]>
git.ipfire.org Git - ipfire-2.x.git/blob - config/ca-certificates/build.sh
6 mkdir
-pv certs certs
/legacy-default certs
/legacy-disable
10 python ..
/certdata2pem.py
13 cat <<EOF > ca-bundle.crt
14 # This is a bundle of X.509 certificates of public Certificate
15 # Authorities. It was generated from the Mozilla root CA list.
17 # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
21 cat <<EOF > ca-bundle.trust.crt
22 # This is a bundle of X.509 certificates of public Certificate
23 # Authorities. It was generated from the Mozilla root CA list.
24 # These certificates are in the OpenSSL "TRUSTED CERTIFICATE"
25 # format and have trust bits set accordingly.
27 # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
31 for f
in certs
/*.crt
; do
32 [ -z "${f}" ] && continue
34 tbits
=$
(sed -n '/^# openssl-trust/{s/^.*=//;p;}' ${f})
37 openssl x509
-text -in "${f}" >> ca-bundle.crt
41 if [ -n "$tbits" ]; then
44 targs
="${targs} -addtrust ${t}"
47 openssl x509
-text -in "${f}" -trustout $targs >> ca-bundle.trust.crt