mozilla has switched to a scheme of explicitly distrusting certificates
in its stable branch (ie firefox-6.0.2) too, so deal with this in the mozilla-rootcerts script (this is not great - it depends on syntactic details of the file where it should better use checksums, but the perl script which is distributed with "curl" works the same way), and switch back to the certificate list in CVS HEAD
This commit is contained in:
drochner
parent
8448fc018c
commit
0b08870926
3 changed files with 21 additions and 12 deletions
|
|
@ -1,4 +1,4 @@
|
|||
# $NetBSD: Makefile,v 1.7 2011/08/31 11:42:43 drochner Exp $
|
||||
# $NetBSD: Makefile,v 1.8 2011/09/08 19:46:01 drochner Exp $
|
||||
|
||||
DISTNAME= mozilla-rootcerts-1.0.${CERTDATA_DATE}
|
||||
CATEGORIES= security
|
||||
|
|
@ -15,12 +15,7 @@ PKG_DESTDIR_SUPPORT= user-destdir
|
|||
|
||||
USE_TOOLS= awk:run echo:run expr:run ln:run ls:run openssl:run rm:run
|
||||
|
||||
# This is not the file from the repository in HOMEPAGE above but
|
||||
# the version distributed with firefox-6.0.1.
|
||||
# (Newer versions seem to handle trust explicitely so that the mere
|
||||
# presence of a certificate doesn't mean that it is trusted. The
|
||||
# extraction by our "mozilla-rootcerts" script doesn't handle this.)
|
||||
CERTDATA_DATE= 20110830
|
||||
CERTDATA_DATE= 20110902
|
||||
CERTDATA= certdata-${CERTDATA_DATE}.txt
|
||||
|
||||
WRKSRC= ${WRKDIR}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
$NetBSD: distinfo,v 1.4 2011/08/31 11:42:43 drochner Exp $
|
||||
$NetBSD: distinfo,v 1.5 2011/09/08 19:46:01 drochner Exp $
|
||||
|
||||
SHA1 (certdata-20110830.txt) = a43ca7e68478739b2a12fb5d32a745b29170dfa1
|
||||
RMD160 (certdata-20110830.txt) = c31be39b17bbced1ea0caec011ca58cdef7ddde3
|
||||
Size (certdata-20110830.txt) = 1151237 bytes
|
||||
SHA1 (certdata-20110902.txt) = 57a828431cc50f38726b483f967d8bb941f60672
|
||||
RMD160 (certdata-20110902.txt) = 6a47daa687a9b62163d9f4cf6506757f5ebc8fe0
|
||||
Size (certdata-20110902.txt) = 1224942 bytes
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# $NetBSD: mozilla-rootcerts.sh,v 1.3 2010/10/22 10:41:50 wiz Exp $
|
||||
# $NetBSD: mozilla-rootcerts.sh,v 1.4 2011/09/08 19:46:01 drochner Exp $
|
||||
#
|
||||
# This script is meant to be used as follows:
|
||||
#
|
||||
|
|
@ -156,6 +156,20 @@ extract)
|
|||
}
|
||||
}
|
||||
close(cmd)
|
||||
# kill untrusted certificates (not clean, but the script which comes
|
||||
# with "curl" works the same way)
|
||||
untrusted = 0
|
||||
while (getline) {
|
||||
if ($0 ~ /^#$/) break
|
||||
if ($0 ~ /^CKA_TRUST_SERVER_AUTH.*CK_TRUST.*CKT_NSS_NOT_TRUSTED$/)
|
||||
untrusted = 1
|
||||
if ($0 ~ /^CKA_TRUST_SERVER_AUTH.*CK_TRUST.*CKT_NETSCAPE_UNTRUSTED$/)
|
||||
untrusted = 1
|
||||
}
|
||||
if (untrusted) {
|
||||
print filename " untrusted"
|
||||
system("rm -f " filename)
|
||||
}
|
||||
}
|
||||
}'
|
||||
;;
|
||||
|
|
|
|||
Loading…
Reference in a new issue