updating ca-bundle.crt
am 02.02.2005 14:45:01 von Joe Orton--XsQoSWH+UP9D9v3l
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
There was some discussion on modssl-users a while back on this topic; we
had some concerns about extracting ca-bundle.crt directly from the
Mozilla CA list sources. But after discussing this with Frank Hecker
and some others there is agreement that there are no licensing issues
here really.
So, attached is a Perl script which regenerates ca-bundle.crt directly
from the Mozilla certdata.txt: Ralf, feel free to include this in
mod_ssl or just update the mod_ssl ca-bundle.crt using it ;)
joe
--XsQoSWH+UP9D9v3l
Content-Type: text/plain; charset=utf-8
Content-Disposition: attachment; filename="mkcabundle.pl"
#!/usr/bin/perl -w
#
# Used to regenerate ca-bundle.crt from the Mozilla certdata.txt.
# Run as ./mkcabundle.pl > ca-bundle.crt
#
my $cvsroot = ':pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot';
my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt';
open(IN, "cvs -d $cvsroot co -p $certdata|")
|| die "could not check out certdata.txt";
my $incert = 0;
print<
# Authorities. It was generated from the Mozilla root CA list.
#
# Source: $certdata
#
EOH
while (
if (/^CKA_VALUE MULTILINE_OCTAL/) {
$incert = 1;
open(OUT, "|openssl x509 -text -inform DER -fingerprint")
|| die "could not pipe to openssl x509";
} elsif (/^END/ && $incert) {
close(OUT);
$incert = 0;
print "\n\n";
} elsif ($incert) {
my @bs = split(/\\/);
foreach my $b (@bs) {
chomp $b;
printf(OUT "%c", oct($b)) unless $b eq '';
}
} elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
print "# Generated from certdata.txt RCS revision $1\n#\n";
}
}
--XsQoSWH+UP9D9v3l--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org