make-ca{,.conf.dist}: set nss tree to default source and introduce workaround for p11-kit mishandling of nss-{email,server}-distrust-after values.
This commit is contained in:
DJ Lucas
parent
dac19a3cf1
commit
327c7e9306
14
make-ca
14
make-ca
@ -40,7 +40,7 @@ else
|
|||||||
NSSDB="${PKIDIR}/nssdb"
|
NSSDB="${PKIDIR}/nssdb"
|
||||||
LOCALDIR="${SSLDIR}/local"
|
LOCALDIR="${SSLDIR}/local"
|
||||||
DESTDIR=""
|
DESTDIR=""
|
||||||
URL="https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt"
|
URL="https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Some data in the certs have UTF-8 characters
|
# Some data in the certs have UTF-8 characters
|
||||||
@ -372,6 +372,12 @@ function convert_moz_distrust(){
|
|||||||
fi
|
fi
|
||||||
elif test "${val}" == "MULTILINE_OCTAL"; then
|
elif test "${val}" == "MULTILINE_OCTAL"; then
|
||||||
mozsadistrust=`printf $(grep -A1 "CKA_NSS_SERVER_DISTRUST_AFTER" "${1}" | tail -n1)`
|
mozsadistrust=`printf $(grep -A1 "CKA_NSS_SERVER_DISTRUST_AFTER" "${1}" | tail -n1)`
|
||||||
|
# FIXME - Work around P11-kit breakage
|
||||||
|
cdate=$(date -u +%y%m%d)
|
||||||
|
mozsadate=${mozsadistrust::6}
|
||||||
|
if test ${cdate} -gt ${mozsadate}; then
|
||||||
|
satrust="p"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
mozsadistrust="UNKNOWN"
|
mozsadistrust="UNKNOWN"
|
||||||
fi
|
fi
|
||||||
@ -387,6 +393,12 @@ function convert_moz_distrust(){
|
|||||||
fi
|
fi
|
||||||
elif test "${val}" == "MULTILINE_OCTAL"; then
|
elif test "${val}" == "MULTILINE_OCTAL"; then
|
||||||
mozsmdistrust=`printf $(grep -A1 "CKA_NSS_EMAIL_DISTRUST_AFTER" "${1}" | tail -n1)`
|
mozsmdistrust=`printf $(grep -A1 "CKA_NSS_EMAIL_DISTRUST_AFTER" "${1}" | tail -n1)`
|
||||||
|
# FIXME - Work around P11-kit breakage
|
||||||
|
cdate=$(date -u +%y%m%d)
|
||||||
|
mozsmdate=${mozsmdistrust::6}
|
||||||
|
if test ${cdate} -gt ${mozsmdate}; then
|
||||||
|
smtrust="p"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
mozsmdistrust="UNKNOWN"
|
mozsmdistrust="UNKNOWN"
|
||||||
fi
|
fi
|
||||||
|
|||||||
@ -19,14 +19,14 @@ KEYSTORE="${PKIDIR}/tls/java"
|
|||||||
NSSDB="${PKIDIR}/nssdb"
|
NSSDB="${PKIDIR}/nssdb"
|
||||||
LOCALDIR="${SSLDIR}/local"
|
LOCALDIR="${SSLDIR}/local"
|
||||||
DESTDIR=""
|
DESTDIR=""
|
||||||
URL="https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt"
|
URL="https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt"
|
||||||
|
|
||||||
# Source must be downloaded over https
|
# Source must be downloaded over https
|
||||||
# Valid urls for download are below
|
# Valid urls for download are below
|
||||||
# Default to NSS release branch
|
# Default to NSS release branch
|
||||||
|
|
||||||
# https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
|
|
||||||
# https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt
|
# https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt
|
||||||
|
# https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
|
||||||
# https://hg.mozilla.org/mozilla-central/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
|
# https://hg.mozilla.org/mozilla-central/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
|
||||||
# https://hg.mozilla.org/releases/mozilla-beta/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
|
# https://hg.mozilla.org/releases/mozilla-beta/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
|
||||||
# https://hg.mozilla.org/releases/mozilla-aurora/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
|
# https://hg.mozilla.org/releases/mozilla-aurora/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user