JFIF       %%-))-969KKd       %%-))-969KKd! f%eK_.T  v_/n6q>e}&Cx@t7OuqySN%y%tz@ Un(quo{tS]\~LzǚPk;fϛϹ2y-=_z.NWW7DW@'4`3w3rr;hP8B%ַBe]`7Ҽo1e)弆O|4Wk*}7Su[9=U 9 |_+:@}@˵u@ g<4N<@=/ I(~}qq=y- u|. y'`3S+4$e= k4P]M^_Nou*R-,X0EI}m&LtVȱa|R\@ ʟ+YeIlY`XV^HV/c-eb du ̈́_2+DpV ` ^^->t7JydE]I 8:7#j̀iiVbp~o݃[}zwGF@-(RTJY@ Ty}X 1!2AQaq"3BR`r@PSb #4CTs0DU$EFcd?Lc4\K#E1$@CV8OƂZ5g;.141;%]6e laǃpv8)80D1ŌxLgWYc+z%:( w^PtdԣV Z:qDsh W) ͷ+~FO]"բ?eN 4)WREZ;T+}]:FRtI ѱއ>'s_[\qNhK ' ^qJv9 ]ʜ1FMzwF8ѯBIp-g`?si;|Hr%>jOh29-+-gQmBH?3P9e')>[k^OaxtLiS30ҿ6*o--I$ 1 z2+OЪ+i˺,_n3(~}StUMc \xSmGD0jMB06%') #1c6s/iaIɉgC%Yoi**MHЛ=rh ĭ總 E>Jў2+ct/^$[_kAOʕicR4qm#Lw!Squ/:e%~zMBfa|e7PUC|"/)CD\cy gڰF9(?\jU+>Cwl#>x^'a7C}LYX<@X`W8P hۂx͍q֜?de1qe* NDuTm-ߣ y+pUy*9aĺ:P4n$2&BTϵ@ a>v3uc,(uF0jˊ́a~32f2=ήZe[r!F !Bu)b FŌt%41N/֑41n1|> 1^;1=IĖEpq%"{/~M.QWDdUA6~z>kPh2Oi?Uc[`+l;՚':۾ږtoZjQ7\:Z3}~ &ڮRQH{mDq0TaM5i:5sC0x<]=Mp c!C<6]~vpxeH[AmY'iԖ_~ a(Ȕ@+a< w] wbk1#aD 9. ?p$ Qؒi-8S㨸f45t:ʙѾ.{mMshU1k\z^*#It@ v:%#iSZ.{.Vemm,Z3*;HtU8E.v'e ޴ 4WwLDe)jY*R'?wM֣ b+IfO('Y J$o޼ l.蕁~ Y Em>Y^m"r^4w}2PI7R1gV\wtVT׿w'*N{ZGN8qzrM/LO~ O~|ڞ櫮o{\dV斀AJmn E#HQg$!{XM'{u* 4O)>F.";l2z3IJ2?Fh7)rjrv@ AJlУ 0`StpGD&nƒpxΡ}P늿D@cEH҆2[9a}U/biEzu)xYR>߹q (yA~ُp \U\L\6~" U'>GJOP,ko:JGI*٢C8f8굟m#GV̐Cj]}N_]aJulE.+I&y5 6*TGHZRů}efjv"\3/3_hq՝g !ir,ܐv%~*lXccyo) 拏Qp_tT3!,Dur!CH7;9GQQmE:ÑCaƅ;zeij;d+% z#e%gdI9E5BB&۟S"=C(>{֠ ɫNUळiu>;P}حW]ouBmJS0ktRtDm+$ԫU_dq)$ ʃnLGSፑf'vlzP/_]QԂ]ȗ|W\;wTSf!m,ri{w了enP(`*.1i2.}e@;HA&_N᷸1|:Gjڒj~i/֬]1(N +^ bQq:›m*o5Y(.JPV[3ޭj֭j+i(uָ]kV)A/%X Fa?8'o>ꝣKks\_k)S%zDTRw#h#e#1Euk&,Yw+Ap"PIZ*j*Ug">m>|ڇ(#FXzCi9%J'H3Xwi-9s0S`R^֮ YLJz+q^i}i1jLK+ [ NzDSq[+Q'ݖl=s<[iIWz=%}[jɁ֠$$N7IUm83SVŭw)#0$g C26^ʓW<=B>{R)&繻8j3cbbce7TE1r\'}FūLO+KʢXm/=H 6FaRHI^Lȹ83g9CM93쑑nE)=q4I$s'ݠajm]"O>L4Vb;(eHm$֫ӆyYtYYr(<Ɠ2Fm "f֒;Tξu8jZR$b!E*9 yy+V:Dm Œ9@-f*l2#ٿPt#T҂ӵ&;AȃWlf xϜZكfj%bs ,/uN{,Gz*kkP M6f/0[I;S)ml-؉)~q9v`ǣ4gZJ}h&dﺥ#{}uDa7j(I'2OҒMF7 .Ey<$5;2ժTI %)TwG54Ŭ Kb6rG;uq\[8DJ'i$?Pq-ݗs\JGkYO2%}b\9;Tk⾜3%qSd( [O4i'jQՃ &F Ҧ T2!G{N j~:Cz J3|xd(6TZ a b5gfK\I)WYARA(RVE$G8at̖qWq{B:Q^g3QzcAZrH|GMcjb{+)r=>:de:¹[QOe@>ISP1nIq!:3G).!ŶB꠲#0Eb2"Lt4ƺKCGn9P=PeoX8@fղ Gi9k ^aHAV<)GG*k_aUΜWsX4ʷ\%m,W*F}<1E/&NJIʳ:PmeRuń%A<ᶧ2s^s-9$PHw]ZB#[>9Fm*>Ut.HugK9uaAF.%fW&J~$k^S:iގT9_5`_bR`ܒ(8Fa?jMc4Pŭ!VB7 W+߀ i>b٠,]?<{aXgpJ]璹نrV53-)p:,R%>#W۲4K{%L%]ͅP,7"[NI:ܴ- AJr)#"=k#Eoa PP$C>7m_t ڠcJZymA [qwDw|*3(FMۭ\KP-'1WK, suu;~ZaTnyi$A =46i֑AUU"l:gA ]"8&ד<{z&O!WF^XGhViWM\q(*p#Fk?p\Ym*J3B3'%jn+ IG{VcVL-f7 #/u}5bD7XMi!{#b$U]q\RGa ;OZXv^WZ\ܭ( lhSˎ6 V'h GY{49$r8AIȃ#V$HL/~l.]:>29:EkSO%N$Ϋkͯ⫝̸yˮ0mE+IVwuIu>Xj%6@[k)aqJz|؏!Υ֔RP.l@tⵅkZg'5nrqDU^kJBEBfrG)+J$"dB3#ٔk4yQCz9S\8'#/5cˑYO(4dhIM<6BߢJNDZFEgD6vnl|^kr;^hϨ1!ʌ:įZBᝋx|T+'!c t"YH=)"g6-t+.Ur$+ZzRG s*f9_QY4El>DI[}B=>v)iTg[?oWwۿlWG69k{Qx]-*$<-=W¹nUĂ}G4tZ]^Q8m!])SyR)vOR(_Aiϵei#{$hਧ.SLN}߬e}EgZwgAWPBcZÖ']P ;2/hy}1M9Fj'.ӖZy-,r ND|jlC)jqSʚV)]p3;❀[:tBH##HqhZr\j"tG-тtHtB24PJ:w;xI0$ wEQ#)FejK rSw|">Tҙ#2Xc8g,(L`S2 tM>5@<)A71iXSlHڛ9(y4KUu:xARdf5\Zq|m{ӭjI8%. ڟ5pxvqd(9P$#"8CQ NKFۘ;RTPE8^`WãRxL髍{}ġͭ緗Ҍ/<xcKOVy0\{Uk85A07)_uCuopN>~3e e޽ytYnDm3)ܠ&,![y3CcؽK+raޱX~aRbm<wE #+ԺQXfGq+h[71_A* [V٣sCEXb\fNiXNݔz NҲ wrG"+ kлYI`ϼUՄ o9Vc7^[Y"E]W>(GSkt]Gcx~hM`?WV8q w< `bJb̑ NNG[xr̈>Kþ7<7H56pIEKgoE`?4e)ޛ)7M(-4ot}LDG6"qycg~x{>8.,7W_ɦ/nG|MFU^VYpa",BBBH;GC#2JerK*ZIqbIphت݉)c繥ՅVtLnEcf62:;\Rw@{ S5Q $ϑTz;EzFO5Pn.NA<~ҌoXR|Ig$^]A|^_mmҷj8mbMbՅHmvI_MqƊFCq&Б%z>ΧKEAg4y;/0f[|@$SG,h5@0RȁцEH-qm%Kb%Dx:0XNHWIᰵ$G)|^ χ,m,#%6צIpO FDFUH5JKlI>Vxn;ĶY;dZkarnƭaeG< W#9+؄l?jEmDo<~W++0#π*<.ۘZ+H$VfF|J&#N ?*<<⢌՞\.#I: !#Sh-4'F |-[WQFH7 )d`JFCbFɞ9N9vՅW4xPOBHc2a"*90Iv5IGI<hI I*'Ƿ.-m1ȼѹKF2ٷ;*A*T6FDSKsipI tGx f$9 Ǐzf{kd@r:/?(i^b 3)_g;&IEWu̓*2t7qL Ti5, wdXr&Gwmŏy)IJD+iE:v6[=9ʰ;q` =}#q:<>~mFU631TqQ (t2/c~ iK'y˴TlxsF_$ {a8[yfc>Y͘k8&9x\Նڻ{I&7+ fv F=,ꌼcCA[c:麑î6B겦&|mFm㪈Rfw .xJês1?_UnuQGǪ?6wR5b-:q{wK  !1A2Qq"@PRa #03BCSbr4$T`c?K)o<rzѸUL<6K4F̘E¹?Q7 QZtʄSV9iE$m6vU>8_F!zaS# j_4Jzm_bȚ;/:Iq7A9Qڜp͖!QTaOSTQzqS5U{LHOWc;TWUA}YWqUNKURѾĴ:gfYnQ*dv?F6i1G6[H?W*!Wl 8OlE?U$jv<&Rا@TG"X޺51?Ikymc{TLʧA4Y+#a=[#j Ge;@֍Xًv_(uVgJjbէz;5$۱ʡ)zv|eS u̎b{ean<6\;CQ<@΍b{ZM%[*n,z{EZR++e`w޹bh9cWF2ǴU:RMWd架;UJcDtK_G@y5GāYzF 8cWb㖈qw4ecqMis,)',o=ߘq5e-0j.}xNGq?d;D5T Dbng2!zN%i`IJ4]JN Kv ./iLZFOii h=yn%wdԲ:d뉆2 ]|1jnvBV@XkxN_;J Kӯ$ΟVlXm x[0'id =qcamjdӚȹaE4rY26!۩PS#U v{-51~q<'x;Z *'Fg"pojg9l:5W媴txyyUU%`_58Mngv[+jz>XwbIt$]ɞ*{ &b^F=C4ЏZ+ F\pR]9c1b * @@K,\ϔ =0<9N{U^ozﺊ<˒D4p2 ,Ƿ˗:#]j*&*jFTܪTdF@x8׭CX2U&y({9b駴to90\DUaaƏ@J:tš#x]d0pUiJ!Џ_1Ke9s$\t%ZiW-]ZVp[!c8OڋGPmM 'ÈX$I"s)Ȍ[ڦT ׫wJsn$QӨ]dJ[;~ԕ$lŧt}7RU@&778ܷK "$4C^iQ􄆺h(Cg#P QҤ1 7~V=6~8:#7/N5qz=8ȂiEʀJpnx8.9@~1m3sE? :zqGY}:O#yw23$1%m}8`E毑s_PznQ[LF%D;S)י -YW < quTݪҒl>I£$qG,Ȑf=g + `~}m5dO+ipyOfv]ishu*8tx"4n7putfV]D`i=ZHWIwȩ<[.P\xӊF)jbKfzASi{*u#8 9p뚰 H@ff>,`2 L6b8 mw{Hn3|b3Fg1e6C<eH /_~B#L *t0xbS% 웞: Aɔ89hjd[OY墪9sŎzNZ:&Yiu%MGw=Y ]QӍ -u@'p[wK%suԘse^wbiɫ:f䲯4ֶCP JFE32 X;yVeAbFyyX%H ,vgb~Ksʊ&V φ 5f̅2K7ZVԎBLǑ=zv-yq,nȇ'(:8$(rH*!S RI.Lj"9\W>])|›\o?-tEs#678PI:e5n$i0ScudA F(ET lq{讬3 28xۆ1IPԲ v0r$0{[J*cyA 1OQ-3f5;׆!`;mV[g{*d$221VR8jk.aH)7c=BO>~ T77XӇʧ _NاVV:Gye)NKk Ǵ`ՏS=Wy\cu`}@8C2su XqC Պ̜xEU ڭ{$KόI@F؛NLOA$F[X2rĔG L\wE2J3S8IJ2e`A7),b +noĐ<{XA"Lj%W̮RI7=e0O {F 3t6ǽN7aNHmo!_5G/GGz`ǻwl${wzd2X,!a/@X{wh]S MARIJUANA
MARIJuANA
— DIOS — NO — CREA — NADA — EN — VANO —
©TheAlmightyZeus
# # OpenSSL example configuration file. # This is mostly being used for generation of certificate requests. # # Note that you can include other files from the main configuration # file using the .include directive. #.include filename # This definition stops the following lines choking if HOME isn't # defined. HOME = . # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid oid_section = new_oids # System default openssl_conf = default_conf # To use this configuration file with the "-extfile" option of the # "openssl x509" utility, name here the section containing the # X.509v3 extensions to use: # extensions = # (Alternatively, use a configuration file that has only # X.509v3 extensions in its main [= default] section.) [ new_oids ] # We can add new OIDs in here for use by 'ca', 'req' and 'ts'. # Add a simple OID like this: # testoid1=1.2.3.4 # Or use config file substitution like this: # testoid2=${testoid1}.5.6 # Policies used by the TSA examples. tsa_policy1 = 1.2.3.4.1 tsa_policy2 = 1.2.3.4.5.6 tsa_policy3 = 1.2.3.4.5.7 #################################################################### [ ca ] default_ca = CA_default # The default ca section #################################################################### [ CA_default ] dir = ./demoCA # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. #unique_subject = no # Set to 'no' to allow creation of # several certs with same subject. new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.pem # The CA certificate serial = $dir/serial # The current serial number crlnumber = $dir/crlnumber # the current crl number # must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key x509_extensions = usr_cert # The extensions to add to the cert # Comment out the following two lines for the "traditional" # (and highly broken) format. name_opt = ca_default # Subject Name options cert_opt = ca_default # Certificate field options # Extension copying option: use with caution. # copy_extensions = copy # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs # so this is commented out by default to leave a V1 CRL. # crlnumber must also be commented out to leave a V1 CRL. # crl_extensions = crl_ext default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = default # use public key default MD preserve = no # keep passed DN ordering # A few difference way of specifying how similar the request should look # For type CA, the listed attributes must be the same, and the optional # and supplied fields are just that :-) policy = policy_match # For the CA policy [ policy_match ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional # For the 'anything' policy # At this point in time, you must list all acceptable 'object' # types. [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional #################################################################### [ req ] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_ca # The extensions to add to the self signed cert # Passwords for private keys if not present they will be prompted for # input_password = secret # output_password = secret # This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString (PKIX recommendation before 2004) # utf8only: only UTF8Strings (PKIX recommendation after 2004). # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). # MASK:XXXX a literal mask value. # WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. string_mask = utf8only # req_extensions = v3_req # The extensions to add to a certificate request [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = AU countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Some-State localityName = Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) 0.organizationName_default = Internet Widgits Pty Ltd # we can do this but it is not needed normally :-) #1.organizationName = Second Organization Name (eg, company) #1.organizationName_default = World Wide Web Pty Ltd organizationalUnitName = Organizational Unit Name (eg, section) #organizationalUnitName_default = commonName = Common Name (e.g. server FQDN or YOUR name) commonName_max = 64 emailAddress = Email Address emailAddress_max = 64 # SET-ex3 = SET extension number 3 [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 unstructuredName = An optional company name [ usr_cert ] # These extensions are added when 'ca' signs a request. # This goes against PKIX guidelines but some CAs do it and some software # requires this to avoid interpreting an end user certificate as a CA. basicConstraints=CA:FALSE # Here are some examples of the usage of nsCertType. If it is omitted # the certificate can be used for anything *except* object signing. # This is OK for an SSL server. # nsCertType = server # For an object signing certificate this would be used. # nsCertType = objsign # For normal client use this is typical # nsCertType = client, email # and for everything including object signing: # nsCertType = client, email, objsign # This is typical in keyUsage for a client certificate. # keyUsage = nonRepudiation, digitalSignature, keyEncipherment # This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer # This stuff is for subjectAltName and issuerAltname. # Import the email address. # subjectAltName=email:copy # An alternative to produce certificates that aren't # deprecated according to PKIX. # subjectAltName=email:move # Copy subject details # issuerAltName=issuer:copy #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem #nsBaseUrl #nsRevocationUrl #nsRenewalUrl #nsCaPolicyUrl #nsSslServerName # This is required for TSA certificates. # extendedKeyUsage = critical,timeStamping [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment [ v3_ca ] # Extensions for a typical CA # PKIX recommendation. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer basicConstraints = critical,CA:true # Key usage: this is typical for a CA certificate. However since it will # prevent it being used as an test self-signed certificate it is best # left out by default. # keyUsage = cRLSign, keyCertSign # Some might want this also # nsCertType = sslCA, emailCA # Include email address in subject alt name: another PKIX recommendation # subjectAltName=email:copy # Copy issuer details # issuerAltName=issuer:copy # DER hex encoding of an extension: beware experts only! # obj=DER:02:03 # Where 'obj' is a standard or added object # You can even override a supported extension: # basicConstraints= critical, DER:30:03:01:01:FF [ crl_ext ] # CRL extensions. # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. # issuerAltName=issuer:copy authorityKeyIdentifier=keyid:always [ proxy_cert_ext ] # These extensions should be added when creating a proxy certificate # This goes against PKIX guidelines but some CAs do it and some software # requires this to avoid interpreting an end user certificate as a CA. basicConstraints=CA:FALSE # Here are some examples of the usage of nsCertType. If it is omitted # the certificate can be used for anything *except* object signing. # This is OK for an SSL server. # nsCertType = server # For an object signing certificate this would be used. # nsCertType = objsign # For normal client use this is typical # nsCertType = client, email # and for everything including object signing: # nsCertType = client, email, objsign # This is typical in keyUsage for a client certificate. # keyUsage = nonRepudiation, digitalSignature, keyEncipherment # This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer # This stuff is for subjectAltName and issuerAltname. # Import the email address. # subjectAltName=email:copy # An alternative to produce certificates that aren't # deprecated according to PKIX. # subjectAltName=email:move # Copy subject details # issuerAltName=issuer:copy #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem #nsBaseUrl #nsRevocationUrl #nsRenewalUrl #nsCaPolicyUrl #nsSslServerName # This really needs to be in place for it to be a proxy certificate. proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo #################################################################### [ tsa ] default_tsa = tsa_config1 # the default TSA section [ tsa_config1 ] # These are used by the TSA reply generation only. dir = ./demoCA # TSA root directory serial = $dir/tsaserial # The current serial number (mandatory) crypto_device = builtin # OpenSSL engine to use for signing signer_cert = $dir/tsacert.pem # The TSA signing certificate # (optional) certs = $dir/cacert.pem # Certificate chain to include in reply # (optional) signer_key = $dir/private/tsakey.pem # The TSA private key (optional) signer_digest = sha256 # Signing digest to use. (Optional) default_policy = tsa_policy1 # Policy if request did not specify it # (optional) other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) accuracy = secs:1, millisecs:500, microsecs:100 # (optional) clock_precision_digits = 0 # number of digits after dot. (optional) ordering = yes # Is ordering defined for timestamps? # (optional, default: no) tsa_name = yes # Must the TSA name be included in the reply? # (optional, default: no) ess_cert_id_chain = no # Must the ESS cert id chain be included? # (optional, default: no) ess_cert_id_alg = sha1 # algorithm to compute certificate # identifier (optional, default: sha1) [default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect [system_default_sect] MinProtocol = TLSv1.2 CipherString = DEFAULT@SECLEVEL=2