# * | (__| |_| | _ <| |___
# * \___|\___/|_| \_\_____|
# *
-# * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+# * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
# *
# * This software is licensed as described in the file COPYING, which
# * you should have received as part of this distribution. The terms
-# * are also available at http://curl.haxx.se/docs/copyright.html.
+# * are also available at https://curl.haxx.se/docs/copyright.html.
# *
# * You may opt to use, copy, modify, merge, publish, distribute and/or sell
# * copies of the Software, and permit persons to whom the Software is
use MIME::Base64;
use LWP::UserAgent;
use strict;
-use vars qw($opt_b $opt_d $opt_f $opt_h $opt_i $opt_l $opt_n $opt_p $opt_q $opt_s $opt_t $opt_u $opt_v $opt_w);
+use vars qw($opt_b $opt_d $opt_f $opt_h $opt_i $opt_l $opt_m $opt_n $opt_p $opt_q $opt_s $opt_t $opt_u $opt_v $opt_w);
use List::Util;
use Text::Wrap;
my $MOD_SHA = "Digest::SHA";
# If the OpenSSL commandline is not in search path you can configure it here!
my $openssl = 'openssl';
-my $version = '1.25';
+my $version = '1.26';
$opt_w = 76; # default base64 encoded lines length
$0 =~ s@.*(/|\\)@@;
$Getopt::Std::STANDARD_HELP_VERSION = 1;
-getopts('bd:fhilnp:qs:tuvw:');
+getopts('bd:fhilmnp:qs:tuvw:');
if(!defined($opt_d)) {
# to make plain "-d" use not cause warnings, and actually still work
print "\t-f\tforce rebuild even if certdata.txt is current\n";
print "\t-i\tprint version info about used modules\n";
print "\t-l\tprint license info about certdata.txt\n";
+ print "\t-m\tinclude meta data in output\n";
print "\t-n\tno download of certdata.txt (to use existing)\n";
print wrap("\t","\t\t", "-p\tlist of Mozilla trust purposes and levels for certificates to include in output. Takes the form of a comma separated list of purposes, a colon, and a comma separated list of levels. (default: $default_mozilla_trust_purposes:$default_mozilla_trust_levels)"), "\n";
print "\t\t Valid purposes are:\n";
warning_message() unless ($opt_q || $url =~ m/^(ht|f)tps:/i );
HELP_MESSAGE() if ($opt_h);
+sub report($@) {
+ my $output = shift;
+
+ print STDERR $output . "\n" unless $opt_q;
+}
+
sub is_in_list($@) {
my $target = shift;
my $oldsha1 = oldsha1($crt);
-print STDERR "SHA1 of old file: $oldsha1\n" if (!$opt_q);
+report "SHA1 of old file: $oldsha1";
-print STDERR "Downloading '$txt' ...\n" if (!$opt_q);
+report "Downloading '$txt' ...";
if($curl && !$opt_n) {
my $https = $url;
$https =~ s/^http:/https:/;
- print STDERR "Get certdata over HTTPS with curl!\n" if (!$opt_q);
+ report "Get certdata over HTTPS with curl!";
my $quiet = $opt_q ? "-s" : "";
my @out = `curl -w %{response_code} $quiet -O $https`;
if(@out && $out[0] == 200) {
$fetched = 1;
} else {
- print STDERR "Failed downloading HTTPS with curl, trying HTTP with LWP\n" if (!$opt_q);
+ report "Failed downloading HTTPS with curl, trying HTTP with LWP";
}
}
$ua->env_proxy();
$resp = $ua->mirror($url, $txt);
if ($resp && $resp->code eq '304') {
- print STDERR "Not modified\n" unless $opt_q;
+ report "Not modified";
exit 0 if -e $crt && !$opt_f;
} else {
$fetched = 1;
}
if( !$resp || $resp->code !~ /^(?:200|304)$/ ) {
- print STDERR "Unable to download latest data: "
- . ($resp? $resp->code . ' - ' . $resp->message : "LWP failed") . "\n"
- unless $opt_q;
+ report "Unable to download latest data: "
+ . ($resp? $resp->code . ' - ' . $resp->message : "LWP failed");
exit 1 if -e $crt || ! -r $txt;
}
}
my $newsha1= sha1($txt);
if(!$opt_f && $oldsha1 eq $newsha1) {
- print STDERR "Downloaded file identical to previous run\'s source file. Exiting\n";
+ report "Downloaded file identical to previous run\'s source file. Exiting";
exit;
}
-print STDERR "SHA1 of new file: $newsha1\n";
+report "SHA1 of new file: $newsha1";
my $currentdate = scalar gmtime($filedate);
EOT
-print STDERR "Processing '$txt' ...\n" if (!$opt_q);
+report "Processing '$txt' ...";
my $caname;
my $certnum = 0;
my $skipnum = 0;
my $start_of_cert = 0;
+my @precert;
open(TXT,"$txt") or die "Couldn't open $txt: $!\n";
while (<TXT>) {
last if (/\*\*\*\*\* END LICENSE BLOCK \*\*\*\*\*/);
}
}
- next if /^#|^\s*$/;
- chomp;
- if (/^CVS_ID\s+\"(.*)\"/) {
- print CRT "# $1\n";
+ elsif(/^# (Issuer|Serial Number|Subject|Not Valid Before|Not Valid After |Fingerprint \(MD5\)|Fingerprint \(SHA1\)):/) {
+ push @precert, $_;
+ next;
}
+ elsif(/^#|^\s*$/) {
+ undef @precert;
+ next;
+ }
+ chomp;
# this is a match for the start of a certificate
if (/^CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE/) {
last if (/^#/);
if (/^CKA_TRUST_([A-Z_]+)\s+CK_TRUST\s+CKT_NSS_([A-Z_]+)\s*$/) {
if ( !is_in_list($1,@valid_mozilla_trust_purposes) ) {
- print STDERR "Warning: Unrecognized trust purpose for cert: $caname. Trust purpose: $1. Trust Level: $2\n" if (!$opt_q);
+ report "Warning: Unrecognized trust purpose for cert: $caname. Trust purpose: $1. Trust Level: $2";
} elsif ( !is_in_list($2,@valid_mozilla_trust_levels) ) {
- print STDERR "Warning: Unrecognized trust level for cert: $caname. Trust purpose: $1. Trust Level: $2\n" if (!$opt_q);
+ report "Warning: Unrecognized trust level for cert: $caname. Trust purpose: $1. Trust Level: $2";
} else {
push @{$trust_purposes_by_level{$2}}, $1;
}
. $encoded
. "-----END CERTIFICATE-----\n";
print CRT "\n$caname\n";
-
+ print CRT @precert if($opt_m);
my $maxStringLength = length($caname);
if ($opt_t) {
foreach my $key (keys %trust_purposes_by_level) {
open(CRT, ">>$crt.~") or die "Couldn't open $crt.~: $!";
}
}
- print STDERR "Parsing: $caname\n" if ($opt_v);
+ report "Parsing: $caname" if ($opt_v);
$certnum ++;
$start_of_cert = 0;
}
+ undef @precert;
}
+
}
close(TXT) or die "Couldn't close $txt: $!\n";
close(CRT) or die "Couldn't close $crt.~: $!\n";
rename "$crt.~", $crt or die "Failed to rename $crt.~ to $crt: $!\n";
}
unlink $txt if ($opt_u);
-print STDERR "Done ($certnum CA certs processed, $skipnum skipped).\n" if (!$opt_q);
+report "Done ($certnum CA certs processed, $skipnum skipped).";