1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 07:38:49 -05:00

mk-ca-bundle: Update the vbscript version

Bring the VBScript version more in line with the perl version:

- Change timestamp to UTC.

- Change URL retrieval to HTTPS-only by default.

- Comment out the options that disabled SSL cert checking by default.

- Assume OpenSSL is present, get SHA256. And add a flag to toggle it.

- Fix cert issuer name output.

The cert issuer output is now ansi, converted from UTF-8. Prior to this
it was corrupt UTF-8. It turns out though we can work with UTF-8 the
FSO object that writes ca-bundle can't write UTF-8, so there will have
to be some alternative if UTF-8 is needed (like an ADODB.Stream).

- Disable the certificate text info feature.

The certificate text info doesn't work properly with any recent OpenSSL.
This commit is contained in:
Jay Satiro 2016-10-25 03:17:26 -04:00
parent 4d7fc0a9bb
commit d2c6d1568e
2 changed files with 101 additions and 18 deletions

View File

@ -244,7 +244,8 @@ sub sha256 {
close(FILE);
} else {
# Use OpenSSL command if Perl Digest::SHA modules not available
$result = (split(/ |\r|\n/,`$openssl dgst -sha256 $_[0]`))[1];
$result = `"$openssl" dgst -r -sha256 "$_[0]"`;
$result =~ s/^([0-9a-f]{64}) .+/$1/is;
}
return $result;
}
@ -392,7 +393,7 @@ print CRT <<EOT;
##
## Bundle of CA Root Certificates
##
## Certificate data from Mozilla ${datesrc}: ${currentdate}
## Certificate data from Mozilla ${datesrc}: ${currentdate} GMT
##
## This is a bundle of X.509 certificates of public Certificate Authorities
## (CA). These were automatically extracted from Mozilla's root certificates

View File

@ -26,17 +26,20 @@
'* Hacked by Guenter Knauf
'***************************************************************************
Option Explicit
Const myVersion = "0.3.9"
Const myVersion = "0.4.0"
Const myUrl = "http://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt"
Const myUrl = "https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt"
Const myOpenssl = "openssl.exe"
Const myCdSavF = FALSE ' Flag: save downloaded data to file certdata.txt
Const myUseOpenSSL = TRUE ' Flag: set FALSE if openssl is not present
Const myCdSavF = TRUE ' Flag: save downloaded data to file certdata.txt
Const myCaBakF = TRUE ' Flag: backup existing ca-bundle certificate
Const myAskLiF = TRUE ' Flag: display certdata.txt license agreement
Const myAskTiF = TRUE ' Flag: ask to include certificate text info
Const myWrapLe = 76 ' Default length of base64 output lines
' cert info code doesn't work properly with any recent openssl, leave disabled.
Const myAskTiF = FALSE ' Flag: ask to include certificate text info
'******************* Nothing to configure below! *******************
Dim objShell, objNetwork, objFSO, objHttp
Dim myBase, mySelf, myFh, myTmpFh, myCdData, myCdFile, myCaFile, myTmpName, myBakNum, myOptTxt, i
@ -53,8 +56,12 @@ myTmpName = InputBox("Enter output filename:", mySelf, myCaFile)
If Not (myTmpName = "") Then
myCaFile = myTmpName
End If
' Lets ignore SSL invalid cert errors
objHttp.Option(4) = 256 + 512 + 4096 + 8192
If (myCdFile = "") Then
MsgBox("URL does not contain filename!"), vbCritical, mySelf
WScript.Quit 1
End If
' Uncomment the line below to ignore SSL invalid cert errors
' objHttp.Option(4) = 256 + 512 + 4096 + 8192
objHttp.SetTimeouts 0, 5000, 10000, 10000
objHttp.Open "GET", myUrl, FALSE
objHttp.setRequestHeader "User-Agent", WScript.ScriptName & "/" & myVersion
@ -63,15 +70,13 @@ If Not (objHttp.Status = 200) Then
MsgBox("Failed to download '" & myCdFile & "': " & objHttp.Status & " - " & objHttp.StatusText), vbCritical, mySelf
WScript.Quit 1
End If
' Write received data to file if enabled
If (myCdSavF = TRUE) Then
Call SaveBinaryData(myCdFile, objHttp.ResponseBody)
End If
' Convert data from ResponseBody instead of using ResponseText because of UTF-8
myCdData = ConvertBinaryData(objHttp.ResponseBody)
Set objHttp = Nothing
' Write received data to file if enabled
If (myCdSavF = TRUE) Then
Set myFh = objFSO.OpenTextFile(myCdFile, 2, TRUE)
myFh.Write myCdData
myFh.Close
End If
' Backup exitsing ca-bundle certificate file
If (myCaBakF = TRUE) Then
If objFSO.FileExists(myCaFile) Then
@ -104,20 +109,27 @@ myData = ""
myLines = Split(myCdData, vbLf, -1)
Set myFh = objFSO.OpenTextFile(myCaFile, 2, TRUE)
myFh.Write "##" & vbLf
myFh.Write "## " & myCaFile & " -- Bundle of CA Root Certificates" & vbLf
myFh.Write "## Bundle of CA Root Certificates" & vbLf
myFh.Write "##" & vbLf
myFh.Write "## Converted at: " & Now & vbLf
myFh.Write "## Certificate data from Mozilla as of: " & _
ConvertDateToString(LocalDateToUTC(Now)) & " GMT" & vbLf
myFh.Write "##" & vbLf
myFh.Write "## This is a bundle of X.509 certificates of public Certificate Authorities" & vbLf
myFh.Write "## (CA). These were automatically extracted from Mozilla's root certificates" & vbLf
myFh.Write "## file (certdata.txt). This file can be found in the mozilla source tree:" & vbLf
myFh.Write "## '/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt'" & vbLf
myFh.Write "## " & myUrl & vbLf
myFh.Write "##" & vbLf
myFh.Write "## It contains the certificates in PEM format and therefore" & vbLf
myFh.Write "## can be directly used with curl / libcurl / php_curl, or with" & vbLf
myFh.Write "## an Apache+mod_ssl webserver for SSL client authentication." & vbLf
myFh.Write "## Just configure this file as the SSLCACertificateFile." & vbLf
myFh.Write "##" & vbLf
myFh.Write "## Conversion done with mk-ca-bundle.vbs version " & myVersion & "." & vbLf
If (myCdSavF = TRUE) And (myUseOpenSSL = TRUE) Then
myFh.Write "## SHA256: " & FileSHA256(myCdFile) & vbLf
End If
myFh.Write "##" & vbLf & vbLf
myFh.Write vbLf
For i = 0 To UBound(myLines)
If InstrRev(myLines(i), "CKA_LABEL ") Then
@ -216,11 +228,24 @@ Function ConvertBinaryData(arrBytes)
objStream.Write arrBytes
objStream.Position = 0
objStream.Type = 2
objStream.Charset = "ascii"
objStream.Charset = "utf-8"
ConvertBinaryData = objStream.ReadText
Set objStream = Nothing
End Function
Function SaveBinaryData(filename, data)
Const adTypeBinary = 1
Const adSaveCreateOverWrite = 2
Dim objStream
Set objStream = CreateObject("ADODB.Stream")
objStream.Type = adTypeBinary
objStream.Open
objStream.Write data
objStream.SaveToFile filename, adSaveCreateOverWrite
objStream.Close
Set objStream = Nothing
End Function
Function RegExprFirst(SearchPattern, TheString)
Dim objRegExp, Matches ' create variables.
Set objRegExp = New RegExp ' create a regular expression.
@ -283,4 +308,61 @@ Function MyASC(OneChar)
If OneChar = "" Then MyASC = 0 Else MyASC = Asc(OneChar)
End Function
' Return the date in the same format as perl to match mk-ca-bundle.pl output:
' Wed Sep 7 03:12:05 2016
Function ConvertDateToString(input)
Dim output
output = WeekDayName(WeekDay(input), TRUE) & " " & _
MonthName(Month(input), TRUE) & " "
If (Len(Day(input)) = 1) Then
output = output & " "
End If
output = output & _
Day(input) & " " & _
FormatDateTime(input, vbShortTime) & ":"
If (Len(Second(input)) = 1) Then
output = output & "0"
End If
output = output & _
Second(input) & " " & _
Year(input)
ConvertDateToString = output
End Function
' Convert local Date to UTC. Microsoft says:
' Use Win32_ComputerSystem CurrentTimeZone property, because it automatically
' adjusts the Time Zone bias for daylight saving time; Win32_Time Zone Bias
' property does not.
' https://msdn.microsoft.com/en-us/library/windows/desktop/ms696015.aspx
Function LocalDateToUTC(localdate)
Dim item, offset
For Each item In GetObject("winmgmts:").InstancesOf("Win32_ComputerSystem")
offset = item.CurrentTimeZone ' the offset in minutes
Next
If (offset < 0) Then
LocalDateToUTC = DateAdd("n", ABS(offset), localdate)
Else
LocalDateToUTC = DateAdd("n", -ABS(offset), localdate)
End If
'objShell.PopUp LocalDateToUTC
End Function
Function FileSHA256(filename)
Dim cmd, rval, tmpOut, tmpFh
if (myUseOpenSSL = TRUE) Then
tmpOut = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName
cmd = """" & myOpenssl & """ dgst -r -sha256 -out """ & tmpOut & """ """ & filename & """"
rval = objShell.Run(cmd, 0, TRUE)
If Not (rval = 0) Then
MsgBox("Failed to get sha256 of """ & filename & """ with OpenSSL commandline!"), vbCritical, mySelf
objFSO.DeleteFile tmpOut, TRUE
WScript.Quit 3
End If
Set tmpFh = objFSO.OpenTextFile(tmpOut, 1)
FileSHA256 = RegExprFirst("^([0-9a-f]{64}) .+", tmpFh.ReadAll)
tmpFh.Close
objFSO.DeleteFile tmpOut, TRUE
Else
FileSHA256 = ""
End If
End Function