- Running 'make ca-firefox' in the root build dir will now run the new

  firefox-db2pem.sh conversion script that converts a local Firefox db of ca
  certs into PEM format, suitable for use with a OpenSSL or GnuTLS built
  libcurl.

4 files changed, 67 insertions, 1 deletions

diff --git a/CHANGES b/CHANGES
index e8f26032a..c70a5eec3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,11 @@
                                   Changelog
 
 Daniel Stenberg (23 Aug 2008)
+- Running 'make ca-firefox' in the root build dir will now run the new
+  firefox-db2pem.sh conversion script that converts a local Firefox db of ca
+  certs into PEM format, suitable for use with a OpenSSL or GnuTLS built
+  libcurl.
+
 - Constantine Sapuntzakis fixed a bug when doing proxy CONNECT with the multi
   interface, and the proxy would send Connection: close during the
   authentication phase.  http://curl.haxx.se/bug/view.cgi?id=2069047
diff --git a/Makefile.am b/Makefile.am
index bcb42c553..1a6945598 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -137,3 +137,7 @@ uninstall-hook:
 ca-bundle: lib/mk-ca-bundle.pl
 	@echo "generate a fresh ca-bundle.crt"
 	@perl $< -b -l -u lib/ca-bundle.crt
+
+ca-firefox: lib/db2pem.sh
+	@echo "generate a fresh ca-bundle.crt"
+	./lib/firefox-db2pem.sh lib/ca-bundle.crt
diff --git a/Makefile.dist b/Makefile.dist
index b599c0765..26005eaee 100644
--- a/Makefile.dist
+++ b/Makefile.dist
@@ -265,4 +265,6 @@ ca-bundle: lib/mk-ca-bundle.pl
 	@echo "generate a fresh ca-bundle.crt"
 	@perl $< -b -l -u lib/ca-bundle.crt
 
-
+ca-firefox: lib/db2pem.sh
+	@echo "generate a fresh ca-bundle.crt"
+	./lib/firefox-db2pem.sh lib/ca-bundle.crt
diff --git a/lib/firefox-db2pem.sh b/lib/firefox-db2pem.sh
new file mode 100755
index 000000000..11f641c91
--- /dev/null
+++ b/lib/firefox-db2pem.sh
@@ -0,0 +1,55 @@
+#!/bin/sh
+# ***************************************************************************
+# *                                  _   _ ____  _
+# *  Project                     ___| | | |  _ \| |
+# *                             / __| | | | |_) | |
+# *                            | (__| |_| |  _ <| |___
+# *                             \___|\___/|_| \_\_____|
+# *
+# * Copyright (C) 1998 - 2008, Daniel Stenberg, <daniel@haxx.se>, et al.
+# *
+# * This software is licensed as described in the file COPYING, which
+# * you should have received as part of this distribution. The terms
+# * are also available at http://curl.haxx.se/docs/copyright.html.
+# *
+# * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+# * copies of the Software, and permit persons to whom the Software is
+# * furnished to do so, under the terms of the COPYING file.
+# *
+# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+# * KIND, either express or implied.
+# *
+# * $Id$
+# ***************************************************************************
+# This shell script creates a fresh ca-bundle.crt file for use with libcurl. 
+# It extracts all ca certs it finds in the local Firefox database and converts
+# them all into PEM format.
+#
+db=`ls -1d $HOME/.mozilla/firefox/*default`  
+out=$1
+
+if test -z "$out"; then
+  out="ca-bundle.crt" # use a sensible default
+fi
+
+currentdate=`date`
+
+cat >$out <<EOF
+##
+## Bundle of CA Root Certificates
+##
+## Converted at: ${currentdate}
+## These were converted from the local Firefox directory by the db2pem script.
+##
+EOF
+
+
+certutil -L -h 'Builtin Object Token' -d $db | \
+grep ' *[CcGTPpu]*,[CcGTPpu]*,[CcGTPpu]* *$' | \
+sed -e 's/ *[CcGTPpu]*,[CcGTPpu]*,[CcGTPpu]* *$//' -e 's/\(.*\)/"\1"/' | \
+sort | \
+while read nickname; \
+ do echo $nickname | sed -e "s/Builtin Object Token://g"; \
+eval certutil -d $db -L -n "$nickname" -a ; \
+done >> $out
+