pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pkg/49176: certdata-20140820.txt of mozilla-rootcerts missing cert marks previous cert untrusted



The following reply was made to PR pkg/49176; it has been noted by GNATS.

From: "John D. Baker" <jdbaker%mylinuxisp.com@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: pkg/49176: certdata-20140820.txt of mozilla-rootcerts missing
 cert marks previous cert untrusted
Date: Fri, 5 Sep 2014 21:30:05 -0500 (CDT)

 A better approach.  Change the script to stop reading lines when the
 key for the trust value is found, then test for untrusted status.
 
 +--- mozilla-rootcerts.sh.orig 2014-09-05 21:09:28.000000000 -0500
 ++++ mozilla-rootcerts.sh      2014-09-05 21:16:51.000000000 -0500
 +@@ -162,13 +162,17 @@ extract)
 +                      # kill untrusted certificates (not clean, but the 
script which comes
 +                      # with "curl" works the same way)
 +                      untrusted = 0
 ++                     # Read lines only until we find the trust data
 ++                     # following the certificate, then stop.
 +                      while (getline) {
 +-                             if ($0 ~ /^#$/) break
 +-                             if ($0 ~ 
/^CKA_TRUST_SERVER_AUTH.*CK_TRUST.*CKT_NSS_NOT_TRUSTED$/)
 +-                                     untrusted = 1
 +-                             if ($0 ~ 
/^CKA_TRUST_SERVER_AUTH.*CK_TRUST.*CKT_NETSCAPE_UNTRUSTED$/)
 +-                                     untrusted = 1
 ++                             if ($0 ~ /^CKA_TRUST_SERVER_AUTH/) break
 +                      }
 ++                     # Test the result for untrusted status
 ++                     if ($0 ~ 
/^CKA_TRUST_SERVER_AUTH.*CK_TRUST.*CKT_NSS_NOT_TRUSTED$/)
 ++                             untrusted = 1
 ++                     if ($0 ~ 
/^CKA_TRUST_SERVER_AUTH.*CK_TRUST.*CKT_NETSCAPE_UNTRUSTED$/)
 ++                             untrusted = 1
 ++
 +                      if (untrusted) {
 +                              print filename " untrusted"
 +                              system("rm -f " filename)
 
 -- 
 |/"\ John D. Baker, KN5UKS               NetBSD     Darwin/MacOS X
 |\ / jdbaker[snail]mylinuxisp[flyspeck]com    OpenBSD            FreeBSD
 | X  No HTML/proprietary data in email.   BSD just sits there and works!
 |/ \ GPGkeyID:  D703 4A7E 479F 63F8 D3F4  BD99 9572 8F23 E4AD 1645
 


Home | Main Index | Thread Index | Old Index