projects / ipfire-2.x.git / blame
| Commit | Line | Data |
|---|---|---|
| f0aa99fb AF |
1 | #!/bin/bash |
| 2 | ||
| 3 | set -e | |
| 4 | ||
| 5 | # Create file layout. | |
| 6 | mkdir -pv certs certs/legacy-default certs/legacy-disable | |
| f574f9ea | 7 | cp certdata.txt certs |
| f0aa99fb AF |
8 | cd certs |
| 9 | ||
| 10 | python ../certdata2pem.py | |
| 11 | ||
| 12 | cd .. | |
| 13 | cat <<EOF > ca-bundle.crt | |
| 14 | # This is a bundle of X.509 certificates of public Certificate | |
| 15 | # Authorities. It was generated from the Mozilla root CA list. | |
| 16 | # | |
| 17 | # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt | |
| 18 | # | |
| 19 | EOF | |
| 20 | ||
| 21 | cat <<EOF > ca-bundle.trust.crt | |
| 22 | # This is a bundle of X.509 certificates of public Certificate | |
| 23 | # Authorities. It was generated from the Mozilla root CA list. | |
| 24 | # These certificates are in the OpenSSL "TRUSTED CERTIFICATE" | |
| 25 | # format and have trust bits set accordingly. | |
| 26 | # | |
| 27 | # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt | |
| 28 | # | |
| 29 | EOF | |
| 30 | ||
| 31 | for f in certs/*.crt; do | |
| 32 | [ -z "${f}" ] && continue | |
| 33 | ||
| 34 | tbits=$(sed -n '/^# openssl-trust/{s/^.*=//;p;}' ${f}) | |
| 35 | case "${tbits}" in | |
| 36 | *serverAuth*) | |
| 37 | openssl x509 -text -in "${f}" >> ca-bundle.crt | |
| 38 | ;; | |
| 39 | esac | |
| 40 | ||
| 41 | if [ -n "$tbits" ]; then | |
| 42 | targs="" | |
| 43 | for t in ${tbits}; do | |
| 44 | targs="${targs} -addtrust ${t}" | |
| 45 | done | |
| 46 | ||
| 47 | openssl x509 -text -in "${f}" -trustout $targs >> ca-bundle.trust.crt | |
| 48 | fi | |
| 49 | done | |
| 50 | ||
| 51 | exit 0 |