pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pkg/49176: certdata-20140820.txt of mozilla-rootcerts missing cert marks previous cert untrusted
The following reply was made to PR pkg/49176; it has been noted by GNATS.
From: "John D. Baker" <jdbaker%mylinuxisp.com@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc:
Subject: Re: pkg/49176: certdata-20140820.txt of mozilla-rootcerts missing
cert marks previous cert untrusted
Date: Fri, 5 Sep 2014 21:30:05 -0500 (CDT)
A better approach. Change the script to stop reading lines when the
key for the trust value is found, then test for untrusted status.
+--- mozilla-rootcerts.sh.orig 2014-09-05 21:09:28.000000000 -0500
++++ mozilla-rootcerts.sh 2014-09-05 21:16:51.000000000 -0500
+@@ -162,13 +162,17 @@ extract)
+ # kill untrusted certificates (not clean, but the
script which comes
+ # with "curl" works the same way)
+ untrusted = 0
++ # Read lines only until we find the trust data
++ # following the certificate, then stop.
+ while (getline) {
+- if ($0 ~ /^#$/) break
+- if ($0 ~
/^CKA_TRUST_SERVER_AUTH.*CK_TRUST.*CKT_NSS_NOT_TRUSTED$/)
+- untrusted = 1
+- if ($0 ~
/^CKA_TRUST_SERVER_AUTH.*CK_TRUST.*CKT_NETSCAPE_UNTRUSTED$/)
+- untrusted = 1
++ if ($0 ~ /^CKA_TRUST_SERVER_AUTH/) break
+ }
++ # Test the result for untrusted status
++ if ($0 ~
/^CKA_TRUST_SERVER_AUTH.*CK_TRUST.*CKT_NSS_NOT_TRUSTED$/)
++ untrusted = 1
++ if ($0 ~
/^CKA_TRUST_SERVER_AUTH.*CK_TRUST.*CKT_NETSCAPE_UNTRUSTED$/)
++ untrusted = 1
++
+ if (untrusted) {
+ print filename " untrusted"
+ system("rm -f " filename)
--
|/"\ John D. Baker, KN5UKS NetBSD Darwin/MacOS X
|\ / jdbaker[snail]mylinuxisp[flyspeck]com OpenBSD FreeBSD
| X No HTML/proprietary data in email. BSD just sits there and works!
|/ \ GPGkeyID: D703 4A7E 479F 63F8 D3F4 BD99 9572 8F23 E4AD 1645
Home |
Main Index |
Thread Index |
Old Index