Fix certdata2pem.py for multiple CAs using the same CKA_LABEL

2 files changed, 10 insertions, 4 deletions

diff --git a/debian/changelog b/debian/changelog
index a6f7361..299f676 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
-ca-certificates (20140223) UNRELEASED; urgency=medium
+ca-certificates (20140223) unstable; urgency=medium
 
   * No longer ship cacert.org certificates.  Closes: #718434, LP: #1258286
+  * Fix certdata2pem.py for multiple CAs using the same CKA_LABEL.  Thanks
+    to Marc Deslauriers for the patch.  Closes: #683403
   * Update mozilla/certdata.txt to version 1.97.
     Certificates added (+) and removed (-):
     + "ACCVRAIZ1"
diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
index 5cc8f4c..0482894 100644
--- a/mozilla/certdata2pem.py
+++ b/mozilla/certdata2pem.py
@@ -116,12 +116,16 @@ for obj in objects:
     if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
         if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
             continue
-        fname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
+        bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
                                       .replace(' ', '_')\
                                       .replace('(', '=')\
                                       .replace(')', '=')\
-                                      .replace(',', '_') + '.crt'
-        fname = fname.decode('string_escape')
+                                      .replace(',', '_')
+        bname = bname.decode('string_escape')
+        fname = bname + '.crt'
+        if os.path.exists(fname):
+            print "Found duplicate certificate name %s, renaming." % bname
+            fname = bname + '_2.crt'
         f = open(fname, 'w')
         f.write("-----BEGIN CERTIFICATE-----\n")
         f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))