Browse Source

a/ca-certificates: Added ca-certificates-20110325.

slackware-14.2
Damien Goutte-Gattat 11 years ago
parent
commit
0bc50671b9
  1. 95
      a/ca-certificates/ca-certificates.SlackBuild
  2. 35
      a/ca-certificates/certs/cacert.org/class3.crt
  3. 41
      a/ca-certificates/certs/cacert.org/root.crt
  4. 36
      a/ca-certificates/certs/incenp.org/dgg-ca.crt
  5. 5
      a/ca-certificates/certs/mozilla/blacklist.txt
  6. 17630
      a/ca-certificates/certs/mozilla/certdata.txt
  7. 126
      a/ca-certificates/certs/mozilla/certdata2pem.py
  8. 13
      a/ca-certificates/doinst.sh
  9. 12
      a/ca-certificates/slack-desc
  10. 21
      a/ca-certificates/update-certificates.sh

95
a/ca-certificates/ca-certificates.SlackBuild

@ -0,0 +1,95 @@
#!/bin/bash
# Build script for Slackware
# Copyright (C) 2011 Damien Goutte-Gattat
#
# Redistribution and use of this script, with or without modifications,
# is permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# Contact: Damien Goutte-Gattat <dgouttegattat@incenp.org>
# Build infos
NAMEPKG=${NAMEPKG:-ca-certificates}
VERSION=${VERSION:-20110325}
BUILD=${BUILD:-1GGD}
ARCH=noarch
EXT=${EXT:-txz}
# Directories
TMP=${TMP:-/tmp}
OUT=${OUT:-$TMP/build}
PKG=${PKG:-$OUT/$NAMEPKG}
CWD=$(pwd)
set -e # Quit if a command returns non-zero
# Sanity checks
if [ $UID -eq 0 ]; then
echo "You should NOT run this script as ROOT!"
exit 1
fi
if [ ! -d $TMP ]; then
echo "$TMP does not exists or is not a directory!"
exit 1
fi
# Prepare directories
mkdir -p $PKG/usr/share/ca-certificates $PKG/usr/sbin $PKG/etc
# Install Mozilla certificates
(
cp -r $CWD/certs/mozilla $PKG/usr/share/ca-certificates
cd $PKG/usr/share/ca-certificates/mozilla
python certdata2pem.py
rm -f certdata.txt blacklist.txt certdata2pem.py
)
# Install CAcert.org certificates
mkdir $PKG/usr/share/ca-certificates/cacert.org
cat $CWD/certs/cacert.org/root.crt $CWD/certs/cacert.org/class3.crt \
> $PKG/usr/share/ca-certificates/cacert.org/cacert.org.crt
# Install my own certificate
install -m 644 -D $CWD/certs/incenp.org/dgg-ca.crt \
$PKG/usr/share/ca-certificates/incenp.org/dgg-ca.crt
# Install update script
install -m 755 $CWD/update-certificates.sh $PKG/usr/sbin/update-certs
# Create and install config files
(
cd $PKG/usr/share/ca-certificates
find . -type f | cut -c3- > $PKG/etc/ca-certificates.conf.new
)
# Copy slack-desc and doinst.sh files
install -D -m 644 $CWD/slack-desc $PKG/install/slack-desc
install -m 755 $CWD/doinst.sh $PKG/install/doinst.sh
# Package the tree
cd $PKG
mkdir -p $OUT
PACKAGING="
chown root:root . -R
/sbin/makepkg -l y -c n $OUT/$NAMEPKG-$VERSION-$ARCH-$BUILD.$EXT
rm -rf $PKG
"
if type -p fakeroot ; then
echo "$PACKAGING" | fakeroot
else
su -c "$PACKAGING"
fi

35
a/ca-certificates/certs/cacert.org/class3.crt

@ -0,0 +1,35 @@
-----BEGIN CERTIFICATE-----
MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS
BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v
cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9
4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB
Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J
0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ
FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx
bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q
SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb
6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV
m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g
eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG
kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7
6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG
CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc
aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB
gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w
aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6
tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0
nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M
77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV
Bc/dLq4+gmF78CEQGPZE6lM5+dzQmiDgxrvgu1pPxJnIB721vaLbLmINQjRBvP+L
ivVRIqqIMADisNS8vmW61QNXeZvo3MhN+FDtkaVSKKKs+zZYPumUK5FQhxvWXtaM
zPcPEAxSTtAWYeXlCmy/F8dyRlecmPVsYGN6b165Ti/Iubm7aoW8mA3t+T6XhDSU
rgCvoeXnkm5OvfPi2RSLXNLrAWygF6UtEOucekq9ve7O/e0iQKtwOIj1CodqwqsF
YMlIBdpTwd5Ed2qz8zw87YC8pjhKKSRf/lk7myV6VmMAZLldpGJ9VzZPrYPvH5JT
oI53V93lYRE9IwCQTDz6o2CTBKOvNfYOao9PSmCnhQVsRqGP9Md246FZV/dxssRu
FFxtbUFm3xuTsdQAw+7Lzzw9IYCpX2Nl/N3gX6T0K/CFcUHUZyX7GrGXrtaZghNB
0m6lG5kngOcLqagA
-----END CERTIFICATE-----

41
a/ca-certificates/certs/cacert.org/root.crt

@ -0,0 +1,41 @@
-----BEGIN CERTIFICATE-----
MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
-----END CERTIFICATE-----

36
a/ca-certificates/certs/incenp.org/dgg-ca.crt

@ -0,0 +1,36 @@
-----BEGIN CERTIFICATE-----
MIIGWjCCBEKgAwIBAgIJANTVbQd//ACTMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
BAYTAkZSMREwDwYDVQQHEwhHcmVub2JsZTELMAkGA1UECxMCQ0ExDzANBgNVBAMT
BkRHRyBDQTEgMB4GCSqGSIb3DQEJARYRZGdnLWNhQGluY2VucC5vcmcwHhcNMTAx
MDI4MTE1NjI5WhcNMjAxMDI1MTE1NjI5WjBgMQswCQYDVQQGEwJGUjERMA8GA1UE
BxMIR3Jlbm9ibGUxCzAJBgNVBAsTAkNBMQ8wDQYDVQQDEwZER0cgQ0ExIDAeBgkq
hkiG9w0BCQEWEWRnZy1jYUBpbmNlbnAub3JnMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEA6Z7Ah52RF6Lbtb8TQhnjFFGqIcJmgSx6ahCa8DDRAuY+qO2m
uhOrwiyBE1kD4iO3G+yvDpzz9IjSKYUFw4Ec65qPKh4uI442O7axQXTvT33eBsB4
zsjSK4VD5R0JDNN30MuiwDpEnIZAO4o57Vd7x/6mzf2L1Gk79EYb/dqFjlqGb5dE
zzgl7iPDSPsS/2vjm6Kp0Zi8Kr6ZCIPzRDERVHcVmBA5xu9/SNKH2iG29wC5OP+b
YosUeHWjd0ctOvj6IMJvv4ptmP74XgvPYlHNFuhchxrXOgKWkT40zDOLQ/32Xyvh
ru2OYegpLrwmuUCiFYVc0FCSlvCBvHGTJPo8+jzuch2SX5UZnXU9QtEZMaS4YuNY
fbQfRs6o6qBFPJ/VlMDfPm6EyhWpg+M/c9lhmAkt8FIqHsXtH5BD+AhHer+VlFso
eC/weUSLYQmh8Owv6U7hsa+R26OVCcWp62c+q9qmzEA9L7m3JVqhW3WDyda9S9Jz
8ftA3XDNUNI7hkdhlQwYGM2wz1KsXDdyWEII5WIZ+ejCxemAkCTASKp466Lk+Ml9
WYOwTbBaMzKpAHTRNyhweTwXvrZHaFVrTQIwhom2XRp9EVC65aqdvCa0hQnHUtHD
fQOyHdtb/EC2HEB2ZmX79xN4ITr62WS5HAwH1qgWmNTVM97hbyMerkHfDjcCAwEA
AaOCARUwggERMB0GA1UdDgQWBBQZzc4f5C/fQKQEeMcujB+jaoH0RDCBkgYDVR0j
BIGKMIGHgBQZzc4f5C/fQKQEeMcujB+jaoH0RKFkpGIwYDELMAkGA1UEBhMCRlIx
ETAPBgNVBAcTCEdyZW5vYmxlMQswCQYDVQQLEwJDQTEPMA0GA1UEAxMGREdHIENB
MSAwHgYJKoZIhvcNAQkBFhFkZ2ctY2FAaW5jZW5wLm9yZ4IJANTVbQd//ACTMA8G
A1UdEwEB/wQFMAMBAf8wEQYJYIZIAYb4QgEBBAQDAgAHMAkGA1UdEgQCMAAwHAYD
VR0RBBUwE4ERZGdnLWNhQGluY2VucC5vcmcwDgYDVR0PAQH/BAQDAgEGMA0GCSqG
SIb3DQEBBQUAA4ICAQByxzy+5tvejkzUgLRxAgNHA37aLgjcpPJCGNnHmAl/BtxB
Qo0Sa6S5OZynv2eDb7W9Cjny+Es0UabeoxdHPKWi/DY7/xLAkB8Ccw97tFHI9ONT
gmUvo2u/JulNcTWLU6cHFFoAZ717Z0Ne+EU/X2ZNZH9Jdw3gLYI1iu/INGFmQ/hR
8DUthJjoGXKAqR/yCqHtrKHPMcmo7t+smYrvLzD8P58+QfyzSerQTOoLTWu+SsaN
g0hTLiwf+0jS53qF0ledm6L05ksLx1N6e6N/2Bzk+2lbONy7st7q3MZrlI+UKVE2
QfDf7waGwro/H80wzFwM7LQ754dDR5YC5Wde57JzBmJpIN0gYrsadzwOwO/lOmCv
o7Umor1kz8Lp0x2bN3WOFw3eXeoEf69vkXwBR2CtnWmB1X46j6piI22jDPpc4cTD
FNe8OjAXym4j5z6XQN8KSxVbmt9f8LHsBUv7rrjnvcRvPT36/neuCZgG4nubEGxi
jSiGf3+tPFWVIrHcNL+kxZLEoXX6+Ga6JJPa6h/nBCjX39yxgNjd/2sf1JIbr5fn
ryh5rgdJseN0+/vNJRc6Zv2gaGaVImyBwDEaSiyd4BXuFr2P3zO2DU+l02mgeGcU
JylsFljW2bX9ctGXuUCZOHvI+H6urc3XVam5Anc463N+SdzeOXBhHYBEFzXbUg==
-----END CERTIFICATE-----

5
a/ca-certificates/certs/mozilla/blacklist.txt

@ -0,0 +1,5 @@
# One blacklist entry per line, corresponding to the label in certdata.txt.
# MD5 Collision Proof of Concept CA
"MD5 Collisions Forged Rogue CA 25c3"

17630
a/ca-certificates/certs/mozilla/certdata.txt

File diff suppressed because it is too large Load Diff

126
a/ca-certificates/certs/mozilla/certdata2pem.py

@ -0,0 +1,126 @@
#!/usr/bin/python
# vim:set et sw=4:
#
# certdata2pem.py - splits certdata.txt into multiple files
#
# Copyright (C) 2009 Philipp Kern <pkern@debian.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,
# USA.
import base64
import os.path
import re
import sys
import textwrap
objects = []
# Dirty file parser.
in_data, in_multiline, in_obj = False, False, False
field, type, value, obj = None, None, None, dict()
for line in open('certdata.txt', 'r'):
# Ignore the file header.
if not in_data:
if line.startswith('BEGINDATA'):
in_data = True
continue
# Ignore comment lines.
if line.startswith('#'):
continue
# Empty lines are significant if we are inside an object.
if in_obj and len(line.strip()) == 0:
objects.append(obj)
obj = dict()
in_obj = False
continue
if len(line.strip()) == 0:
continue
if in_multiline:
if not line.startswith('END'):
if type == 'MULTILINE_OCTAL':
line = line.strip()
for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
value += chr(int(i.group(1), 8))
else:
value += line
continue
obj[field] = value
in_multiline = False
continue
if line.startswith('CKA_CLASS'):
in_obj = True
line_parts = line.strip().split(' ', 2)
if len(line_parts) > 2:
field, type = line_parts[0:2]
value = ' '.join(line_parts[2:])
elif len(line_parts) == 2:
field, type = line_parts
value = None
else:
raise NotImplementedError, 'line_parts < 2 not supported.'
if type == 'MULTILINE_OCTAL':
in_multiline = True
value = ""
continue
obj[field] = value
if len(obj.items()) > 0:
objects.append(obj)
# Read blacklist.
blacklist = []
if os.path.exists('blacklist.txt'):
for line in open('blacklist.txt', 'r'):
line = line.strip()
if line.startswith('#') or len(line) == 0:
continue
item = line.split('#', 1)[0].strip()
blacklist.append(item)
# Build up trust database.
trust = dict()
for obj in objects:
if obj['CKA_CLASS'] != 'CKO_NETSCAPE_TRUST':
continue
if obj['CKA_LABEL'] in blacklist:
print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR':
trust[obj['CKA_LABEL']] = True
elif obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR':
trust[obj['CKA_LABEL']] = True
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_UNTRUSTED':
print '!'*74
print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']
print '!'*74
else:
print "Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \
(obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'],
obj['CKA_TRUST_EMAIL_PROTECTION'])
for obj in objects:
if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
continue
fname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
.replace(' ', '_')\
.replace('(', '=')\
.replace(')', '=')\
.replace(',', '_') + '.crt'
f = open(fname, 'w')
f.write("-----BEGIN CERTIFICATE-----\n")
f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
f.write("\n-----END CERTIFICATE-----\n")

13
a/ca-certificates/doinst.sh

@ -0,0 +1,13 @@
#!/bin/sh
config()
{
NEW="$1"
OLD="`dirname $NEW`/`basename $NEW .new`"
if [ ! -r $OLD ]; then
mv $NEW $OLD
elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then
rm $NEW
fi
}
config etc/ca-certificates.conf.new

12
a/ca-certificates/slack-desc

@ -0,0 +1,12 @@
|-----handy-ruler----------------------------------------------|
ca-certificates: ca-certificates (common root CA certificates)
ca-certificates:
ca-certificates: This package installs a set of commonly recognized root CA
ca-certificates: certificates. It is of Debian inspiration (yeah, Debian
ca-certificates: rules).
ca-certificates:
ca-certificates:
ca-certificates:
ca-certificates:
ca-certificates:
ca-certificates:

21
a/ca-certificates/update-certificates.sh

@ -0,0 +1,21 @@
#!/bin/sh
config_file=/etc/ca-certificates.conf
ca_dirs=/usr/share/ca-certificates:/usr/local/share/ca-certificates
target_dir=/etc/ssl/certs
# Delete existing files
find $target_dir -type l -exec rm {} \;
rm -f $target_dir/bundle.ca
# Create symlinks to trusted certificates
cd $target_dir
grep -v ^# $config_file | while read cert ; do
for dir in $(echo $ca_dirs | tr ':' ' ') ; do
[ -f $dir/$cert ] && ln -f -s $dir/$cert "$(basename $cert crt)pem"
done
done
c_rehash .
# Create bundled file
cat *.pem > bundle.ca
Loading…
Cancel
Save