Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

www.xxx.con, curl post data lenght limit, www.xxx.con., Www.xxx.con, htaccess multiple authuserfile, www.xxxcon, wwwxxx100www, www...xxxcon, www.xxxcon, error 1025 mysql errno:150

Links

XODOX
Impressum

#1: updating ca-bundle.crt

Posted on 2005-02-02 14:45:01 by Joe Orton

--XsQoSWH+UP9D9v3l
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline

There was some discussion on modssl-users a while back on this topic; we
had some concerns about extracting ca-bundle.crt directly from the
Mozilla CA list sources. But after discussing this with Frank Hecker
and some others there is agreement that there are no licensing issues
here really.

So, attached is a Perl script which regenerates ca-bundle.crt directly
from the Mozilla certdata.txt: Ralf, feel free to include this in
mod_ssl or just update the mod_ssl ca-bundle.crt using it ;)

joe




--XsQoSWH+UP9D9v3l
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment; filename="mkcabundle.pl"

#!/usr/bin/perl -w
#
# Used to regenerate ca-bundle.crt from the Mozilla certdata.txt.
# Run as ./mkcabundle.pl > ca-bundle.crt
#

my $cvsroot = ':pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot';
my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt';

open(IN, "cvs -d $cvsroot co -p $certdata|")
|| die "could not check out certdata.txt";

my $incert = 0;

print<<EOH;
# This is a bundle of X.509 certificates of public Certificate
# Authorities. It was generated from the Mozilla root CA list.
#
# Source: $certdata
#
EOH

while (<IN>) {
if (/^CKA_VALUE MULTILINE_OCTAL/) {
$incert = 1;
open(OUT, "|openssl x509 -text -inform DER -fingerprint")
|| die "could not pipe to openssl x509";
} elsif (/^END/ && $incert) {
close(OUT);
$incert = 0;
print "\n\n";
} elsif ($incert) {
my @bs = split(/\\/);
foreach my $b (@bs) {
chomp $b;
printf(OUT "%c", oct($b)) unless $b eq '';
}
} elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
print "# Generated from certdata.txt RCS revision $1\n#\n";
}
}

--XsQoSWH+UP9D9v3l--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Report this message

#2: Re: updating ca-bundle.crt

Posted on 2005-07-06 10:27:43 by rse

On Wed, Feb 02, 2005, Joe Orton wrote:

> There was some discussion on modssl-users a while back on this topic; we
> had some concerns about extracting ca-bundle.crt directly from the
> Mozilla CA list sources. But after discussing this with Frank Hecker
> and some others there is agreement that there are no licensing issues
> here really.
>
> So, attached is a Perl script which regenerates ca-bundle.crt directly
> from the Mozilla certdata.txt: Ralf, feel free to include this in
> mod_ssl or just update the mod_ssl ca-bundle.crt using it ;)

Thanks, Joe. I'll include this script into mod_ssl 2.8.23 together
with its latest output.

Ralf S. Engelschall
rse@engelschall.com
www.engelschall.com

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Report this message