summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2021-09-30 23:10:35 +0200
committerDaniel Stenberg <daniel@haxx.se>2021-09-30 23:37:55 +0200
commit85f91248cffb22d151d5983c32f0dbf6b1de572a (patch)
tree5986d51d651b9ee278806de909e4311a18b4e6fa /lib
parentffb634d4ef5378c5f8255577fb65df3de82c0396 (diff)
downloadcurl-85f91248cffb22d151d5983c32f0dbf6b1de572a.tar.gz
lib/mk-ca-bundle.pl: skip certs passed Not Valid After date
With this change applied, the now expired 'DST Root CA X3' cert will no longer be included in the output. Details: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ Closes #7801
Diffstat (limited to 'lib')
-rwxr-xr-xlib/mk-ca-bundle.pl20
1 files changed, 18 insertions, 2 deletions
diff --git a/lib/mk-ca-bundle.pl b/lib/mk-ca-bundle.pl
index 910fedb0c..e5a7420c0 100755
--- a/lib/mk-ca-bundle.pl
+++ b/lib/mk-ca-bundle.pl
@@ -436,9 +436,25 @@ while (<TXT>) {
last if (/\*\*\*\*\* END LICENSE BLOCK \*\*\*\*\*/);
}
}
- elsif(/^# (Issuer|Serial Number|Subject|Not Valid Before|Not Valid After |Fingerprint \(MD5\)|Fingerprint \(SHA1\)):/) {
+# Not Valid After : Thu Sep 30 14:01:15 2021
+ elsif(/^# Not Valid After : (.*)/) {
+ my $stamp = $1;
+ use Time::Piece;
+ my $t = Time::Piece->strptime
+ ($stamp, "%a %b %d %H:%M:%S %Y");
+ my $delta = ($t->epoch - time()); # negative means no longer valid
+ if($delta < 0) {
+ $skipnum++;
+ report "Skipping: $caname is not valid anymore" if ($opt_v);
+ $valid = 0;
+ }
+ else {
+ $valid = 1;
+ }
+ next;
+ }
+ elsif(/^# (Issuer|Serial Number|Subject|Not Valid Before|Fingerprint \(MD5\)|Fingerprint \(SHA1\)):/) {
push @precert, $_;
- $valid = 1;
next;
}
elsif(/^#|^\s*$/) {