blob: 37c924f8333994ffd017fb76bc021e1e4a6fc979 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
:
eval 'exec perl -S $0 ${1+"$@"}'
if $running_under_some_shell;
##
## Generate the KDE CA list TDEConfig file
##
%CERT = ();
open(IDX, "<cert.index") || die;
while (<IDX>) {
if (m|^(\S+):\s+(.+)\s*$|) {
$CERT{$2} = $1;
}
}
close(IDX);
$date = `date`;
$date =~ s|\n$||;
open(BDL, ">ksslcalist") || die;
foreach $cert (sort(keys(%CERT))) {
$file = $CERT{$cert};
print STDERR "Bundling: $cert ($file)\n";
$pem = `openssl x509 -in $file -inform DER -outform PEM`;
$pem =~ s|[\n\r]||g;
$pem =~ s|-----BEGIN CERTIFICATE-----||;
$pem =~ s|-----END CERTIFICATE-----||;
$subj = `openssl x509 -in $file -inform DER -noout -subject`;
$_ = $subj;
# We don't trust this anymore, so we keep our own copy
if ( /TrustCenter/ ) {
continue;
}
if ( /[Oo]bject/ || /[Cc]ode/ ) {
$codeSubj = 1;
} else {
$codeSubj = 0;
}
$subj =~ s|\n$||;
$subj =~ s/^subject= //;
$purpose = `openssl x509 -in $file -inform DER -noout -purpose`;
print BDL "\n";
print BDL "[$subj]\n";
print BDL "x509=$pem\n";
#
$_ = $purpose;
if ( /server CA : Yes\n/ || /client CA : Yes\n/ || (/Any Purpose CA : Yes\n/ && (/client : Yes\n/ || /server : Yes\n/ ))) {
$v_site="true";
} else {
$v_site="false";
}
#
if ( /MIME signing CA : Yes\n/ || /MIME encryption CA : Yes\n/ ) {
$v_email="true";
} else {
$v_email="false";
}
#
if ( /Any Purpose CA : Yes\n/ && $codeSubj == 1) {
$v_code="true";
} else {
$v_code="false";
}
# are some certificates really broken?
if ($v_code == "false" && $v_email == "false") {
$v_site = "true";
}
print BDL "site=$v_site\n";
print BDL "email=$v_email\n";
print BDL "code=$v_code\n";
}
close(BDL);
|
