|
30 | 30 | # dependency is the OpenSSL commandline tool for optional text listing. |
31 | 31 | # Hacked by Guenter Knauf. |
32 | 32 | # |
| 33 | +use File::Basename 'dirname'; |
33 | 34 | use Getopt::Std; |
34 | 35 | use MIME::Base64; |
35 | | -use LWP::UserAgent; |
36 | 36 | use strict; |
37 | | -use vars qw($opt_b $opt_f $opt_h $opt_i $opt_l $opt_n $opt_q $opt_t $opt_u $opt_v $opt_w); |
| 37 | +use vars qw($opt_h $opt_i $opt_l $opt_q $opt_t $opt_v $opt_w); |
38 | 38 |
|
39 | 39 | my $url = 'http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1'; |
40 | 40 | # If the OpenSSL commandline is not in search path you can configure it here! |
41 | 41 | my $openssl = 'openssl'; |
42 | 42 |
|
43 | 43 | my $version = '1.19'; |
44 | 44 |
|
45 | | -$opt_w = 76; # default base64 encoded lines length |
| 45 | +$opt_w = 72; # default base64 encoded lines length |
46 | 46 |
|
47 | 47 | $0 =~ s@.*(/|\\)@@; |
48 | 48 | $Getopt::Std::STANDARD_HELP_VERSION = 1; |
|
55 | 55 | print "Operating System Name : $^O\n"; |
56 | 56 | print "Getopt::Std.pm Version : ${Getopt::Std::VERSION}\n"; |
57 | 57 | print "MIME::Base64.pm Version : ${MIME::Base64::VERSION}\n"; |
58 | | - print "LWP::UserAgent.pm Version : ${LWP::UserAgent::VERSION}\n"; |
59 | | - print "LWP.pm Version : ${LWP::VERSION}\n"; |
60 | 58 | print ("=" x 78 . "\n"); |
61 | 59 | } |
62 | 60 |
|
63 | 61 | sub HELP_MESSAGE() { |
64 | | - print "Usage:\t${0} [-b] [-f] [-i] [-l] [-n] [-q] [-t] [-u] [-v] [-w<l>] [<outputfile>]\n"; |
65 | | - print "\t-b\tbackup an existing version of ca-bundle.crt\n"; |
66 | | - print "\t-f\tforce rebuild even if certdata.txt is current\n"; |
| 62 | + print "Usage:\t${0} [-i] [-l] [-q] [-t] [-v] [-w<l>] [<outputfile>]\n"; |
67 | 63 | print "\t-i\tprint version info about used modules\n"; |
68 | 64 | print "\t-l\tprint license info about certdata.txt\n"; |
69 | | - print "\t-n\tno download of certdata.txt (to use existing)\n"; |
70 | 65 | print "\t-q\tbe really quiet (no progress output at all)\n"; |
71 | 66 | print "\t-t\tinclude plain text listing of certificates\n"; |
72 | | - print "\t-u\tunlink (remove) certdata.txt after processing\n"; |
73 | 67 | print "\t-v\tbe verbose and print out processed CAs\n"; |
74 | 68 | print "\t-w <l>\twrap base64 output lines after <l> chars (default: ${opt_w})\n"; |
75 | 69 | exit; |
|
81 | 75 |
|
82 | 76 | HELP_MESSAGE() if ($opt_h); |
83 | 77 |
|
84 | | -my $crt = $ARGV[0] || 'ca-bundle.crt'; |
85 | | -(my $txt = $url) =~ s@(.*/|\?.*)@@g; |
| 78 | +my $crt = $ARGV[0] || dirname(__FILE__) . '/../src/node_root_certs.h'; |
| 79 | +my $txt = dirname(__FILE__) . '/certdata.txt'; |
86 | 80 |
|
87 | 81 | my $stdout = $crt eq '-'; |
88 | 82 | my $resp; |
89 | 83 | my $fetched; |
90 | 84 |
|
91 | | -unless ($opt_n and -e $txt) { |
92 | | - print STDERR "Downloading '$txt' ...\n" if (!$opt_q); |
93 | | - my $ua = new LWP::UserAgent(agent => "$0/$version"); |
94 | | - $ua->env_proxy(); |
95 | | - $resp = $ua->mirror($url, $txt); |
96 | | - if ($resp && $resp->code eq '304') { |
97 | | - print STDERR "Not modified\n" unless $opt_q; |
98 | | - exit 0 if -e $crt && !$opt_f; |
99 | | - } else { |
100 | | - $fetched = 1; |
101 | | - } |
102 | | - if( !$resp || $resp->code !~ /^(?:200|304)$/ ) { |
103 | | - print STDERR "Unable to download latest data: " |
104 | | - . ($resp? $resp->code . ' - ' . $resp->message : "LWP failed") . "\n" |
105 | | - unless $opt_q; |
106 | | - exit 1 if -e $crt || ! -r $txt; |
107 | | - } |
108 | | -} |
109 | | - |
110 | 85 | my $currentdate = scalar gmtime($fetched ? $resp->last_modified : (stat($txt))[9]); |
111 | 86 |
|
112 | 87 | my $format = $opt_t ? "plain text and " : ""; |
113 | 88 | if( $stdout ) { |
114 | 89 | open(CRT, '> -') or die "Couldn't open STDOUT: $!\n"; |
115 | 90 | } else { |
116 | | - open(CRT,">$crt.~") or die "Couldn't open $crt.~: $!\n"; |
| 91 | + open(CRT,">$crt") or die "Couldn't open $crt: $!\n"; |
117 | 92 | } |
118 | 93 | print CRT <<EOT; |
119 | | -## |
120 | | -## $crt -- Bundle of CA Root Certificates |
121 | | -## |
122 | | -## Certificate data from Mozilla as of: ${currentdate} |
123 | | -## |
124 | | -## This is a bundle of X.509 certificates of public Certificate Authorities |
125 | | -## (CA). These were automatically extracted from Mozilla's root certificates |
126 | | -## file (certdata.txt). This file can be found in the mozilla source tree: |
127 | | -## ${url} |
128 | | -## |
129 | | -## It contains the certificates in ${format}PEM format and therefore |
130 | | -## can be directly used with curl / libcurl / php_curl, or with |
131 | | -## an Apache+mod_ssl webserver for SSL client authentication. |
132 | | -## Just configure this file as the SSLCACertificateFile. |
133 | | -## |
| 94 | +/* $crt -- Bundle of CA Root Certificates |
| 95 | + * |
| 96 | + * Certificate data from Mozilla as of: ${currentdate} |
| 97 | + * |
| 98 | + * This is a bundle of X.509 certificates of public Certificate Authorities |
| 99 | + * (CA). These were automatically extracted from Mozilla's root certificates |
| 100 | + * file (certdata.txt). This file can be found in the mozilla source tree: |
| 101 | + * ${url} |
| 102 | + * |
| 103 | + * It contains the certificates in ${format}PEM format and therefore |
| 104 | + * can be directly used with curl / libcurl / php_curl, or with |
| 105 | + * an Apache+mod_ssl webserver for SSL client authentication. |
| 106 | + * Just configure this file as the SSLCACertificateFile. |
| 107 | + */ |
134 | 108 |
|
135 | 109 | EOT |
136 | 110 |
|
|
154 | 128 | next if /^#|^\s*$/; |
155 | 129 | chomp; |
156 | 130 | if (/^CVS_ID\s+\"(.*)\"/) { |
157 | | - print CRT "# $1\n"; |
| 131 | + print CRT "/* $1 */\n"; |
158 | 132 | } |
159 | 133 |
|
160 | 134 | # this is a match for the start of a certificate |
|
192 | 166 | $skipnum ++; |
193 | 167 | } else { |
194 | 168 | my $encoded = MIME::Base64::encode_base64($data, ''); |
195 | | - $encoded =~ s/(.{1,${opt_w}})/$1\n/g; |
196 | | - my $pem = "-----BEGIN CERTIFICATE-----\n" |
| 169 | + $encoded =~ s/(.{1,${opt_w}})/"$1\\n"\n/g; |
| 170 | + my $pem = "\"-----BEGIN CERTIFICATE-----\\n\"\n" |
197 | 171 | . $encoded |
198 | | - . "-----END CERTIFICATE-----\n"; |
199 | | - print CRT "\n$caname\n"; |
200 | | - print CRT ("=" x length($caname) . "\n"); |
| 172 | + . "\"-----END CERTIFICATE-----\\n\",\n"; |
| 173 | + print CRT "\n/* $caname */\n"; |
201 | 174 | if (!$opt_t) { |
202 | 175 | print CRT $pem; |
203 | 176 | } else { |
204 | 177 | my $pipe = "|$openssl x509 -md5 -fingerprint -text -inform PEM"; |
205 | 178 | if (!$stdout) { |
206 | | - $pipe .= " >> $crt.~"; |
207 | | - close(CRT) or die "Couldn't close $crt.~: $!"; |
| 179 | + $pipe .= " >> $crt"; |
| 180 | + close(CRT) or die "Couldn't close $crt: $!"; |
208 | 181 | } |
209 | 182 | open(TMP, $pipe) or die "Couldn't open openssl pipe: $!"; |
210 | 183 | print TMP $pem; |
211 | 184 | close(TMP) or die "Couldn't close openssl pipe: $!"; |
212 | 185 | if (!$stdout) { |
213 | | - open(CRT, ">>$crt.~") or die "Couldn't open $crt.~: $!"; |
| 186 | + open(CRT, ">>$crt") or die "Couldn't open $crt: $!"; |
214 | 187 | } |
215 | 188 | } |
216 | 189 | print STDERR "Parsing: $caname\n" if ($opt_v); |
|
220 | 193 | } |
221 | 194 | } |
222 | 195 | close(TXT) or die "Couldn't close $txt: $!\n"; |
223 | | -close(CRT) or die "Couldn't close $crt.~: $!\n"; |
224 | | -unless( $stdout ) { |
225 | | - if ($opt_b && -e $crt) { |
226 | | - my $bk = 1; |
227 | | - while (-e "$crt.~${bk}~") { |
228 | | - $bk++; |
229 | | - } |
230 | | - rename $crt, "$crt.~${bk}~" or die "Failed to create backup $crt.~$bk}~: $!\n"; |
231 | | - } elsif( -e $crt ) { |
232 | | - unlink( $crt ) or die "Failed to remove $crt: $!\n"; |
233 | | - } |
234 | | - rename "$crt.~", $crt or die "Failed to rename $crt.~ to $crt: $!\n"; |
235 | | -} |
236 | | -unlink $txt if ($opt_u); |
| 196 | +close(CRT) or die "Couldn't close $crt: $!\n"; |
237 | 197 | print STDERR "Done ($certnum CA certs processed, $skipnum untrusted skipped).\n" if (!$opt_q); |
238 | 198 |
|
239 | 199 | exit; |
|
0 commit comments