emo/make-ca
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

make-ca{,.conf.dist}: set nss tree to default source and introduce workaround for p11-kit mishandling of nss-{email,server}-distrust-after values.

Browse Source
This commit is contained in:
DJ Lucas 2022-12-21 23:10:22 -06:00
parent dac19a3cf1
commit 327c7e9306
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
make-ca
View File

@ -40,7 +40,7 @@ else
NSSDB="${PKIDIR}/nssdb"
LOCALDIR="${SSLDIR}/local"
DESTDIR=""
URL="https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt"
URL="https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt"
fi
# Some data in the certs have UTF-8 characters
@ -372,6 +372,12 @@ function convert_moz_distrust(){
fi
elif test "${val}" == "MULTILINE_OCTAL"; then
mozsadistrust=`printf $(grep -A1 "CKA_NSS_SERVER_DISTRUST_AFTER" "${1}" | tail -n1)`
# FIXME - Work around P11-kit breakage
cdate=$(date -u +%y%m%d)
mozsadate=${mozsadistrust::6}
if test ${cdate} -gt ${mozsadate}; then
satrust="p"
fi
else
mozsadistrust="UNKNOWN"
fi
@ -387,6 +393,12 @@ function convert_moz_distrust(){
fi
elif test "${val}" == "MULTILINE_OCTAL"; then
mozsmdistrust=`printf $(grep -A1 "CKA_NSS_EMAIL_DISTRUST_AFTER" "${1}" | tail -n1)`
# FIXME - Work around P11-kit breakage
cdate=$(date -u +%y%m%d)
mozsmdate=${mozsmdistrust::6}
if test ${cdate} -gt ${mozsmdate}; then
smtrust="p"
fi
else
mozsmdistrust="UNKNOWN"
fi

4
make-ca.conf.dist
View File

@ -19,14 +19,14 @@ KEYSTORE="${PKIDIR}/tls/java"
NSSDB="${PKIDIR}/nssdb"
LOCALDIR="${SSLDIR}/local"
DESTDIR=""
URL="https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt"
URL="https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt"
# Source must be downloaded over https
# Valid urls for download are below
# Default to NSS release branch
# https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
# https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt
# https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
# https://hg.mozilla.org/mozilla-central/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
# https://hg.mozilla.org/releases/mozilla-beta/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
# https://hg.mozilla.org/releases/mozilla-aurora/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt