Simplify check for trusted certificates.

This changes the previous check for untrusted certs to a check for certs explicitely marked as trusted. The change is backward-compatible (tested with certdata.txt v1.80).
author: Guenter Knauf <lists@gknw.net> 2013-08-05 13:02:27 +0200
committer: Guenter Knauf <lists@gknw.net> 2013-08-05 13:02:27 +0200
commit: 0ce410a62970237823902b30fd851778f09dc089 (patch)
tree: 914e881482edd80d387779e8f75fb0c8268ccc45 /lib/mk-ca-bundle.pl
parent: 5d3cbde72ece7d83c280492957a26e26ab4e5cca (diff)
download: curl-0ce410a62970237823902b30fd851778f09dc089.tar.gz
1 files changed, 3 insertions, 5 deletions
diff --git a/lib/mk-ca-bundle.pl b/lib/mk-ca-bundle.pl
index 873f8fb77..1a9c85985 100755
--- a/lib/mk-ca-bundle.pl
+++ b/lib/mk-ca-bundle.pl
@@ -164,7 +164,7 @@ while (<TXT>) {
   if ($start_of_cert && /^CKA_LABEL UTF8 \"(.*)\"/) {
     $caname = $1;
   }
-  my $untrusted = 0;
+  my $untrusted = 1;
   if ($start_of_cert && /^CKA_VALUE MULTILINE_OCTAL/) {
     my $data;
     while (<TXT>) {
@@ -184,10 +184,8 @@ while (<TXT>) {
     # now scan the trust part for untrusted certs
     while (<TXT>) {
       last if (/^#/);
-      if (/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_NOT_TRUSTED$/
-          or /^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_TRUST_UNKNOWN$/
-          or /^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_MUST_VERIFY_TRUST/) {
-        $untrusted = 1;
+      if (/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_TRUSTED_DELEGATOR$/) {
+          $untrusted = 0;
       }
     }
     if ($untrusted) {
author	Guenter Knauf <lists@gknw.net>	2013-08-05 13:02:27 +0200
committer	Guenter Knauf <lists@gknw.net>	2013-08-05 13:02:27 +0200
commit	0ce410a62970237823902b30fd851778f09dc089 (patch)
tree	914e881482edd80d387779e8f75fb0c8268ccc45 /lib/mk-ca-bundle.pl
parent	5d3cbde72ece7d83c280492957a26e26ab4e5cca (diff)
download	curl-0ce410a62970237823902b30fd851778f09dc089.tar.gz