1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-18 07:25:14 -05:00
Commit Graph

33 Commits

Author SHA1 Message Date
Daniel Stenberg
3a0b64489f mk-ca-bundle: detect start of trust section better
Each certificate section of the input certdata.txt file has a trust
section following it with details.

This script failed to detect the start of the trust for at least one
cert[*], which made the script continue pass that section into the next
one where it found an 'untrusted' marker and as a result that certficate
was not included in the output.

[*] = "Hellenic Academic and Research Institutions RootCA 2011"

Bug: http://curl.haxx.se/mail/lib-2012-09/0019.html
2012-09-04 23:21:15 +02:00
Tim Heckman
f9bb5d2984 Revert "access the CA source file using HTTPS"
This reverts commit f7e2ab6.

This change caused fetching of the certificates to become unreliable.

Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html
Reported by: Tim Heckman
2012-04-04 23:54:02 +02:00
Daniel Stenberg
33d044a862 Revert "mk-ca-bundle.pl: use LWP::UserAgent for https"
This reverts commit 9f0e1689f1.

It turned out that "improvement" instead made the fetching of the
certificates unreliable

Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html
Reported by: Tim Heckman
2012-03-31 19:51:36 +02:00
John Joseph Bachir
9f0e1689f1 mk-ca-bundle.pl: use LWP::UserAgent with proper https verify behavior.
An alternative would be:

1. specify HTTPS_CA_DIR and/or HTTPS_CA_FILE
2. ensure that Net::SSL is being used, and IO::Socket::SSL is NOT being
   used

This question and answer explain:
http://stackoverflow.com/questions/74358/
2012-03-10 15:51:24 +01:00
John Joseph Bachir
f7e2ab629e access the CA source file using HTTPS 2012-03-10 15:50:27 +01:00
Guenter Knauf
cd3cf55b47 Also skip certs masked as CKT_NSS_TRUST_UNKNOWN.
Fix posted by Tomas Hoger <thoger redhat com>.
2011-09-20 12:05:31 +02:00
Guenter Knauf
d52f3eb598 Fixed final message output. 2011-09-04 22:05:32 +02:00
Guenter Knauf
809cde5416 Fix to skip untrusted certs. 2011-09-04 17:05:49 +02:00
Guenter Knauf
e84730948d Replaced var manipulations with perlish hacks. 2011-04-14 01:27:39 +02:00
Daniel Stenberg
23544f35fd mk-ca-bundle.pl: show full URL in output
When I decided to search for a potential error with the cacert bundle it
struck me I wanted to see the full source URL in the output...
2011-04-07 22:42:22 +02:00
Guenter Knauf
c37ad9e909 Increased script version. 2011-04-01 15:04:53 +02:00
Guenter Knauf
5eda4bf726 Make use of proxy vars if set.
Posted to the list by Quanah Gibson-Mount [quanah zimbra.com].
2011-04-01 14:58:36 +02:00
Guenter Knauf
e02c90dc19 Use var again instead of hard-coded filename. 2011-04-01 14:38:01 +02:00
Ask Bjørn Hansen
3e00af34c8 mk-ca-bundle.pl: Only download if modified
Only download and convert the certdata to the ca-bundle.crt if Mozilla
changed the data

The Perl LWP module (which in a bit of a circular reference is used by
mk-ca-bundle.pl) is now indirectly using this script. I made this small
tweak to make it easier to automatically maintain the generated
ca-bundle.crt file in version control.
2011-03-14 10:20:21 +01:00
Daniel Stenberg
ec7978c512 mk-ca-bundle.pl: use new cacert url
The official Mozilla page at
http://www.mozilla.org/projects/security/certs/ points out a new place
as the "proper" place to get Mozilla's CA certs from so this script is
now updated to use that instead.

Reported by: Daniel Mentz
2011-02-02 22:22:15 +01:00
Guenter Knauf
0fa4b41c2b Fixed script version which was still based on CVS Revision tag. 2010-07-22 04:29:54 +02:00
Daniel Stenberg
be28825b2d restore executable bits on some files 2010-03-24 11:07:35 +01:00
Daniel Stenberg
2309b4e330 remove the CVSish $Id$ lines 2010-03-24 11:02:54 +01:00
Yang Tse
a07bc79117 removed trailing whitespace 2010-02-14 19:40:18 +00:00
Gunter Knauf
b718283327 removed obsolete slash in URL. 2008-08-23 21:31:09 +00:00
Daniel Stenberg
f46d47239f revert accidental commit 2008-08-23 12:14:05 +00:00
Daniel Stenberg
13dc82b9d4 - Constantine Sapuntzakis fixed a bug when doing proxy CONNECT with the multi
interface, and the proxy would send Connection: close during the
  authentication phase.  http://curl.haxx.se/bug/view.cgi?id=2069047
2008-08-23 12:11:38 +00:00
Daniel Stenberg
81b64f69a5 use a more updated certdata.txt URL 2008-08-21 17:51:22 +00:00
Gunter Knauf
cfaf88aab4 fixed version var. 2008-02-15 00:41:54 +00:00
Gunter Knauf
ecc75be6f3 moved info block up before help block so that it can also be displayed before help option; trial to add a version number. 2008-02-15 00:26:26 +00:00
Gunter Knauf
019f6a1926 open pipe to openssl commandline instead of writing into temp file. 2008-02-11 18:52:45 +00:00
Gunter Knauf
df07c87b89 added strict to make sure all vars are properly defined;
added -t switch to make text info of CAs optional;
added -q switch to be really quiet.
2008-02-11 15:00:00 +00:00
Gunter Knauf
08e5c0812f added -b switch to provide a backup functionality for existing ca-bundle.crt file. 2008-02-10 01:29:24 +00:00
Gunter Knauf
a8c71961e0 fixed another wrong var in error message. 2008-02-09 15:32:54 +00:00
Gunter Knauf
63d595a047 fixed wrong var in error message. 2008-02-09 15:00:07 +00:00
Gunter Knauf
c764331dd9 use argument to specify output filename if present. 2008-02-08 02:38:12 +00:00
Gunter Knauf
586444b6b8 fixed regex to fetch certdata.txt version since it was replaced by CVS (argh!)
added a switch to display certdata.txt version header.
2008-02-08 01:58:11 +00:00
Gunter Knauf
d76a74cc5e added Perl script to create a fresh ca-bundle.crt. 2008-02-08 01:08:25 +00:00