moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity
15,573 Commits 10 Branches 144 Tags 113 MiB
Commit Graph

33 Commits

Author SHA1 Message Date
Daniel Stenberg 3a0b64489f mk-ca-bundle: detect start of trust section better 
Each certificate section of the input certdata.txt file has a trust
section following it with details.

This script failed to detect the start of the trust for at least one
cert[*], which made the script continue pass that section into the next
one where it found an 'untrusted' marker and as a result that certficate
was not included in the output.

[*] = "Hellenic Academic and Research Institutions RootCA 2011"

Bug: http://curl.haxx.se/mail/lib-2012-09/0019.html
 2012-09-04 23:21:15 +02:00
Tim Heckman f9bb5d2984 Revert "access the CA source file using HTTPS" 
This reverts commit f7e2ab6.

This change caused fetching of the certificates to become unreliable.

Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html
Reported by: Tim Heckman
 2012-04-04 23:54:02 +02:00
Daniel Stenberg 33d044a862 Revert "mk-ca-bundle.pl: use LWP::UserAgent for https" 
This reverts commit 9f0e1689f1.

It turned out that "improvement" instead made the fetching of the
certificates unreliable

Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html
Reported by: Tim Heckman
 2012-03-31 19:51:36 +02:00
John Joseph Bachir 9f0e1689f1 mk-ca-bundle.pl: use LWP::UserAgent with proper https verify behavior. 
An alternative would be:

1. specify HTTPS_CA_DIR and/or HTTPS_CA_FILE
2. ensure that Net::SSL is being used, and IO::Socket::SSL is NOT being
   used

This question and answer explain:
http://stackoverflow.com/questions/74358/
 2012-03-10 15:51:24 +01:00
John Joseph Bachir f7e2ab629e access the CA source file using HTTPS 2012-03-10 15:50:27 +01:00
Guenter Knauf cd3cf55b47 Also skip certs masked as CKT_NSS_TRUST_UNKNOWN. 
Fix posted by Tomas Hoger <thoger redhat com>.
 2011-09-20 12:05:31 +02:00
Guenter Knauf d52f3eb598 Fixed final message output. 2011-09-04 22:05:32 +02:00
Guenter Knauf 809cde5416 Fix to skip untrusted certs. 2011-09-04 17:05:49 +02:00
Guenter Knauf e84730948d Replaced var manipulations with perlish hacks. 2011-04-14 01:27:39 +02:00
Daniel Stenberg 23544f35fd mk-ca-bundle.pl: show full URL in output 
When I decided to search for a potential error with the cacert bundle it
struck me I wanted to see the full source URL in the output...
 2011-04-07 22:42:22 +02:00
Guenter Knauf c37ad9e909 Increased script version. 2011-04-01 15:04:53 +02:00
Guenter Knauf 5eda4bf726 Make use of proxy vars if set. 
Posted to the list by Quanah Gibson-Mount [quanah zimbra.com].
 2011-04-01 14:58:36 +02:00
Guenter Knauf e02c90dc19 Use var again instead of hard-coded filename. 2011-04-01 14:38:01 +02:00
Ask Bjørn Hansen 3e00af34c8 mk-ca-bundle.pl: Only download if modified 
Only download and convert the certdata to the ca-bundle.crt if Mozilla
changed the data

The Perl LWP module (which in a bit of a circular reference is used by
mk-ca-bundle.pl) is now indirectly using this script. I made this small
tweak to make it easier to automatically maintain the generated
ca-bundle.crt file in version control.
 2011-03-14 10:20:21 +01:00
Daniel Stenberg ec7978c512 mk-ca-bundle.pl: use new cacert url 
The official Mozilla page at
http://www.mozilla.org/projects/security/certs/ points out a new place
as the "proper" place to get Mozilla's CA certs from so this script is
now updated to use that instead.

Reported by: Daniel Mentz
 2011-02-02 22:22:15 +01:00
Guenter Knauf 0fa4b41c2b Fixed script version which was still based on CVS Revision tag. 2010-07-22 04:29:54 +02:00
Daniel Stenberg be28825b2d restore executable bits on some files 2010-03-24 11:07:35 +01:00
Daniel Stenberg 2309b4e330 remove the CVSish $Id$ lines 2010-03-24 11:02:54 +01:00
Yang Tse a07bc79117 removed trailing whitespace 2010-02-14 19:40:18 +00:00
Gunter Knauf b718283327 removed obsolete slash in URL. 2008-08-23 21:31:09 +00:00
Daniel Stenberg f46d47239f revert accidental commit 2008-08-23 12:14:05 +00:00
Daniel Stenberg 13dc82b9d4 - Constantine Sapuntzakis fixed a bug when doing proxy CONNECT with the multi 
interface, and the proxy would send Connection: close during the
  authentication phase.  http://curl.haxx.se/bug/view.cgi?id=2069047
 2008-08-23 12:11:38 +00:00
Daniel Stenberg 81b64f69a5 use a more updated certdata.txt URL 2008-08-21 17:51:22 +00:00
Gunter Knauf cfaf88aab4 fixed version var. 2008-02-15 00:41:54 +00:00
Gunter Knauf ecc75be6f3 moved info block up before help block so that it can also be displayed before help option; trial to add a version number. 2008-02-15 00:26:26 +00:00
Gunter Knauf 019f6a1926 open pipe to openssl commandline instead of writing into temp file. 2008-02-11 18:52:45 +00:00
Gunter Knauf df07c87b89 added strict to make sure all vars are properly defined; 
added -t switch to make text info of CAs optional;
added -q switch to be really quiet.
 2008-02-11 15:00:00 +00:00
Gunter Knauf 08e5c0812f added -b switch to provide a backup functionality for existing ca-bundle.crt file. 2008-02-10 01:29:24 +00:00
Gunter Knauf a8c71961e0 fixed another wrong var in error message. 2008-02-09 15:32:54 +00:00
Gunter Knauf 63d595a047 fixed wrong var in error message. 2008-02-09 15:00:07 +00:00
Gunter Knauf c764331dd9 use argument to specify output filename if present. 2008-02-08 02:38:12 +00:00
Gunter Knauf 586444b6b8 fixed regex to fetch certdata.txt version since it was replaced by CVS (argh!) 
added a switch to display certdata.txt version header.
 2008-02-08 01:58:11 +00:00
Gunter Knauf d76a74cc5e added Perl script to create a fresh ca-bundle.crt. 2008-02-08 01:08:25 +00:00