forked from pool/ca-certificates-mozilla
Accepting request 36567 from Base:System
Copy from Base:System/ca-certificates-mozilla based on submit request 36567 from user lnussel OBS-URL: https://build.opensuse.org/request/show/36567 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ca-certificates-mozilla?expand=0&rev=1
This commit is contained in:
commit
f92238c166
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
## Default LFS
|
||||||
|
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.png filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zst filter=lfs diff=lfs merge=lfs -text
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
.osc
|
36
ca-certificates-mozilla.COPYING
Normal file
36
ca-certificates-mozilla.COPYING
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
# ***** BEGIN LICENSE BLOCK *****
|
||||||
|
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||||
|
#
|
||||||
|
# The contents of this file are subject to the Mozilla Public License Version
|
||||||
|
# 1.1 (the "License"); you may not use this file except in compliance with
|
||||||
|
# the License. You may obtain a copy of the License at
|
||||||
|
# http://www.mozilla.org/MPL/
|
||||||
|
#
|
||||||
|
# Software distributed under the License is distributed on an "AS IS" basis,
|
||||||
|
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||||
|
# for the specific language governing rights and limitations under the
|
||||||
|
# License.
|
||||||
|
#
|
||||||
|
# The Original Code is the Netscape security libraries.
|
||||||
|
#
|
||||||
|
# The Initial Developer of the Original Code is
|
||||||
|
# Netscape Communications Corporation.
|
||||||
|
# Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||||
|
# the Initial Developer. All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Contributor(s):
|
||||||
|
#
|
||||||
|
# Alternatively, the contents of this file may be used under the terms of
|
||||||
|
# either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||||
|
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||||
|
# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||||
|
# of those above. If you wish to allow use of your version of this file only
|
||||||
|
# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||||
|
# use your version of this file under the terms of the MPL, indicate your
|
||||||
|
# decision by deleting the provisions above and replace them with the notice
|
||||||
|
# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||||
|
# the provisions above, a recipient may use your version of this file under
|
||||||
|
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||||
|
#
|
||||||
|
# ***** END LICENSE BLOCK *****
|
||||||
|
|
53
ca-certificates-mozilla.changes
Normal file
53
ca-certificates-mozilla.changes
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Apr 1 12:14:11 UTC 2010 - lnussel@suse.de
|
||||||
|
|
||||||
|
- don't output trusted certs by default as it's not supported by
|
||||||
|
gnutls yet and pidgin scans /etc/ssl/certs
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Apr 1 11:39:01 UTC 2010 - lnussel@suse.de
|
||||||
|
|
||||||
|
- update certificates to revision 1.62
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Mar 26 15:27:34 UTC 2010 - lnussel@suse.de
|
||||||
|
|
||||||
|
- extract trustbits as comment as Fedora does
|
||||||
|
- convert to trusted certificates in spec file instead
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Mar 25 08:16:56 UTC 2010 - lnussel@suse.de
|
||||||
|
|
||||||
|
- rename to ca-certificates-mozilla
|
||||||
|
- output trusted certificates
|
||||||
|
- use utf8 in file names
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Feb 2 16:27:35 UTC 2010 - lnussel@suse.de
|
||||||
|
|
||||||
|
- update certificates to revision 1.57
|
||||||
|
- add script to compare with previous certificates
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Sep 30 13:17:45 UTC 2009 - lnussel@suse.de
|
||||||
|
|
||||||
|
- update certifiates to cvs revision 1.56
|
||||||
|
- exclude certficates that are not trusted for identifying web sites
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Dec 2 11:29:03 CET 2008 - cfarrell@suse.de
|
||||||
|
|
||||||
|
- Add openssl-certs.COPYING to fix bnc#441356
|
||||||
|
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Oct 9 17:49:57 CEST 2008 - lnussel@suse.de
|
||||||
|
|
||||||
|
- use certificates from MozillaFirefox
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jul 9 15:15:38 CEST 2008 - mkoenig@suse.de
|
||||||
|
|
||||||
|
- split out the CA root certificates from the openssl certs
|
||||||
|
subpackage into a package of its own.
|
||||||
|
|
109
ca-certificates-mozilla.spec
Normal file
109
ca-certificates-mozilla.spec
Normal file
@ -0,0 +1,109 @@
|
|||||||
|
#
|
||||||
|
# spec file for package ca-certificates-mozilla (Version 1.62)
|
||||||
|
#
|
||||||
|
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
# norootforbuild
|
||||||
|
|
||||||
|
%bcond_with trustedcerts
|
||||||
|
|
||||||
|
BuildRequires: openssl
|
||||||
|
|
||||||
|
Name: ca-certificates-mozilla
|
||||||
|
%define sslusrdir %{_datadir}/ca-certificates
|
||||||
|
License: BSD3c(or similar) ; MPL 1.1/GPL 2.0/LGPL 2.1
|
||||||
|
Group: Productivity/Networking/Security
|
||||||
|
AutoReqProv: on
|
||||||
|
Version: 1.62
|
||||||
|
Release: 1
|
||||||
|
Summary: CA certificates for OpenSSL
|
||||||
|
Url: http://www.mozilla.org
|
||||||
|
# IMPORTANT: procedure to update certificates:
|
||||||
|
# - Check the CVS log of the cert file:
|
||||||
|
# http://bonsai.mozilla.org/cvslog.cgi?file=mozilla/security/nss/lib/ckfw/builtins/certdata.txt&rev=HEAD
|
||||||
|
# - download the new certdata.txt
|
||||||
|
# wget -O certdata.txt "http://mxr.mozilla.org/mozilla/source//security/nss/lib/ckfw/builtins/certdata.txt?raw=1"
|
||||||
|
# - run compareoldnew to show fingerprints of new and changed certificates
|
||||||
|
# - check the bugs referenced in cvs log and compare the checksum
|
||||||
|
# to output of compareoldnew
|
||||||
|
# - Watch out that blacklisted or untrusted certificates are not
|
||||||
|
# accidentally included!
|
||||||
|
Source: certdata.txt
|
||||||
|
Source1: extractcerts.pl
|
||||||
|
Source2: %{name}.COPYING
|
||||||
|
Source3: compareoldnew
|
||||||
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
BuildArch: noarch
|
||||||
|
# for update-ca-certificates
|
||||||
|
PreReq: ca-certificates
|
||||||
|
#
|
||||||
|
Provides: openssl-certs = 0.9.9
|
||||||
|
Obsoletes: openssl-certs < 0.9.9
|
||||||
|
|
||||||
|
%description
|
||||||
|
This package contains some CA root certificates for OpenSSL extracted
|
||||||
|
from MozillaFirefox
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -qcT
|
||||||
|
install -m 644 %{S:1} COPYING
|
||||||
|
|
||||||
|
%build
|
||||||
|
perl %{SOURCE1} --trustbits < %{SOURCE0}
|
||||||
|
|
||||||
|
%install
|
||||||
|
mkdir -p %{buildroot}/%{sslusrdir}/mozilla
|
||||||
|
set +x
|
||||||
|
for i in *.pem; do
|
||||||
|
args=()
|
||||||
|
trust=`sed -n '/^# openssl-trust=/{s/^.*=//;p;q;}' "$i"`
|
||||||
|
alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' "$i"`
|
||||||
|
%if %{with trustedcerts}
|
||||||
|
args+=('-trustout')
|
||||||
|
for t in $trust; do
|
||||||
|
args+=("-addtrust" "$t")
|
||||||
|
done
|
||||||
|
[ -z "$alias" ] || args+=('-setalias' "$alias")
|
||||||
|
%else
|
||||||
|
case "$trust" in
|
||||||
|
*serverAuth*) ;;
|
||||||
|
*) echo "skipping $i, not trusted for serverAuth"; continue ;;
|
||||||
|
esac
|
||||||
|
%endif
|
||||||
|
echo "$i"
|
||||||
|
{
|
||||||
|
grep '^#' "$i"
|
||||||
|
openssl x509 -in "$i" "${args[@]}"
|
||||||
|
} > "%{buildroot}/%{sslusrdir}/mozilla/$i"
|
||||||
|
done
|
||||||
|
set -x
|
||||||
|
|
||||||
|
%clean
|
||||||
|
rm -rf %{buildroot}
|
||||||
|
|
||||||
|
%post
|
||||||
|
update-ca-certificates || true
|
||||||
|
|
||||||
|
%postun
|
||||||
|
update-ca-certificates || true
|
||||||
|
|
||||||
|
%files
|
||||||
|
%defattr(-, root, root)
|
||||||
|
%doc COPYING
|
||||||
|
%{sslusrdir}/mozilla
|
||||||
|
|
||||||
|
%changelog
|
21023
certdata.txt
Normal file
21023
certdata.txt
Normal file
File diff suppressed because it is too large
Load Diff
40
compareoldnew
Normal file
40
compareoldnew
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# print fingerprints of new or changed certificates
|
||||||
|
set -e
|
||||||
|
cleanup()
|
||||||
|
{
|
||||||
|
rm -rf new{,.files} old{,.files}
|
||||||
|
}
|
||||||
|
showcert()
|
||||||
|
{
|
||||||
|
openssl x509 -in "$1" -noout -subject -fingerprint -nameopt multiline,utf8,-esc_msb \
|
||||||
|
| sed -ne 's/ *commonName *= / CN: /p; s/.*Fingerprint=/ sha1: /p'
|
||||||
|
}
|
||||||
|
cleanup
|
||||||
|
trap cleanup EXIT
|
||||||
|
mkdir old new
|
||||||
|
cd old
|
||||||
|
echo old...
|
||||||
|
VERBOSE=1 ../extractcerts.pl < ../.osc/certdata.txt | sort > ../old.files
|
||||||
|
cd ..
|
||||||
|
cd new
|
||||||
|
echo new...
|
||||||
|
VERBOSE=1 ../extractcerts.pl < ../certdata.txt | sort > ../new.files
|
||||||
|
cd ..
|
||||||
|
echo '----------------------------'
|
||||||
|
while read line; do
|
||||||
|
IFS='#' eval set -- \$line
|
||||||
|
old="$1"
|
||||||
|
new="$2"
|
||||||
|
common="$3"
|
||||||
|
if [ -n "$old" ]; then
|
||||||
|
echo "$old has been deleted"
|
||||||
|
elif [ -n "$new" ]; then
|
||||||
|
echo "new: $new"
|
||||||
|
showcert new/$new
|
||||||
|
elif ! cmp "old/$common" "new/$common"; then
|
||||||
|
echo "*** $common differs!"
|
||||||
|
showcert old/$common
|
||||||
|
showcert old/$common
|
||||||
|
fi
|
||||||
|
done < <(comm --output-delimiter='#' old.files new.files)
|
202
extractcerts.pl
Normal file
202
extractcerts.pl
Normal file
@ -0,0 +1,202 @@
|
|||||||
|
#!/usr/bin/perl -w
|
||||||
|
#
|
||||||
|
# ***** BEGIN LICENSE BLOCK *****
|
||||||
|
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||||
|
#
|
||||||
|
# The contents of this file are subject to the Mozilla Public License Version
|
||||||
|
# 1.1 (the "License"); you may not use this file except in compliance with
|
||||||
|
# the License. You may obtain a copy of the License at
|
||||||
|
# http://www.mozilla.org/MPL/
|
||||||
|
#
|
||||||
|
# Software distributed under the License is distributed on an "AS IS" basis,
|
||||||
|
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||||
|
# for the specific language governing rights and limitations under the
|
||||||
|
# License.
|
||||||
|
#
|
||||||
|
# The Original Code is the Netscape security libraries.
|
||||||
|
#
|
||||||
|
# The Initial Developer of the Original Code is
|
||||||
|
# Netscape Communications Corporation.
|
||||||
|
# Portions created by the Initial Developer are Copyright (C) 1994-2000
|
||||||
|
# the Initial Developer. All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Contributor(s):
|
||||||
|
#
|
||||||
|
# Alternatively, the contents of this file may be used under the terms of
|
||||||
|
# either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||||
|
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||||
|
# in which case the provisions of the GPL or the LGPL are applicable instead
|
||||||
|
# of those above. If you wish to allow use of your version of this file only
|
||||||
|
# under the terms of either the GPL or the LGPL, and not to allow others to
|
||||||
|
# use your version of this file under the terms of the MPL, indicate your
|
||||||
|
# decision by deleting the provisions above and replace them with the notice
|
||||||
|
# and other provisions required by the GPL or the LGPL. If you do not delete
|
||||||
|
# the provisions above, a recipient may use your version of this file under
|
||||||
|
# the terms of any one of the MPL, the GPL or the LGPL.
|
||||||
|
#
|
||||||
|
# ***** END LICENSE BLOCK *****
|
||||||
|
use strict;
|
||||||
|
use Encode;
|
||||||
|
|
||||||
|
my $count = 0;
|
||||||
|
my @certificates = ();
|
||||||
|
my %trusts = ();
|
||||||
|
my $object = undef;
|
||||||
|
my $output_trustbits;
|
||||||
|
|
||||||
|
my %trust_types = (
|
||||||
|
"CKA_TRUST_DIGITAL_SIGNATURE" => "digital-signature",
|
||||||
|
"CKA_TRUST_NON_REPUDIATION" => "non-repudiation",
|
||||||
|
"CKA_TRUST_KEY_ENCIPHERMENT" => "key-encipherment",
|
||||||
|
"CKA_TRUST_DATA_ENCIPHERMENT" => "data-encipherment",
|
||||||
|
"CKA_TRUST_KEY_AGREEMENT" => "key-agreement",
|
||||||
|
"CKA_TRUST_KEY_CERT_SIGN" => "cert-sign",
|
||||||
|
"CKA_TRUST_CRL_SIGN" => "crl-sign",
|
||||||
|
"CKA_TRUST_SERVER_AUTH" => "server-auth",
|
||||||
|
"CKA_TRUST_CLIENT_AUTH" => "client-auth",
|
||||||
|
"CKA_TRUST_CODE_SIGNING" => "code-signing",
|
||||||
|
"CKA_TRUST_EMAIL_PROTECTION" => "email-protection",
|
||||||
|
"CKA_TRUST_IPSEC_END_SYSTEM" => "ipsec-end-system",
|
||||||
|
"CKA_TRUST_IPSEC_TUNNEL" => "ipsec-tunnel",
|
||||||
|
"CKA_TRUST_IPSEC_USER" => "ipsec-user",
|
||||||
|
"CKA_TRUST_TIME_STAMPING" => "time-stamping",
|
||||||
|
"CKA_TRUST_STEP_UP_APPROVED" => "step-up-approved",
|
||||||
|
);
|
||||||
|
|
||||||
|
my %openssl_trust = (
|
||||||
|
CKA_TRUST_SERVER_AUTH => 'serverAuth',
|
||||||
|
CKA_TRUST_CLIENT_AUTH => 'clientAuth',
|
||||||
|
CKA_TRUST_EMAIL_PROTECTION => 'emailProtection',
|
||||||
|
CKA_TRUST_CODE_SIGNING => 'codeSigning',
|
||||||
|
);
|
||||||
|
|
||||||
|
if (@ARGV && $ARGV[0] eq '--trustbits') {
|
||||||
|
shift @ARGV;
|
||||||
|
$output_trustbits = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
sub handle_object($)
|
||||||
|
{
|
||||||
|
my $object = shift;
|
||||||
|
return unless $object;
|
||||||
|
if($object->{'CKA_CLASS'} eq 'CKO_CERTIFICATE' && $object->{'CKA_CERTIFICATE_TYPE'} eq 'CKC_X_509') {
|
||||||
|
push @certificates, $object;
|
||||||
|
} elsif ($object->{'CKA_CLASS'} eq 'CKO_NETSCAPE_TRUST') {
|
||||||
|
my $label = $object->{'CKA_LABEL'};
|
||||||
|
die "$label exists" if exists($trusts{$label});
|
||||||
|
$trusts{$label} = $object;
|
||||||
|
} elsif ($object->{'CKA_CLASS'} eq 'CKO_NETSCAPE_BUILTIN_ROOT_LIST') {
|
||||||
|
# ignore
|
||||||
|
} else {
|
||||||
|
print STDERR "class ", $object->{'CKA_CLASS'} ," not handled\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
while(<>) {
|
||||||
|
my @fields = ();
|
||||||
|
|
||||||
|
s/^((?:[^"#]+|"[^"]*")*)(\s*#.*$)/$1/;
|
||||||
|
next if (/^\s*$/);
|
||||||
|
|
||||||
|
if( /(^CVS_ID\s+)(.*)/ ) {
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
|
||||||
|
# This was taken from the perl faq #4.
|
||||||
|
my $text = $_;
|
||||||
|
push(@fields, $+) while $text =~ m{
|
||||||
|
"([^\"\\]*(?:\\.[^\"\\]*)*)"\s? # groups the phrase inside the quotes
|
||||||
|
| ([^\s]+)\s?
|
||||||
|
| \s
|
||||||
|
}gx;
|
||||||
|
push(@fields, undef) if substr($text,-1,1) eq '\s';
|
||||||
|
|
||||||
|
if( $fields[0] =~ /BEGINDATA/ ) {
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
|
||||||
|
if( $fields[1] =~ /MULTILINE/ ) {
|
||||||
|
$fields[2] = "";
|
||||||
|
while(<>) {
|
||||||
|
last if /END/;
|
||||||
|
chomp;
|
||||||
|
$fields[2] .= $_;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if( $fields[0] =~ /CKA_CLASS/ ) {
|
||||||
|
$count++;
|
||||||
|
handle_object($object);
|
||||||
|
$object = {};
|
||||||
|
}
|
||||||
|
|
||||||
|
$object->{$fields[0]} = $fields[2];
|
||||||
|
}
|
||||||
|
handle_object($object);
|
||||||
|
|
||||||
|
use MIME::Base64;
|
||||||
|
for my $cert (@certificates) {
|
||||||
|
my $alias = $cert->{'CKA_LABEL'};
|
||||||
|
if(!exists($trusts{$alias})) {
|
||||||
|
print STDERR "NO TRUST: $alias\n";
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
# check trust. We only include certificates that are trusted for identifying
|
||||||
|
# web sites
|
||||||
|
my $trust = $trusts{$alias};
|
||||||
|
my @addtrust;
|
||||||
|
my @addtrust_openssl;
|
||||||
|
my $trusted;
|
||||||
|
if ($output_trustbits) {
|
||||||
|
for my $type (keys %trust_types) {
|
||||||
|
if (exists $trust->{$type}
|
||||||
|
&& $trust->{$type} eq 'CKT_NETSCAPE_TRUSTED_DELEGATOR') {
|
||||||
|
push @addtrust, $trust_types{$type};
|
||||||
|
if (exists $openssl_trust{$type}) {
|
||||||
|
push @addtrust_openssl, $openssl_trust{$type};
|
||||||
|
}
|
||||||
|
$trusted = 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if($trust->{'CKA_TRUST_SERVER_AUTH'} eq 'CKT_NETSCAPE_TRUSTED_DELEGATOR') {
|
||||||
|
$trusted = 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!$trusted) {
|
||||||
|
my $t = $trust->{'CKA_TRUST_SERVER_AUTH'};
|
||||||
|
$t =~ s/CKT_NETSCAPE_//;
|
||||||
|
print STDERR "$t: $alias\n";
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($alias =~ /\\x[0-9a-fA-F]{2}/) {
|
||||||
|
$alias =~ s/\\x([0-9a-fA-F]{2})/chr(hex($1))/ge; # thanks mls!
|
||||||
|
$alias = Encode::decode("UTF-8", $alias);
|
||||||
|
}
|
||||||
|
my $file = $alias;
|
||||||
|
$alias =~ s/'/-/g;
|
||||||
|
$file =~ s/[^[:alnum:]\\]+/_/g;
|
||||||
|
$file .= '.pem';
|
||||||
|
$file = Encode::encode("UTF-8", $file);
|
||||||
|
if (!open(O, '>', $file)) {
|
||||||
|
print STDERR "$file: $!\n";
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
print "$file\n" if $ENV{'VERBOSE'};
|
||||||
|
my $value = $cert->{'CKA_VALUE'};
|
||||||
|
my $enc = '';
|
||||||
|
$enc .= pack("C", oct($+)) while $value =~ /\G\\([0-3][0-7][0-7])/g;
|
||||||
|
if ($output_trustbits) {
|
||||||
|
print O "# alias=",Encode::encode("UTF-8", $alias),"\n";
|
||||||
|
print O "# trust=",join(" ", @addtrust),"\n";
|
||||||
|
if (@addtrust_openssl) {
|
||||||
|
print O "# openssl-trust=",join(" ", @addtrust_openssl),"\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
print O "-----BEGIN CERTIFICATE-----\n";
|
||||||
|
print O encode_base64($enc);
|
||||||
|
print O "-----END CERTIFICATE-----\n";
|
||||||
|
close O;
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user