6 cafile="/var/lib/ca-certificates/ca-bundle.pem"
10 if [ "$i" = "-f" ]; then
12 elif [ "$i" = "-v" ]; then
17 if [ -z "$fresh" -a "$cafile" -nt "$cadir" ]; then
20 echo "creating $cafile ..."
21 cat > "$cafile.new" <<EOF
23 # automatically created by $0. Do not edit!
25 # Use of this file is deprecated and should only be used as last
26 # resort by applications that cannot parse the $cadir directory.
27 # You should avoid hardcoding any paths in applications anyways though.
29 # SSL_CTX_set_default_verify_paths() instead.
32 for i in "$cadir"/*.pem; do
33 # only include certificates trusted for server auth
34 if grep -q "BEGIN TRUSTED CERTIFICATE" "$i"; then
35 trust=`sed -n '/^# openssl-trust=/{s/^.*=//;p;q;}' "$i"`
38 *) [ -z "$verbose" ] || echo "skipping $i" >&2; continue ;;
43 mv "$cafile.new" "$cafile"