mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 15:48:49 -05:00
Skip more untrusted certificates.
Christian Heimes brought to our attention that the certdata.txt format has recently changed [1], causing ca-bundle.crt created with mk-ca-bundle.[pl|vbs] to include untrusted certs. [1] http://lists.debian.org/debian-release/2012/11/msg00411.html
This commit is contained in:
parent
6b27703b5f
commit
51f0b798fa
@ -40,7 +40,7 @@ my $url = 'http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/
|
||||
# If the OpenSSL commandline is not in search path you can configure it here!
|
||||
my $openssl = 'openssl';
|
||||
|
||||
my $version = '1.18';
|
||||
my $version = '1.19';
|
||||
|
||||
$opt_w = 76; # default base64 encoded lines length
|
||||
|
||||
@ -185,8 +185,9 @@ while (<TXT>) {
|
||||
while (<TXT>) {
|
||||
last if (/^#/);
|
||||
if (/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_NOT_TRUSTED$/
|
||||
or /^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_TRUST_UNKNOWN$/) {
|
||||
$untrusted = 1;
|
||||
or /^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_TRUST_UNKNOWN$/
|
||||
or /^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_MUST_VERIFY_TRUST/) {
|
||||
$untrusted = 1;
|
||||
}
|
||||
}
|
||||
if ($untrusted) {
|
||||
|
@ -26,7 +26,7 @@
|
||||
'* Hacked by Guenter Knauf
|
||||
'***************************************************************************
|
||||
Option Explicit
|
||||
Const myVersion = "0.3.7"
|
||||
Const myVersion = "0.3.8"
|
||||
|
||||
Const myUrl = "http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1"
|
||||
|
||||
@ -131,7 +131,8 @@ For i = 0 To UBound(myLines)
|
||||
While (i < UBound(myLines)) And Not (myLines(i) = "#")
|
||||
i = i + 1
|
||||
If (InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED") Or _
|
||||
InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUST_UNKNOWN")) Then
|
||||
InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUST_UNKNOWN") Or _
|
||||
InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST")) Then
|
||||
myUntrusted = TRUE
|
||||
End If
|
||||
Wend
|
||||
|
Loading…
Reference in New Issue
Block a user