6 cafile="/var/lib/ca-certificates/ca-bundle.pem"
10 if [ "$i" = "-f" ]; then
12 elif [ "$i" = "-v" ]; then
17 if [ -z "$fresh" -a "$cafile" -nt "$cadir" ]; then
20 echo "creating $cafile ..."
21 cat > "$cafile.new" <<EOF
23 # automatically created by $0. Do not edit!
25 # Use of this file is deprecated and should only be used as last
26 # resort by applications that cannot parse the $cadir directory.
27 # You should avoid hardcoding any paths in applications anyways though.
29 # SSL_CTX_set_default_verify_paths() instead.
32 for i in `find $cadir/*`; do
33 fname=`echo $i | cut -f 5 -d '/'`
34 if [[ ! $fname =~ ^[0-9a-z]{8}\.[0-9]$ ]]; then
38 # only include certificates trusted for server auth
39 if grep -q "BEGIN TRUSTED CERTIFICATE" "$i"; then
40 trust=`sed -n '/^# openssl-trust=/{s/^.*=//;p;q;}' "$i"`
43 *) [ -z "$verbose" ] || echo "skipping $i" >&2; continue ;;
48 mv "$cafile.new" "$cafile"
50 chown root:system $cafile
52 chsmack -a "System::Shared" $cafile