generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Simplify check for trusted certificates.

Browse Source 
This changes the previous check for untrusted certs to a check for
certs explicitely marked as trusted.
The change is backward-compatible (tested with certdata.txt v1.80).
This commit is contained in:
Guenter Knauf
2013-08-05 13:02:27 +02:00
parent 5d3cbde72e
commit 0ce410a629
2 changed files with 6 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/mk-ca-bundle.pl
View File

@@ -164,7 +164,7 @@ while (<TXT>) {
if ($start_of_cert && /^CKA_LABEL UTF8 \"(.*)\"/) {
$caname = $1;
}
my $untrusted = 0;
my $untrusted = 1;
if ($start_of_cert && /^CKA_VALUE MULTILINE_OCTAL/) {
my $data;
while (<TXT>) {
@@ -184,10 +184,8 @@ while (<TXT>) {
# now scan the trust part for untrusted certs
while (<TXT>) {
last if (/^#/);
if (/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_NOT_TRUSTED$/
or /^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_TRUST_UNKNOWN$/
or /^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_MUST_VERIFY_TRUST/) {
$untrusted = 1;
if (/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_TRUSTED_DELEGATOR$/) {
$untrusted = 0;
}
}
if ($untrusted) {