1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/ca-certificates/mkcabundle.pl Fri Mar 11 21:41:16 2011 +0100
1.3 @@ -0,0 +1,41 @@
1.4 +#!/usr/bin/perl -w
1.5 +#
1.6 +# Used to regenerate ca-bundle.crt from the Mozilla certdata.txt.
1.7 +# Run as ./mkcabundle.pl > ca-bundle.crt
1.8 +#
1.9 +
1.10 +my $cvsroot = ':pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot';
1.11 +my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt';
1.12 +
1.13 +open(IN, "cvs -d $cvsroot co -p $certdata|")
1.14 + || die "could not check out certdata.txt";
1.15 +
1.16 +my $incert = 0;
1.17 +
1.18 +print<<EOH;
1.19 +# This is a bundle of X.509 certificates of public Certificate
1.20 +# Authorities. It was generated from the Mozilla root CA list.
1.21 +#
1.22 +# Source: $certdata
1.23 +#
1.24 +EOH
1.25 +
1.26 +while (<IN>) {
1.27 + if (/^CKA_VALUE MULTILINE_OCTAL/) {
1.28 + $incert = 1;
1.29 + open(OUT, "|openssl x509 -text -inform DER -fingerprint")
1.30 + || die "could not pipe to openssl x509";
1.31 + } elsif (/^END/ && $incert) {
1.32 + close(OUT);
1.33 + $incert = 0;
1.34 + print "\n\n";
1.35 + } elsif ($incert) {
1.36 + my @bs = split(/\\/);
1.37 + foreach my $b (@bs) {
1.38 + chomp $b;
1.39 + printf(OUT "%c", oct($b)) unless $b eq '';
1.40 + }
1.41 + } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
1.42 + print "# Generated from certdata.txt RCS revision $1\n#\n";
1.43 + }
1.44 +}
