diff options
author | Guenter Knauf <lists@gknw.net> | 2013-08-05 13:02:27 +0200 |
---|---|---|
committer | Guenter Knauf <lists@gknw.net> | 2013-08-05 13:02:27 +0200 |
commit | 0ce410a62970237823902b30fd851778f09dc089 (patch) | |
tree | 914e881482edd80d387779e8f75fb0c8268ccc45 /lib/mk-ca-bundle.pl | |
parent | 5d3cbde72ece7d83c280492957a26e26ab4e5cca (diff) | |
download | curl-0ce410a62970237823902b30fd851778f09dc089.tar.gz |
Simplify check for trusted certificates.
This changes the previous check for untrusted certs to a check for
certs explicitely marked as trusted.
The change is backward-compatible (tested with certdata.txt v1.80).
Diffstat (limited to 'lib/mk-ca-bundle.pl')
-rwxr-xr-x | lib/mk-ca-bundle.pl | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/lib/mk-ca-bundle.pl b/lib/mk-ca-bundle.pl index 873f8fb77..1a9c85985 100755 --- a/lib/mk-ca-bundle.pl +++ b/lib/mk-ca-bundle.pl @@ -164,7 +164,7 @@ while (<TXT>) { if ($start_of_cert && /^CKA_LABEL UTF8 \"(.*)\"/) { $caname = $1; } - my $untrusted = 0; + my $untrusted = 1; if ($start_of_cert && /^CKA_VALUE MULTILINE_OCTAL/) { my $data; while (<TXT>) { @@ -184,10 +184,8 @@ while (<TXT>) { # now scan the trust part for untrusted certs while (<TXT>) { last if (/^#/); - if (/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_NOT_TRUSTED$/ - or /^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_TRUST_UNKNOWN$/ - or /^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_MUST_VERIFY_TRUST/) { - $untrusted = 1; + if (/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_TRUSTED_DELEGATOR$/) { + $untrusted = 0; } } if ($untrusted) { |