]>
Commit | Line | Data |
---|---|---|
f0aa99fb AF |
1 | #!/bin/bash |
2 | ||
3 | set -e | |
4 | ||
5 | # Create file layout. | |
6 | mkdir -pv certs certs/legacy-default certs/legacy-disable | |
f574f9ea | 7 | cp certdata.txt certs |
f0aa99fb AF |
8 | cd certs |
9 | ||
10 | python ../certdata2pem.py | |
11 | ||
12 | cd .. | |
13 | cat <<EOF > ca-bundle.crt | |
14 | # This is a bundle of X.509 certificates of public Certificate | |
15 | # Authorities. It was generated from the Mozilla root CA list. | |
16 | # | |
17 | # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt | |
18 | # | |
19 | EOF | |
20 | ||
21 | cat <<EOF > ca-bundle.trust.crt | |
22 | # This is a bundle of X.509 certificates of public Certificate | |
23 | # Authorities. It was generated from the Mozilla root CA list. | |
24 | # These certificates are in the OpenSSL "TRUSTED CERTIFICATE" | |
25 | # format and have trust bits set accordingly. | |
26 | # | |
27 | # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt | |
28 | # | |
29 | EOF | |
30 | ||
31 | for f in certs/*.crt; do | |
32 | [ -z "${f}" ] && continue | |
33 | ||
34 | tbits=$(sed -n '/^# openssl-trust/{s/^.*=//;p;}' ${f}) | |
35 | case "${tbits}" in | |
36 | *serverAuth*) | |
37 | openssl x509 -text -in "${f}" >> ca-bundle.crt | |
38 | ;; | |
39 | esac | |
40 | ||
41 | if [ -n "$tbits" ]; then | |
42 | targs="" | |
43 | for t in ${tbits}; do | |
44 | targs="${targs} -addtrust ${t}" | |
45 | done | |
46 | ||
47 | openssl x509 -text -in "${f}" -trustout $targs >> ca-bundle.trust.crt | |
48 | fi | |
49 | done | |
50 | ||
51 | exit 0 |