aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorGuenter Knauf <lists@gknw.net>2013-08-05 13:02:27 +0200
committerGuenter Knauf <lists@gknw.net>2013-08-05 13:02:27 +0200
commit0ce410a62970237823902b30fd851778f09dc089 (patch)
tree914e881482edd80d387779e8f75fb0c8268ccc45 /lib
parent5d3cbde72ece7d83c280492957a26e26ab4e5cca (diff)
Simplify check for trusted certificates.
This changes the previous check for untrusted certs to a check for certs explicitely marked as trusted. The change is backward-compatible (tested with certdata.txt v1.80).
Diffstat (limited to 'lib')
-rwxr-xr-xlib/mk-ca-bundle.pl8
-rwxr-xr-xlib/mk-ca-bundle.vbs8
2 files changed, 6 insertions, 10 deletions
diff --git a/lib/mk-ca-bundle.pl b/lib/mk-ca-bundle.pl
index 873f8fb77..1a9c85985 100755
--- a/lib/mk-ca-bundle.pl
+++ b/lib/mk-ca-bundle.pl
@@ -164,7 +164,7 @@ while (<TXT>) {
if ($start_of_cert && /^CKA_LABEL UTF8 \"(.*)\"/) {
$caname = $1;
}
- my $untrusted = 0;
+ my $untrusted = 1;
if ($start_of_cert && /^CKA_VALUE MULTILINE_OCTAL/) {
my $data;
while (<TXT>) {
@@ -184,10 +184,8 @@ while (<TXT>) {
# now scan the trust part for untrusted certs
while (<TXT>) {
last if (/^#/);
- if (/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_NOT_TRUSTED$/
- or /^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_TRUST_UNKNOWN$/
- or /^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_MUST_VERIFY_TRUST/) {
- $untrusted = 1;
+ if (/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_TRUSTED_DELEGATOR$/) {
+ $untrusted = 0;
}
}
if ($untrusted) {
diff --git a/lib/mk-ca-bundle.vbs b/lib/mk-ca-bundle.vbs
index a8b2358a1..d86807929 100755
--- a/lib/mk-ca-bundle.vbs
+++ b/lib/mk-ca-bundle.vbs
@@ -130,10 +130,8 @@ For i = 0 To UBound(myLines)
myInsideCert = FALSE
While (i < UBound(myLines)) And Not (myLines(i) = "#")
i = i + 1
- If (InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED") Or _
- InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUST_UNKNOWN") Or _
- InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST")) Then
- myUntrusted = TRUE
+ If InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR") Then
+ myUntrusted = FALSE
End If
Wend
If (myUntrusted = TRUE) Then
@@ -183,7 +181,7 @@ For i = 0 To UBound(myLines)
End If
If InstrRev(myLines(i), "CKA_VALUE MULTILINE_OCTAL") Then
myInsideCert = TRUE
- myUntrusted = FALSE
+ myUntrusted = TRUE
myData = ""
End If
If InstrRev(myLines(i), "***** BEGIN LICENSE BLOCK *****") Then