aboutsummaryrefslogtreecommitdiff
path: root/lib/mk-ca-bundle.vbs
AgeCommit message (Collapse)Author
2016-10-30mk-ca-bundle.vbs: Fix UTF-8 outputJay Satiro
- Change initial message box to mention delay when downloading/parsing. Since there is no progress meter it was somewhat unexpected that after choosing a filename nothing appears to happen, when actually the cert data is in the process of being downloaded and parsed. - Warn if OpenSSL is not present. - Use a UTF-8 stream to make the ca-bundle data. - Save the UTF-8 ca-bundle stream as binary so that no BOM is added. --- This is a follow-up to d2c6d15 which switched mk-ca-bundle.vbs output to ANSI due to corrupt UTF-8 output, now fixed. This change completes making the default certificate bundle output of mk-ca-bundle.vbs as close as possible to that of mk-ca-bundle.pl, which should make it easier to review any difference between their output. Ref: https://github.com/curl/curl/pull/1012
2016-10-25mk-ca-bundle: Update the vbscript versionJay Satiro
Bring the VBScript version more in line with the perl version: - Change timestamp to UTC. - Change URL retrieval to HTTPS-only by default. - Comment out the options that disabled SSL cert checking by default. - Assume OpenSSL is present, get SHA256. And add a flag to toggle it. - Fix cert issuer name output. The cert issuer output is now ansi, converted from UTF-8. Prior to this it was corrupt UTF-8. It turns out though we can work with UTF-8 the FSO object that writes ca-bundle can't write UTF-8, so there will have to be some alternative if UTF-8 is needed (like an ADODB.Stream). - Disable the certificate text info feature. The certificate text info doesn't work properly with any recent OpenSSL.
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2014-11-18mk-ca-bundle.vbs: update copyright year.Guenter Knauf
2014-11-07mk-ca-bundle.vbs: switch to new certdata.txt url.Guenter Knauf
2013-08-05Simplify check for trusted certificates.Guenter Knauf
This changes the previous check for untrusted certs to a check for certs explicitely marked as trusted. The change is backward-compatible (tested with certdata.txt v1.80).
2013-08-04Skip more untrusted certificates.Guenter Knauf
Christian Heimes brought to our attention that the certdata.txt format has recently changed [1], causing ca-bundle.crt created with mk-ca-bundle.[pl|vbs] to include untrusted certs. [1] http://lists.debian.org/debian-release/2012/11/msg00411.html
2013-04-04Updated copyright date.Guenter Knauf
2013-04-04Added a cont to specify base64 line wrap.Guenter Knauf
2011-11-08Fix to skip untrusted certs.Guenter Knauf
2011-02-03mk-ca-bundle.vbs: use new cacert urlGuenter Knauf
The official Mozilla page at http://www.mozilla.org/projects/security/certs/ points out a new place as the "proper" place to get Mozilla's CA certs from so this script is now updated to use that instead. Reported by: Daniel Mentz
2010-08-20Added mk-ca-bundle.vbs script.Guenter Knauf
The script works exactly same as the Perl one except for one thing: when the text descriptions generated with openssl are included then the md5 fingerprints are missing; seems openssl has either a bug or a feature which prints the md5 fingerprint output to stdout instead of writing them to specified file; this script could here do the same as what the Perl scripr does (redirect stdout into file) but this makes the script take up double the time because it needs to launch cmd.exe 140 times (fo each openssl call). So I think for now we just ommit the md5 fingerprints, and see if openssl will be fixed.