pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: 'mozilla-rootcerts' erroneously flags certs "untrusted" (was: Re: certdata-20140820.txt missing certs?)

There is a discrepancy in the structure of the "certdata.txt" file.

The ninth data block is a "cert_trust" section without a preceeding
"cert_data" section.  That "cert_trust" section refers to a certificate
that is considered untrusted but not present in the "certdata.txt" file.

As such, the way the "mozilla-rootcerts" script determines when to stop
examining "cert_trust" values (a line containing only a "#" comment,
regexp /^#$/ such as found in the header for a "cert_data" section)
instead continues examining the spurious "cert_trust" section and marks
the preceeding otherwise-valid cert ("mozilla-rootcert-3.pem" in this
case) as "untrusted" and removes it.

|/"\ John D. Baker, KN5UKS               NetBSD     Darwin/MacOS X
|\ / jdbaker[snail]mylinuxisp[flyspeck]com    OpenBSD            FreeBSD
| X  No HTML/proprietary data in email.   BSD just sits there and works!
|/ \ GPGkeyID:  D703 4A7E 479F 63F8 D3F4  BD99 9572 8F23 E4AD 1645

Home | Main Index | Thread Index | Old Index