Simplify check for trusted certificates.

This changes the previous check for untrusted certs to a check for
certs explicitely marked as trusted.
The change is backward-compatible (tested with certdata.txt v1.80).
This commit is contained in:
Guenter Knauf 2013-08-05 13:02:27 +02:00
parent 5d3cbde72e
commit 0ce410a629
2 changed files with 6 additions and 10 deletions

View File

@ -164,7 +164,7 @@ while (<TXT>) {
if ($start_of_cert && /^CKA_LABEL UTF8 \"(.*)\"/) { if ($start_of_cert && /^CKA_LABEL UTF8 \"(.*)\"/) {
$caname = $1; $caname = $1;
} }
my $untrusted = 0; my $untrusted = 1;
if ($start_of_cert && /^CKA_VALUE MULTILINE_OCTAL/) { if ($start_of_cert && /^CKA_VALUE MULTILINE_OCTAL/) {
my $data; my $data;
while (<TXT>) { while (<TXT>) {
@ -184,10 +184,8 @@ while (<TXT>) {
# now scan the trust part for untrusted certs # now scan the trust part for untrusted certs
while (<TXT>) { while (<TXT>) {
last if (/^#/); last if (/^#/);
if (/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_NOT_TRUSTED$/ if (/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_TRUSTED_DELEGATOR$/) {
or /^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_TRUST_UNKNOWN$/ $untrusted = 0;
or /^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_MUST_VERIFY_TRUST/) {
$untrusted = 1;
} }
} }
if ($untrusted) { if ($untrusted) {

View File

@ -130,10 +130,8 @@ For i = 0 To UBound(myLines)
myInsideCert = FALSE myInsideCert = FALSE
While (i < UBound(myLines)) And Not (myLines(i) = "#") While (i < UBound(myLines)) And Not (myLines(i) = "#")
i = i + 1 i = i + 1
If (InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED") Or _ If InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR") Then
InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUST_UNKNOWN") Or _ myUntrusted = FALSE
InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST")) Then
myUntrusted = TRUE
End If End If
Wend Wend
If (myUntrusted = TRUE) Then If (myUntrusted = TRUE) Then
@ -183,7 +181,7 @@ For i = 0 To UBound(myLines)
End If End If
If InstrRev(myLines(i), "CKA_VALUE MULTILINE_OCTAL") Then If InstrRev(myLines(i), "CKA_VALUE MULTILINE_OCTAL") Then
myInsideCert = TRUE myInsideCert = TRUE
myUntrusted = FALSE myUntrusted = TRUE
myData = "" myData = ""
End If End If
If InstrRev(myLines(i), "***** BEGIN LICENSE BLOCK *****") Then If InstrRev(myLines(i), "***** BEGIN LICENSE BLOCK *****") Then