| [Created by: generate-target-has-pathlen-but-not-ca.py] |
| |
| Certificate chain with 1 intermediate, a trusted root, and a target |
| certificate that is not a CA, and yet has a pathlen set. Verification is |
| expected to fail, since pathlen should only be set for CAs. |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Intermediate |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Target |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:ca:73:f9:c5:cb:c6:2c:26:07:85:8f:4b:a4:ac: |
| 52:18:84:42:ca:cb:34:59:92:5a:d8:f7:1f:df:51: |
| ed:6a:d5:e2:e1:dc:06:fb:72:0d:f3:e7:9f:38:0d: |
| 46:f4:19:77:31:33:4c:5b:ac:dd:6c:8c:06:68:4c: |
| 48:84:e2:c7:17:28:a9:0b:4e:07:07:b6:7b:cc:a9: |
| ef:6c:ae:22:6e:03:d6:d4:5b:f1:d9:aa:9e:61:54: |
| c7:14:79:cb:d6:c2:8f:da:87:e8:ae:d2:b3:66:4f: |
| d3:4c:56:b8:e0:80:f8:45:b7:11:35:53:ec:d4:49: |
| f8:05:70:f3:5b:56:b2:05:6d:3e:46:f8:be:67:71: |
| 48:a6:65:dd:55:62:a3:23:b0:94:e1:f2:3b:17:54: |
| 40:cc:37:90:d9:78:5a:d8:29:99:3f:02:16:a8:5b: |
| 5e:64:f4:f2:84:ad:25:c6:cf:2c:5b:e7:6c:bf:88: |
| 63:0c:8a:9b:fb:d9:b1:30:5a:21:74:1f:e4:5a:54: |
| 23:3a:a1:02:34:97:2c:a2:af:08:05:f0:db:52:58: |
| 7f:86:80:12:a3:f9:78:c0:ad:d6:8b:12:53:72:55: |
| 24:ca:3e:70:f2:7f:78:8f:b7:a1:32:f1:2c:7f:23: |
| db:7b:ce:79:cf:cc:6d:d8:f7:14:54:5c:e0:db:7d: |
| 60:b3 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 99:D8:C1:91:A6:13:EB:0F:B4:6F:F2:B0:C4:0C:D9:0A:25:8E:53:10 |
| X509v3 Authority Key Identifier: |
| keyid:5B:9F:DF:D5:C6:FF:4F:39:52:EA:EF:97:5B:C1:ED:E1:CC:44:4E:B6 |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Intermediate.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Intermediate.crl |
| |
| X509v3 Key Usage: critical |
| Digital Signature, Key Encipherment |
| X509v3 Extended Key Usage: |
| TLS Web Server Authentication, TLS Web Client Authentication |
| X509v3 Basic Constraints: critical |
| CA:FALSE, pathlen:1 |
| Signature Algorithm: sha256WithRSAEncryption |
| 70:43:96:4c:98:6f:28:18:8a:59:39:82:cc:24:47:f8:58:f8: |
| f8:43:04:09:1e:a6:51:59:bc:60:36:ff:a1:41:51:e1:4c:40: |
| 6b:5e:8b:73:3c:c4:37:65:f4:b0:57:01:8f:c6:ba:0c:5b:97: |
| a1:6b:3a:ea:53:79:8f:9a:99:f8:ca:01:a5:15:ac:60:4c:a7: |
| a7:68:07:72:3c:ed:06:70:d8:a4:d0:c0:5f:88:f2:6a:c0:a1: |
| 2b:e7:58:68:23:d3:7e:f0:98:99:7d:3d:91:25:e3:84:4f:ef: |
| 55:a4:ee:f7:1f:dc:f2:af:a8:74:96:6c:26:c4:d8:b6:84:dc: |
| b7:e7:7d:9d:2b:7b:3b:e6:e4:ad:76:e0:aa:ea:a4:26:97:4b: |
| 20:cd:b1:bd:a8:6e:b3:08:47:31:a2:01:7b:b5:6c:72:d0:f0: |
| 12:ac:bd:4f:be:de:23:cb:34:14:d2:11:42:3f:d5:70:76:4c: |
| 99:db:ce:bc:0e:d5:2e:4b:6f:c3:1b:5d:c6:58:89:74:5f:1d: |
| 62:cf:df:1e:4c:13:08:88:cb:66:6f:00:c2:c5:6f:bb:b4:9e: |
| 1f:8a:7d:9d:0b:a6:11:6f:28:bb:5e:46:ab:71:d4:eb:00:8c: |
| 71:6b:32:85:3d:17:ca:d0:15:90:66:7a:b2:96:0c:c1:9d:2e: |
| 53:36:97:5b |
| -----BEGIN CERTIFICATE----- |
| MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQsFADAXMRUwEwYDVQQDDAxJbnRl |
| cm1lZGlhdGUwHhcNMTUwMTAxMTIwMDAwWhcNMTYwMTAxMTIwMDAwWjARMQ8wDQYD |
| VQQDDAZUYXJnZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKc/nF |
| y8YsJgeFj0ukrFIYhELKyzRZklrY9x/fUe1q1eLh3Ab7cg3z5584DUb0GXcxM0xb |
| rN1sjAZoTEiE4scXKKkLTgcHtnvMqe9sriJuA9bUW/HZqp5hVMcUecvWwo/ah+iu |
| 0rNmT9NMVrjggPhFtxE1U+zUSfgFcPNbVrIFbT5G+L5ncUimZd1VYqMjsJTh8jsX |
| VEDMN5DZeFrYKZk/AhaoW15k9PKErSXGzyxb52y/iGMMipv72bEwWiF0H+RaVCM6 |
| oQI0lyyirwgF8NtSWH+GgBKj+XjArdaLElNyVSTKPnDyf3iPt6Ey8Sx/I9t7znnP |
| zG3Y9xRUXODbfWCzAgMBAAGjgfowgfcwHQYDVR0OBBYEFJnYwZGmE+sPtG/ysMQM |
| 2QoljlMQMB8GA1UdIwQYMBaAFFuf39XG/085Uurvl1vB7eHMRE62MD8GCCsGAQUF |
| BwEBBDMwMTAvBggrBgEFBQcwAoYjaHR0cDovL3VybC1mb3ItYWlhL0ludGVybWVk |
| aWF0ZS5jZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL3VybC1mb3ItY3JsL0lu |
| dGVybWVkaWF0ZS5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF |
| BwMBBggrBgEFBQcDAjAPBgNVHRMBAf8EBTADAgEBMA0GCSqGSIb3DQEBCwUAA4IB |
| AQBwQ5ZMmG8oGIpZOYLMJEf4WPj4QwQJHqZRWbxgNv+hQVHhTEBrXotzPMQ3ZfSw |
| VwGPxroMW5ehazrqU3mPmpn4ygGlFaxgTKenaAdyPO0GcNik0MBfiPJqwKEr51ho |
| I9N+8JiZfT2RJeOET+9VpO73H9zyr6h0lmwmxNi2hNy3532dK3s75uStduCq6qQm |
| l0sgzbG9qG6zCEcxogF7tWxy0PASrL1Pvt4jyzQU0hFCP9VwdkyZ2868DtUuS2/D |
| G13GWIl0Xx1iz98eTBMIiMtmbwDCxW+7tJ4fin2dC6YRbyi7XkarcdTrAIxxazKF |
| PRfK0BWQZnqylgzBnS5TNpdb |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 2 (0x2) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Intermediate |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:c8:43:a7:fe:04:ff:78:d4:be:60:bd:16:7d:46: |
| a2:cf:a8:74:42:6b:2b:49:13:61:2e:78:e7:7c:49: |
| 52:0b:df:bf:b0:e1:5e:dd:f5:39:99:11:ff:d2:14: |
| 8f:db:de:10:55:90:29:05:b3:49:db:80:87:d1:82: |
| 6b:15:97:4b:da:5e:d7:da:11:0c:84:1e:db:d9:57: |
| 4d:52:cf:31:a0:1f:bd:4f:79:22:7a:ee:5a:ae:9d: |
| 22:df:71:d3:20:12:e5:c8:7e:1e:76:d3:6f:07:6e: |
| 5c:c3:89:11:a2:35:50:05:4d:6f:30:d8:3c:ef:38: |
| 80:51:e3:ee:7d:66:81:7f:7c:c4:e7:d0:d4:53:1d: |
| 00:3d:03:cb:87:f4:3d:b9:13:cd:16:ef:b2:51:3f: |
| 1c:96:0a:71:90:ca:25:c4:10:71:aa:ba:27:c8:67: |
| 94:af:63:7c:29:2a:2e:a8:4e:03:7e:6c:5c:2f:96: |
| 8d:9d:ca:c5:6f:f1:e7:8d:92:a9:ed:aa:87:3a:74: |
| 12:c7:ea:3f:ad:a2:6a:76:d8:f6:c9:96:27:6e:8b: |
| a3:b8:cc:d4:2b:9b:61:be:2b:11:c5:bb:da:ef:14: |
| 23:5d:5d:96:69:c0:a7:7a:16:db:3a:4e:e4:22:84: |
| 55:02:26:7b:a5:8e:84:12:e4:36:fc:c5:07:d9:ee: |
| c5:19 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 5B:9F:DF:D5:C6:FF:4F:39:52:EA:EF:97:5B:C1:ED:E1:CC:44:4E:B6 |
| X509v3 Authority Key Identifier: |
| keyid:8A:85:CE:7E:DC:AF:15:B7:01:C2:5C:81:3F:3D:14:49:D2:38:08:AB |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 14:37:73:58:3c:37:40:b3:ff:a3:e4:f3:2d:f1:26:6b:c9:82: |
| 17:c5:97:4d:bd:84:6a:19:25:08:20:a9:7d:38:fb:3d:a4:7f: |
| 06:80:7e:fb:6e:7e:bf:26:90:4b:96:ab:a7:f9:49:a5:d6:77: |
| 67:b5:ab:bb:ad:ea:84:5a:43:13:f9:b3:1a:80:b1:59:cc:d4: |
| 1d:33:e8:0d:b0:af:9a:80:44:0e:a6:01:f3:a4:e2:87:2b:db: |
| 47:be:0f:28:08:d9:ab:7c:d9:4c:86:d0:ba:bc:1b:dc:99:9b: |
| 33:ea:a7:3e:ef:52:b8:70:a8:27:e7:83:59:cd:57:38:7f:a1: |
| 36:53:4f:a0:1b:69:7d:e4:fa:9f:2b:52:50:09:23:62:c6:c0: |
| 01:a6:85:76:45:80:6a:b6:54:bd:60:5d:5a:3a:04:92:ab:e3: |
| bd:0c:94:7f:5f:79:9c:3f:6e:12:c3:96:b0:78:44:9b:03:1e: |
| 79:11:fb:8d:a5:1d:55:c9:b3:e5:a0:26:18:10:68:92:b8:54: |
| 68:d0:2d:e1:99:0c:08:9c:cc:40:50:34:69:9f:13:e6:d7:87: |
| 85:e7:57:63:3e:17:0f:ce:02:7b:78:e5:18:ef:1a:55:b1:6a: |
| 55:f8:44:3e:92:1d:08:a1:7d:bb:fc:00:be:e3:1b:83:aa:b8: |
| 75:f0:05:45 |
| -----BEGIN CERTIFICATE----- |
| MIIDbTCCAlWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowFzEVMBMGA1UEAwwMSW50 |
| ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEOn/gT/ |
| eNS+YL0WfUaiz6h0QmsrSRNhLnjnfElSC9+/sOFe3fU5mRH/0hSP294QVZApBbNJ |
| 24CH0YJrFZdL2l7X2hEMhB7b2VdNUs8xoB+9T3kieu5arp0i33HTIBLlyH4edtNv |
| B25cw4kRojVQBU1vMNg87ziAUePufWaBf3zE59DUUx0APQPLh/Q9uRPNFu+yUT8c |
| lgpxkMolxBBxqronyGeUr2N8KSouqE4DfmxcL5aNncrFb/HnjZKp7aqHOnQSx+o/ |
| raJqdtj2yZYnboujuMzUK5thvisRxbva7xQjXV2WacCnehbbOk7kIoRVAiZ7pY6E |
| EuQ2/MUH2e7FGQIDAQABo4HLMIHIMB0GA1UdDgQWBBRbn9/Vxv9POVLq75dbwe3h |
| zEROtjAfBgNVHSMEGDAWgBSKhc5+3K8VtwHCXIE/PRRJ0jgIqzA3BggrBgEFBQcB |
| AQQrMCkwJwYIKwYBBQUHMAKGG2h0dHA6Ly91cmwtZm9yLWFpYS9Sb290LmNlcjAs |
| BgNVHR8EJTAjMCGgH6AdhhtodHRwOi8vdXJsLWZvci1jcmwvUm9vdC5jcmwwDgYD |
| VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB |
| ABQ3c1g8N0Cz/6Pk8y3xJmvJghfFl029hGoZJQggqX04+z2kfwaAfvtufr8mkEuW |
| q6f5SaXWd2e1q7ut6oRaQxP5sxqAsVnM1B0z6A2wr5qARA6mAfOk4ocr20e+DygI |
| 2at82UyG0Lq8G9yZmzPqpz7vUrhwqCfng1nNVzh/oTZTT6AbaX3k+p8rUlAJI2LG |
| wAGmhXZFgGq2VL1gXVo6BJKr470MlH9feZw/bhLDlrB4RJsDHnkR+42lHVXJs+Wg |
| JhgQaJK4VGjQLeGZDAiczEBQNGmfE+bXh4XnV2M+Fw/OAnt45RjvGlWxalX4RD6S |
| HQihfbv8AL7jG4OquHXwBUU= |
| -----END CERTIFICATE----- |
| |
| Certificate: |
| Data: |
| Version: 3 (0x2) |
| Serial Number: 1 (0x1) |
| Signature Algorithm: sha256WithRSAEncryption |
| Issuer: CN=Root |
| Validity |
| Not Before: Jan 1 12:00:00 2015 GMT |
| Not After : Jan 1 12:00:00 2016 GMT |
| Subject: CN=Root |
| Subject Public Key Info: |
| Public Key Algorithm: rsaEncryption |
| Public-Key: (2048 bit) |
| Modulus: |
| 00:d3:fa:b1:7f:2b:e4:ff:ad:10:e9:54:54:ef:6a: |
| 81:02:0b:b6:83:70:89:ae:d9:4d:54:ea:95:99:88: |
| 3d:59:7d:97:1e:fd:b9:9b:53:8b:14:1e:a4:68:07: |
| ed:68:65:68:7d:4f:ba:28:38:ff:87:33:98:2c:32: |
| d0:e5:00:78:0f:6a:20:32:7d:9e:7d:9b:af:e9:39: |
| fe:5c:bc:04:1c:06:1a:11:1a:46:24:34:f7:e3:af: |
| 56:6d:38:8f:46:39:a6:01:fa:56:f9:d7:9e:73:35: |
| 1a:23:94:12:0f:0d:d3:ec:fe:09:57:f6:a0:9c:18: |
| a7:ba:4b:c9:37:a3:0c:60:77:4b:77:5f:c8:9c:7e: |
| b1:5c:b3:43:72:da:c9:6c:c8:71:24:ab:2f:c4:83: |
| bd:b0:4f:60:af:46:0d:7b:34:8f:e9:70:a2:85:ed: |
| 6e:05:df:e3:c1:40:3d:17:b1:f0:a3:7d:e2:17:6f: |
| 3d:fe:11:81:90:1f:c2:f8:bc:2c:d5:9c:fc:04:47: |
| 24:c4:5e:cf:20:0f:31:e8:7d:ea:b5:69:b8:0f:35: |
| 19:5d:13:08:db:d6:a2:dc:7a:33:92:b3:9c:fc:35: |
| de:cf:55:96:f7:52:6e:a9:e2:93:b0:52:07:8d:0f: |
| 95:9c:0e:0d:1b:48:0e:b8:41:4f:eb:68:da:e5:6d: |
| a1:63 |
| Exponent: 65537 (0x10001) |
| X509v3 extensions: |
| X509v3 Subject Key Identifier: |
| 8A:85:CE:7E:DC:AF:15:B7:01:C2:5C:81:3F:3D:14:49:D2:38:08:AB |
| X509v3 Authority Key Identifier: |
| keyid:8A:85:CE:7E:DC:AF:15:B7:01:C2:5C:81:3F:3D:14:49:D2:38:08:AB |
| |
| Authority Information Access: |
| CA Issuers - URI:http://url-for-aia/Root.cer |
| |
| X509v3 CRL Distribution Points: |
| |
| Full Name: |
| URI:http://url-for-crl/Root.crl |
| |
| X509v3 Key Usage: critical |
| Certificate Sign, CRL Sign |
| X509v3 Basic Constraints: critical |
| CA:TRUE |
| Signature Algorithm: sha256WithRSAEncryption |
| 3b:f2:cd:03:ef:d9:61:67:ea:7b:dd:e9:88:13:07:8d:94:51: |
| 62:bb:56:d6:c1:be:8a:d0:a0:81:fe:1d:90:6d:85:94:2c:ac: |
| 33:fb:5d:f6:c9:74:72:7b:f7:5a:b8:e4:b6:dd:30:bb:93:3b: |
| 74:22:e9:fe:e9:5c:b2:8b:d4:a1:21:0c:e6:3c:ee:86:ae:9e: |
| 8a:fd:88:bb:a7:fd:20:bb:9c:ff:d4:ca:6f:66:60:19:14:d1: |
| d1:f2:d6:f3:b2:58:c8:4d:15:30:e1:e0:fc:40:ad:55:25:ba: |
| 8d:25:68:26:c4:64:68:7e:94:e6:f4:96:5a:c4:e6:ba:85:5b: |
| b2:32:d1:82:32:8b:f4:3f:6f:4e:d5:de:2e:d7:09:3c:1f:7e: |
| 93:3a:22:d8:ef:40:41:47:28:80:03:77:0d:f9:51:28:28:b6: |
| 53:24:66:f7:3b:56:6c:53:58:55:b2:49:7c:c4:1a:3d:a1:37: |
| 29:19:8a:9a:99:84:7f:63:ac:21:85:f5:02:5a:5a:1c:7c:0a: |
| 8b:bc:83:ff:80:57:2e:ce:62:c5:79:58:24:12:e8:af:a4:6c: |
| ce:a8:92:2b:25:c4:e3:b6:27:f7:d5:dd:e6:fa:cc:91:6c:59: |
| 5e:f5:a4:e2:4f:0b:18:fa:4e:9c:88:66:20:25:af:87:14:01: |
| 27:08:89:6a |
| -----BEGIN TRUST_ANCHOR_UNCONSTRAINED----- |
| MIIDZTCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290 |
| MB4XDTE1MDEwMTEyMDAwMFoXDTE2MDEwMTEyMDAwMFowDzENMAsGA1UEAwwEUm9v |
| dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANP6sX8r5P+tEOlUVO9q |
| gQILtoNwia7ZTVTqlZmIPVl9lx79uZtTixQepGgH7WhlaH1Puig4/4czmCwy0OUA |
| eA9qIDJ9nn2br+k5/ly8BBwGGhEaRiQ09+OvVm04j0Y5pgH6VvnXnnM1GiOUEg8N |
| 0+z+CVf2oJwYp7pLyTejDGB3S3dfyJx+sVyzQ3LayWzIcSSrL8SDvbBPYK9GDXs0 |
| j+lwooXtbgXf48FAPRex8KN94hdvPf4RgZAfwvi8LNWc/ARHJMRezyAPMeh96rVp |
| uA81GV0TCNvWotx6M5KznPw13s9VlvdSbqnik7BSB40PlZwODRtIDrhBT+to2uVt |
| oWMCAwEAAaOByzCByDAdBgNVHQ4EFgQUioXOftyvFbcBwlyBPz0USdI4CKswHwYD |
| VR0jBBgwFoAUioXOftyvFbcBwlyBPz0USdI4CKswNwYIKwYBBQUHAQEEKzApMCcG |
| CCsGAQUFBzAChhtodHRwOi8vdXJsLWZvci1haWEvUm9vdC5jZXIwLAYDVR0fBCUw |
| IzAhoB+gHYYbaHR0cDovL3VybC1mb3ItY3JsL1Jvb3QuY3JsMA4GA1UdDwEB/wQE |
| AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA78s0D79lh |
| Z+p73emIEweNlFFiu1bWwb6K0KCB/h2QbYWULKwz+132yXRye/dauOS23TC7kzt0 |
| Iun+6Vyyi9ShIQzmPO6Grp6K/Yi7p/0gu5z/1MpvZmAZFNHR8tbzsljITRUw4eD8 |
| QK1VJbqNJWgmxGRofpTm9JZaxOa6hVuyMtGCMov0P29O1d4u1wk8H36TOiLY70BB |
| RyiAA3cN+VEoKLZTJGb3O1ZsU1hVskl8xBo9oTcpGYqamYR/Y6whhfUCWlocfAqL |
| vIP/gFcuzmLFeVgkEuivpGzOqJIrJcTjtif31d3m+syRbFle9aTiTwsY+k6ciGYg |
| Ja+HFAEnCIlq |
| -----END TRUST_ANCHOR_UNCONSTRAINED----- |
| |
| 150302120000Z |
| -----BEGIN TIME----- |
| MTUwMzAyMTIwMDAwWg== |
| -----END TIME----- |
| |
| FAIL |
| -----BEGIN VERIFY_RESULT----- |
| RkFJTA== |
| -----END VERIFY_RESULT----- |
| |
| Target certificate looks like a CA but does not set all CA properties |
| -----BEGIN ERRORS----- |
| VGFyZ2V0IGNlcnRpZmljYXRlIGxvb2tzIGxpa2UgYSBDQSBidXQgZG9lcyBub3Qgc2V0IGFsbCBDQSBwcm9wZXJ0aWVz |
| -----END ERRORS----- |