.config import H2Configuration
 from h2.connection import H2Connection
-from h2.events import RequestReceived, ConnectionTerminated
+from h2.events import RequestReceived, ConnectionTerminated, DataReceived, StreamReset, StreamEnded
 
 from six.moves.urllib.parse import urlsplit, urlunsplit
 
 from . import routes as default_routes
 from .config import ConfigBuilder
 from .logger import get_logger
-from .request import Server, Request
+from .request import Server, Request, H2Request
 from .response import Response, H2Response
 from .router import Router
 from .utils import HTTPException
@@ -220,78 +222,76 @@ class BaseWebTestRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
         self.logger = get_logger()
         BaseHTTPServer.BaseHTTPRequestHandler.__init__(self, *args, **kwargs)
 
-    def finish_handling(self, request_line_is_valid, response_cls):
-            self.server.rewriter.rewrite(self)
+    def finish_handling_h1(self, request_line_is_valid):
 
-            request = Request(self)
-            response = response_cls(self, request)
+        self.server.rewriter.rewrite(self)
 
-            if request.method == "CONNECT":
-                self.handle_connect(response)
-                return
+        request = Request(self)
+        response = Response(self, request)
 
-            if not request_line_is_valid:
-                response.set_error(414)
-                response.write()
-                return
+        if request.method == "CONNECT":
+            self.handle_connect(response)
+            return
 
-            self.logger.debug("%s %s" % (request.method, request.request_path))
-            handler = self.server.router.get_handler(request)
+        if not request_line_is_valid:
+            response.set_error(414)
+            response.write()
+            return
 
-            # If the handler we used for the request had a non-default base path
-            # set update the doc_root of the request to reflect this
-            if hasattr(handler, "base_path") and handler.base_path:
-                request.doc_root = handler.base_path
-            if hasattr(handler, "url_base") and handler.url_base != "/":
-                request.url_base = handler.url_base
+        self.logger.debug("%s %s" % (request.method, request.request_path))
+        handler = self.server.router.get_handler(request)
+        self.finish_handling(request, response, handler)
 
-            if self.server.latency is not None:
-                if callable(self.server.latency):
-                    latency = self.server.latency()
-                else:
-                    latency = self.server.latency
-                self.logger.warning("Latency enabled. Sleeping %i ms" % latency)
-                time.sleep(latency / 1000.)
+    def finish_handling(self, request, response, handler):
+        # If the handler we used for the request had a non-default base path
+        # set update the doc_root of the request to reflect this
+        if hasattr(handler, "base_path") and handler.base_path:
+            request.doc_root = handler.base_path
+        if hasattr(handler, "url_base") and handler.url_base != "/":
+            request.url_base = handler.url_base
 
-            if handler is None:
-                response.set_error(404)
+        if self.server.latency is not None:
+            if callable(self.server.latency):
+                latency = self.server.latency()
             else:
-                try:
-                    handler(request, response)
-                except HTTPException as e:
-                    response.set_error(e.code, e.message)
-                except Exception as e:
-                    message = str(e)
-                    if message:
-                        err = [message]
-                    else:
-                        err = []
-                    err.append(traceback.format_exc())
-                    response.set_error(500, "\n".join(err))
-            self.logger.debug("%i %s %s (%s) %i" % (response.status[0],
-                                                    request.method,
-                                                    request.request_path,
-                                                    request.headers.get('Referer'),
-                                                    request.raw_input.length))
+                latency = self.server.latency
+            self.logger.warning("Latency enabled. Sleeping %i ms" % latency)
+            time.sleep(latency / 1000.)
 
-            if not response.writer.content_written:
-                response.write()
+        if handler is None:
+            self.logger.debug("No Handler found!")
+            response.set_error(404)
+        else:
+            try:
+                handler(request, response)
+            except HTTPException as e:
+                response.set_error(e.code, e.message)
+            except Exception as e:
+                self.respond_with_error(response, e)
+        self.logger.debug("%i %s %s (%s) %i" % (response.status[0],
+                                                request.method,
+                                                request.request_path,
+                                                request.headers.get('Referer'),
+                                                request.raw_input.length))
 
-            # If a python handler has been used, the old ones won't send a END_STR data frame, so this
-            # allows for backwards compatibility by accounting for these handlers that don't close streams
-            if isinstance(response, H2Response) and not response.writer.content_written:
-                response.writer.write_content('', last=True)
+        if not response.writer.content_written:
+            response.write()
 
-            # If we want to remove this in the future, a solution is needed for
-            # scripts that produce a non-string iterable of content, since these
-            # can't set a Content-Length header. A notable example of this kind of
-            # problem is with the trickle pipe i.e. foo.js?pipe=trickle(d1)
-            if response.close_connection:
-                self.close_connection = True
+        # If a python handler has been used, the old ones won't send a END_STR data frame, so this
+        # allows for backwards compatibility by accounting for these handlers that don't close streams
+        if isinstance(response, H2Response) and not response.writer.stream_ended:
+            response.writer.end_stream()
 
-            if not self.close_connection:
-                # Ensure that the whole request has been read from the socket
-                request.raw_input.read()
+        # If we want to remove this in the future, a solution is needed for
+        # scripts that produce a non-string iterable of content, since these
+        # can't set a Content-Length header. A notable example of this kind of
+        # problem is with the trickle pipe i.e. foo.js?pipe=trickle(d1)
+        if response.close_connection:
+            self.close_connection = True
+
+        if not self.close_connection:
+            # Ensure that the whole request has been read from the socket
+            request.raw_input.read()
 
     def handle_connect(self, response):
         self.logger.debug("Got CONNECT")
@@ -306,6 +306,15 @@ class BaseWebTestRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
             self.setup()
         return
 
+    def respond_with_error(self, response, e):
+        message = str(e)
+        if message:
+            err = [message]
+        else:
+            err = []
+        err.append(traceback.format_exc())
+        response.set_error(500, "\n".join(err))
+
 
 class Http2WebTestRequestHandler(BaseWebTestRequestHandler):
     protocol_version = "HTTP/2.0"
@@ -322,9 +331,9 @@ class Http2WebTestRequestHandler(BaseWebTestRequestHandler):
         self.close_connection = False
 
         # Generate a UUID to make it easier to distinguish different H2 connection debug messages
-        uid = uuid.uuid4()
+        self.uid = str(uuid.uuid4())[:8]
 
-        self.logger.debug('(%s) Initiating h2 Connection' % uid)
+        self.logger.debug('(%s) Initiating h2 Connection' % self.uid)
 
         with self.conn as connection:
             connection.initiate_connection()
@@ -332,53 +341,129 @@ class Http2WebTestRequestHandler(BaseWebTestRequestHandler):
 
         self.request.sendall(data)
 
-        self.request_threads = []
+        # Dict of { stream_id: (thread, queue) }
+        stream_queues = {}
 
-        # TODO Need to do some major work on multithreading. Current idea is to have a thread per stream
-        # so that processing of the request can start from the first frame.
-
-        while not self.close_connection:
-            try:
+        try:
+            while not self.close_connection:
                 # This size may need to be made variable based on remote settings?
                 data = self.request.recv(65535)
 
                 with self.conn as connection:
-                    events = connection.receive_data(data)
+                    frames = connection.receive_data(data)
 
-                self.logger.debug('(%s) Events: ' % (uid) + str(events))
+                self.logger.debug('(%s) Frames Received: ' % self.uid + str(frames))
 
-                for event in events:
-                    if isinstance(event, RequestReceived):
-                        self.logger.debug('(%s) Parsing RequestReceived' % (uid))
-                        self._h2_parse_request(event)
-                        t = threading.Thread(target=BaseWebTestRequestHandler.finish_handling, args=(self, True, H2Response))
-                        self.request_threads.append(t)
-                        t.start()
-                    if isinstance(event, ConnectionTerminated):
-                        self.logger.debug('(%s) Connection terminated by remote peer ' % (uid))
+                for frame in frames:
+                    if isinstance(frame, ConnectionTerminated):
+                        self.logger.debug('(%s) Connection terminated by remote peer ' % self.uid)
                         self.close_connection = True
 
-            except (socket.timeout, socket.error) as e:
-                self.logger.debug('(%s) ERROR - Closing Connection - \n%s' % (uid, str(e)))
+                        # Flood all the streams with connection terminated, this will cause them to stop
+                        for stream_id, (thread, queue) in stream_queues.items():
+                            queue.put(frame)
+
+                    elif hasattr(frame, 'stream_id'):
+                        if frame.stream_id not in stream_queues:
+                            queue = Queue()
+                            stream_queues[frame.stream_id] = (self.start_stream_thread(frame, queue), queue)
+                        stream_queues[frame.stream_id][1].put(frame)
+
+                        if isinstance(frame, StreamEnded) or (hasattr(frame, "stream_ended") and frame.stream_ended):
+                            del stream_queues[frame.stream_id]
+
+        except (socket.timeout, socket.error) as e:
+            self.logger.error('(%s) Closing Connection - \n%s' % (self.uid, str(e)))
+            if not self.close_connection:
                 self.close_connection = True
-                for t in self.request_threads:
-                    t.join()
+                for stream_id, (thread, queue) in stream_queues.items():
+                    queue.put(None)
+        except Exception as e:
+            self.logger.error('(%s) Unexpected Error - \n%s' % (self.uid, str(e)))
+        finally:
+            for stream_id, (thread, queue) in stream_queues.items():
+                thread.join()
 
-    def _h2_parse_request(self, event):
-        self.headers = H2Headers(event.headers)
-        self.command = self.headers['method']
-        self.path = self.headers['path']
-        self.h2_stream_id = event.stream_id
+    def start_stream_thread(self, frame, queue):
+        t = threading.Thread(
+            target=Http2WebTestRequestHandler._stream_thread,
+            args=(self, frame.stream_id, queue)
+        )
+        t.start()
+        return t
 
-        # TODO Need to figure out what to do with this thing as it is no longer used
-        # For now I can just leave it be as it does not affect anything
-        self.raw_requestline = ''
+    def _stream_thread(self, stream_id, queue):
+        """
+        This thread processes frames for a specific stream. It waits for frames to be placed
+        in the queue, and processes them. When it receives a request frame, it will start processing
+        immediately, even if there are data frames to follow. One of the reasons for this is that it
+        can detect invalid requests before needing to read the rest of the frames.
+        """
 
+        # The file-like pipe object that will be used to share data to request object if data is received
+        wfile = None
+        request = None
+        response = None
+        req_handler = None
+        while not self.close_connection:
+            # Wait for next frame, blocking
+            frame = queue.get(True, None)
+
+            self.logger.debug('(%s - %s) %s' % (self.uid, stream_id, str(frame)))
+
+            if isinstance(frame, RequestReceived):
+                rfile, wfile = os.pipe()
+                rfile, wfile = os.fdopen(rfile, 'rb'), os.fdopen(wfile, 'wb')
+
+                stream_handler = H2HandlerCopy(self, frame, rfile)
+
+                stream_handler.server.rewriter.rewrite(stream_handler)
+                request = H2Request(stream_handler)
+                response = H2Response(stream_handler, request)
+
+                req_handler = stream_handler.server.router.get_handler(request)
+
+                if hasattr(req_handler, "frame_handler"):
+                    # Convert this to a handler that will utilise H2 specific functionality, such as handling individual frames
+                    req_handler = self.frame_handler(request, response, req_handler)
+
+                if hasattr(req_handler, 'handle_headers'):
+                    req_handler.handle_headers(frame, request, response)
+
+            elif isinstance(frame, DataReceived):
+                wfile.write(frame.data)
+
+                if hasattr(req_handler, 'handle_data'):
+                    req_handler.handle_data(frame, request, response)
+
+                if frame.stream_ended:
+                    wfile.close()
+            elif frame is None or isinstance(frame, (StreamReset, StreamEnded, ConnectionTerminated)):
+                self.logger.debug('(%s - %s) Stream Reset, Thread Closing' % (self.uid, stream_id))
+                break
+
+            if request is not None:
+                request.frames.append(frame)
+
+            if hasattr(frame, "stream_ended") and frame.stream_ended:
+                self.finish_handling(request, response, req_handler)
+
+    def frame_handler(self, request, response, handler):
+        try:
+            return handler.frame_handler(request)
+        except HTTPException as e:
+            response.set_error(e.code, e.message)
+            response.write()
+        except Exception as e:
+            self.respond_with_error(response, e)
+            response.write()
 
 class H2ConnectionGuard(object):
+    """H2Connection objects are not threadsafe, so this keeps thread safety"""
     lock = threading.Lock()
 
     def __init__(self, obj):
+        assert isinstance(obj, H2Connection)
         self.obj = obj
 
     def __enter__(self):
@@ -407,6 +492,20 @@ class H2Headers(dict):
         return ['dummy function']
 
 
+class H2HandlerCopy(object):
+
+    def __init__(self, handler, req_frame, rfile):
+        self.headers = H2Headers(req_frame.headers)
+        self.command = self.headers['method']
+        self.path = self.headers['path']
+        self.h2_stream_id = req_frame.stream_id
+        self.server = handler.server
+        self.protocol_version = handler.protocol_version
+        self.raw_requestline = ''
+        self.rfile = rfile
+        self.request = handler.request
+        self.conn = handler.conn
+
 class Http1WebTestRequestHandler(BaseWebTestRequestHandler):
     protocol_version = "HTTP/1.1"
 
@@ -426,7 +525,7 @@ class Http1WebTestRequestHandler(BaseWebTestRequestHandler):
                 #parse_request() actually sends its own error responses
                 return
 
-            self.finish_handling(request_line_is_valid, Response)
+            self.finish_handling_h1(request_line_is_valid)
 
         except socket.timeout as e:
             self.log_error("Request timed out: %r", e)
diff --git a/tests/wpt/web-platform-tests/tools/wptserve/wptserve/utils.py b/tests/wpt/web-platform-tests/tools/wptserve/wptserve/utils.py
index 14a75af9666..d0f87fea60f 100644
--- a/tests/wpt/web-platform-tests/tools/wptserve/wptserve/utils.py
+++ b/tests/wpt/web-platform-tests/tools/wptserve/wptserve/utils.py
@@ -110,5 +110,8 @@ def get_port(host=''):
     return port
 
 def http2_compatible():
-    # Currently, the HTTP/2.0 server is only working in python 2.7.15
-    return (sys.version_info[0] == 2 and sys.version_info[1] == 7 and sys.version_info[2] == 15)
+    # Currently, the HTTP/2.0 server is only working in python 2.7.10+ and OpenSSL 1.0.2+
+    import ssl
+    ssl_v = ssl.OPENSSL_VERSION_INFO
+    return ((sys.version_info[0] == 2 and sys.version_info[1] == 7 and sys.version_info[2] >= 10) and
+            (ssl_v[0] == 1 and (ssl_v[1] == 1 or (ssl_v[1] == 0 and ssl_v[2] >= 2))))
diff --git a/tests/wpt/web-platform-tests/webdriver/tests/set_window_rect/set.py b/tests/wpt/web-platform-tests/webdriver/tests/set_window_rect/set.py
index f7965681744..17210af4f46 100644
--- a/tests/wpt/web-platform-tests/webdriver/tests/set_window_rect/set.py
+++ b/tests/wpt/web-platform-tests/webdriver/tests/set_window_rect/set.py
@@ -168,6 +168,11 @@ def test_restore_from_maximized(session):
 
 
 def test_height_width(session):
+    # The window position might be auto-adjusted by the browser
+    # if it exceeds the lower right corner. As such ensure that
+    # there is enough space left so no window move will occur.
+    session.window.position = (50, 50)
+
     original = session.window.rect
     max = session.execute_script("""
         return {
@@ -250,10 +255,16 @@ def test_negative_x_y(session):
     # horizontal axis.  The system menu bar also blocks windows from
     # being moved to (0,0).
     elif os == "mac":
-        assert_success(response, {"x": -8,
-                                  "y": 23,
-                                  "width": original["width"],
-                                  "height": original["height"]})
+        value = assert_success(response)
+
+        # `screen.availTop` is not standardized but all browsers we care
+        # about on MacOS implement the CSSOM View mode `Screen` interface.
+        avail_top = session.execute_script("return window.screen.availTop;")
+
+        assert value == {"x": -8,
+                         "y": avail_top,
+                         "width": original["width"],
+                         "height": original["height"]}
 
     # It turns out that Windows is the only platform on which the
     # window can be reliably positioned off-screen.
diff --git a/tests/wpt/web-platform-tests/webgl/webgl1-idlharness.window.js b/tests/wpt/web-platform-tests/webgl/webgl1-idlharness.any.js
similarity index 100%
rename from tests/wpt/web-platform-tests/webgl/webgl1-idlharness.window.js
rename to tests/wpt/web-platform-tests/webgl/webgl1-idlharness.any.js
diff --git a/tests/wpt/web-platform-tests/webgl/webgl2-idlharness.window.js b/tests/wpt/web-platform-tests/webgl/webgl2-idlharness.any.js
similarity index 100%
rename from tests/wpt/web-platform-tests/webgl/webgl2-idlharness.window.js
rename to tests/wpt/web-platform-tests/webgl/webgl2-idlharness.any.js