mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-25 10:22:59 +02:00
f0aa99fb7b
This package adds a trusted lists of CAs. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
52 lines
1.1 KiB
Bash
52 lines
1.1 KiB
Bash
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
# Create file layout.
|
|
mkdir -pv certs certs/legacy-default certs/legacy-disable
|
|
cp certdata.txt ipfire-ca.crt certs
|
|
cd certs
|
|
|
|
python ../certdata2pem.py
|
|
|
|
cd ..
|
|
cat <<EOF > ca-bundle.crt
|
|
# This is a bundle of X.509 certificates of public Certificate
|
|
# Authorities. It was generated from the Mozilla root CA list.
|
|
#
|
|
# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
|
|
#
|
|
EOF
|
|
|
|
cat <<EOF > ca-bundle.trust.crt
|
|
# This is a bundle of X.509 certificates of public Certificate
|
|
# Authorities. It was generated from the Mozilla root CA list.
|
|
# These certificates are in the OpenSSL "TRUSTED CERTIFICATE"
|
|
# format and have trust bits set accordingly.
|
|
#
|
|
# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
|
|
#
|
|
EOF
|
|
|
|
for f in certs/*.crt; do
|
|
[ -z "${f}" ] && continue
|
|
|
|
tbits=$(sed -n '/^# openssl-trust/{s/^.*=//;p;}' ${f})
|
|
case "${tbits}" in
|
|
*serverAuth*)
|
|
openssl x509 -text -in "${f}" >> ca-bundle.crt
|
|
;;
|
|
esac
|
|
|
|
if [ -n "$tbits" ]; then
|
|
targs=""
|
|
for t in ${tbits}; do
|
|
targs="${targs} -addtrust ${t}"
|
|
done
|
|
|
|
openssl x509 -text -in "${f}" -trustout $targs >> ca-bundle.trust.crt
|
|
fi
|
|
done
|
|
|
|
exit 0
|