Fix to skip untrusted certs.

lib/mk-ca-bundle.vbs

@@ -26,7 +26,7 @@
 '* Hacked by Guenter Knauf
 '***************************************************************************
 Option Explicit
-Const myVersion = "0.3.5"
+Const myVersion = "0.3.6"
 
 Const myUrl = "http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1"
 
@@ -96,8 +96,10 @@ If (myAskTiF = TRUE) Then
   End If
 End If
 ' Process the received data
-Dim myLines, myPattern, myInsideCert, myInsideLicense, myLicenseText, myNumCerts
+Dim myLines, myPattern, myInsideCert, myInsideLicense, myLicenseText, myNumCerts, myNumSkipped
-Dim myLabel, myOctets, myData, myPem, myRev, j
+Dim myLabel, myOctets, myData, myPem, myRev, myUntrusted, j
+myNumSkipped = 0
+myNumCerts = 0
 myData = ""
 myLines = Split(myCdData, vbLf, -1)
 Set myFh = objFSO.OpenTextFile(myCaFile, 2, TRUE)
@@ -109,7 +111,7 @@ myFh.Write "##" & vbLf
 myFh.Write "## This is a bundle of X.509 certificates of public Certificate Authorities" & vbLf
 myFh.Write "## (CA). These were automatically extracted from Mozilla's root certificates" & vbLf
 myFh.Write "## file (certdata.txt).  This file can be found in the mozilla source tree:" & vbLf
-myFh.Write "## '/mozilla/security/nss/lib/ckfw/builtins/certdata.txt'" & vbLf
+myFh.Write "## '/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt'" & vbLf
 myFh.Write "##" & vbLf
 myFh.Write "## It contains the certificates in PEM format and therefore" & vbLf
 myFh.Write "## can be directly used with curl / libcurl / php_curl, or with" & vbLf
@@ -125,6 +127,16 @@ For i = 0 To UBound(myLines)
   If (myInsideCert = TRUE) Then
     If InstrRev(myLines(i), "END") Then
       myInsideCert = FALSE
+      While (i < UBound(myLines)) And Not (myLines(i) = "#")
+        i = i + 1
+        If (InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED") Or _
+           InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUST_UNKNOWN")) Then
+          myUntrusted = TRUE
+        End If
+      Wend
+      If (myUntrusted = TRUE) Then
+        myNumSkipped = myNumSkipped + 1
+      Else
         myFh.Write myLabel & vbLf
         myFh.Write String(Len(myLabel), "=") & vbLf
         myPem = "-----BEGIN CERTIFICATE-----" & vbLf & _
@@ -153,8 +165,8 @@ For i = 0 To UBound(myLines)
           myTmpFh.Close
           objFSO.DeleteFile myTmpOut, TRUE
         End If
-      myData = ""
         myNumCerts = myNumCerts + 1
+      End If
     Else
       myOctets = Split(myLines(i), "\")
       For j = 1 To UBound(myOctets)
@@ -169,6 +181,8 @@ For i = 0 To UBound(myLines)
   End If
   If InstrRev(myLines(i), "CKA_VALUE MULTILINE_OCTAL") Then
     myInsideCert = TRUE
+    myUntrusted = FALSE
+    myData = ""
   End If
   If InstrRev(myLines(i), "***** BEGIN LICENSE BLOCK *****") Then
     myInsideLicense = TRUE
@@ -191,7 +205,8 @@ For i = 0 To UBound(myLines)
   End If
 Next
 myFh.Close
-objShell.PopUp "Done (" & myNumCerts & " CA certs processed).", 20, mySelf, vbInformation
+objShell.PopUp "Done (" & myNumCerts & " CA certs processed, " & myNumSkipped & _
+               " untrusted skipped).", 20, mySelf, vbInformation
 WScript.Quit 0
 
 Function ConvertBinaryData(arrBytes)