aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorGuenter Knauf <lists@gknw.net>2011-11-08 05:46:46 +0100
committerGuenter Knauf <lists@gknw.net>2011-11-08 05:46:46 +0100
commitfd765c627fc3d0e3d6dad033833b7f9eb82f2d4c (patch)
tree54f7f5adcd089829718d1b5da6ec524a29fef8ea /lib
parentc8ffb4049abee579a7c58166f54f2c43108a7b26 (diff)
Fix to skip untrusted certs.
Diffstat (limited to 'lib')
-rwxr-xr-xlib/mk-ca-bundle.vbs77
1 files changed, 46 insertions, 31 deletions
diff --git a/lib/mk-ca-bundle.vbs b/lib/mk-ca-bundle.vbs
index 39d2fbc6b..7fd74c176 100755
--- a/lib/mk-ca-bundle.vbs
+++ b/lib/mk-ca-bundle.vbs
@@ -26,7 +26,7 @@
'* Hacked by Guenter Knauf
'***************************************************************************
Option Explicit
-Const myVersion = "0.3.5"
+Const myVersion = "0.3.6"
Const myUrl = "http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1"
@@ -96,8 +96,10 @@ If (myAskTiF = TRUE) Then
End If
End If
' Process the received data
-Dim myLines, myPattern, myInsideCert, myInsideLicense, myLicenseText, myNumCerts
-Dim myLabel, myOctets, myData, myPem, myRev, j
+Dim myLines, myPattern, myInsideCert, myInsideLicense, myLicenseText, myNumCerts, myNumSkipped
+Dim myLabel, myOctets, myData, myPem, myRev, myUntrusted, j
+myNumSkipped = 0
+myNumCerts = 0
myData = ""
myLines = Split(myCdData, vbLf, -1)
Set myFh = objFSO.OpenTextFile(myCaFile, 2, TRUE)
@@ -109,7 +111,7 @@ myFh.Write "##" & vbLf
myFh.Write "## This is a bundle of X.509 certificates of public Certificate Authorities" & vbLf
myFh.Write "## (CA). These were automatically extracted from Mozilla's root certificates" & vbLf
myFh.Write "## file (certdata.txt). This file can be found in the mozilla source tree:" & vbLf
-myFh.Write "## '/mozilla/security/nss/lib/ckfw/builtins/certdata.txt'" & vbLf
+myFh.Write "## '/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt'" & vbLf
myFh.Write "##" & vbLf
myFh.Write "## It contains the certificates in PEM format and therefore" & vbLf
myFh.Write "## can be directly used with curl / libcurl / php_curl, or with" & vbLf
@@ -125,36 +127,46 @@ For i = 0 To UBound(myLines)
If (myInsideCert = TRUE) Then
If InstrRev(myLines(i), "END") Then
myInsideCert = FALSE
- myFh.Write myLabel & vbLf
- myFh.Write String(Len(myLabel), "=") & vbLf
- myPem = "-----BEGIN CERTIFICATE-----" & vbLf & _
- Base64Encode(myData) & vbLf & _
- "-----END CERTIFICATE-----" & vbLf
- If (myOptTxt = FALSE) Then
- myFh.Write myPem & vbLf
+ While (i < UBound(myLines)) And Not (myLines(i) = "#")
+ i = i + 1
+ If (InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED") Or _
+ InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUST_UNKNOWN")) Then
+ myUntrusted = TRUE
+ End If
+ Wend
+ If (myUntrusted = TRUE) Then
+ myNumSkipped = myNumSkipped + 1
Else
- Dim myCmd, myRval, myTmpIn, myTmpOut
- myTmpIn = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName
- myTmpOut = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName
- Set myTmpFh = objFSO.OpenTextFile(myTmpIn, 2, TRUE)
- myTmpFh.Write myPem
- myTmpFh.Close
- myCmd = myOpenssl & " x509 -md5 -fingerprint -text -inform PEM" & _
- " -in " & myTmpIn & " -out " & myTmpOut
- myRval = objShell.Run (myCmd, 0, TRUE)
- objFSO.DeleteFile myTmpIn, TRUE
- If Not (myRval = 0) Then
- MsgBox("Failed to process PEM cert with OpenSSL commandline!"), vbCritical, mySelf
+ myFh.Write myLabel & vbLf
+ myFh.Write String(Len(myLabel), "=") & vbLf
+ myPem = "-----BEGIN CERTIFICATE-----" & vbLf & _
+ Base64Encode(myData) & vbLf & _
+ "-----END CERTIFICATE-----" & vbLf
+ If (myOptTxt = FALSE) Then
+ myFh.Write myPem & vbLf
+ Else
+ Dim myCmd, myRval, myTmpIn, myTmpOut
+ myTmpIn = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName
+ myTmpOut = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName
+ Set myTmpFh = objFSO.OpenTextFile(myTmpIn, 2, TRUE)
+ myTmpFh.Write myPem
+ myTmpFh.Close
+ myCmd = myOpenssl & " x509 -md5 -fingerprint -text -inform PEM" & _
+ " -in " & myTmpIn & " -out " & myTmpOut
+ myRval = objShell.Run (myCmd, 0, TRUE)
+ objFSO.DeleteFile myTmpIn, TRUE
+ If Not (myRval = 0) Then
+ MsgBox("Failed to process PEM cert with OpenSSL commandline!"), vbCritical, mySelf
+ objFSO.DeleteFile myTmpOut, TRUE
+ WScript.Quit 3
+ End If
+ Set myTmpFh = objFSO.OpenTextFile(myTmpOut, 1)
+ myFh.Write myTmpFh.ReadAll & vbLf
+ myTmpFh.Close
objFSO.DeleteFile myTmpOut, TRUE
- WScript.Quit 3
End If
- Set myTmpFh = objFSO.OpenTextFile(myTmpOut, 1)
- myFh.Write myTmpFh.ReadAll & vbLf
- myTmpFh.Close
- objFSO.DeleteFile myTmpOut, TRUE
+ myNumCerts = myNumCerts + 1
End If
- myData = ""
- myNumCerts = myNumCerts + 1
Else
myOctets = Split(myLines(i), "\")
For j = 1 To UBound(myOctets)
@@ -169,6 +181,8 @@ For i = 0 To UBound(myLines)
End If
If InstrRev(myLines(i), "CKA_VALUE MULTILINE_OCTAL") Then
myInsideCert = TRUE
+ myUntrusted = FALSE
+ myData = ""
End If
If InstrRev(myLines(i), "***** BEGIN LICENSE BLOCK *****") Then
myInsideLicense = TRUE
@@ -191,7 +205,8 @@ For i = 0 To UBound(myLines)
End If
Next
myFh.Close
-objShell.PopUp "Done (" & myNumCerts & " CA certs processed).", 20, mySelf, vbInformation
+objShell.PopUp "Done (" & myNumCerts & " CA certs processed, " & myNumSkipped & _
+ " untrusted skipped).", 20, mySelf, vbInformation
WScript.Quit 0
Function ConvertBinaryData(arrBytes)