diff options
-rw-r--r-- | debian/changelog | 9 | ||||
-rw-r--r-- | mozilla/certdata2pem.py | 32 |
2 files changed, 17 insertions, 24 deletions
diff --git a/debian/changelog b/debian/changelog index 6954898..a885578 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,13 +1,12 @@ -ca-certificates (20151022) UNRELEASED; urgency=medium +ca-certificates (20150709) UNRELEASED; urgency=medium * debian/{compat,control}: Updated d/compat to version 9 and updated Build-Depends. * debian/postinst: Handle /usr/local/share/ca-certificates permissions and ownership on upgrade. Closes: #611501 - * mozilla/certdata2pem.py: - Add Python 3 support to ca-certificates. - Thanks to Andrew Wilcox for the patch! Closes: #789753 + * mozilla/{certdata.txt,nssckbi.h}: + Update Mozilla certificate authority bundle to version 2.5. * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority bundle to version 2.5. The following certificate authorities were added (+): @@ -21,7 +20,7 @@ ca-certificates (20151022) UNRELEASED; urgency=medium - "TC TrustCenter Universal CA I" - "TURKTRUST Certificate Services Provider Root 1" - -- Michael Shuler <michael@pbandjelly.org> Thu, 22 Oct 2015 15:32:23 -0500 + -- Michael Shuler <michael@pbandjelly.org> Thu, 09 Jul 2015 16:02:11 -0500 ca-certificates (20150426) unstable; urgency=medium diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py index ec48ab6..0482894 100644 --- a/mozilla/certdata2pem.py +++ b/mozilla/certdata2pem.py @@ -53,7 +53,7 @@ for line in open('certdata.txt', 'r'): if type == 'MULTILINE_OCTAL': line = line.strip() for i in re.finditer(r'\\([0-3][0-7][0-7])', line): - value.append(int(i.group(1), 8)) + value += chr(int(i.group(1), 8)) else: value += line continue @@ -70,13 +70,13 @@ for line in open('certdata.txt', 'r'): field, type = line_parts value = None else: - raise NotImplementedError('line_parts < 2 not supported.') + raise NotImplementedError, 'line_parts < 2 not supported.' if type == 'MULTILINE_OCTAL': in_multiline = True - value = bytearray() + value = "" continue obj[field] = value -if len(obj) > 0: +if len(obj.items()) > 0: objects.append(obj) # Read blacklist. @@ -95,7 +95,7 @@ for obj in objects: if obj['CKA_CLASS'] not in ('CKO_NETSCAPE_TRUST', 'CKO_NSS_TRUST'): continue if obj['CKA_LABEL'] in blacklist: - print("Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']) + print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL'] elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_TRUSTED_DELEGATOR', 'CKT_NSS_TRUSTED_DELEGATOR'): trust[obj['CKA_LABEL']] = True @@ -104,13 +104,13 @@ for obj in objects: trust[obj['CKA_LABEL']] = True elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_UNTRUSTED', 'CKT_NSS_NOT_TRUSTED'): - print('!'*74) - print("UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']) - print('!'*74) + print '!'*74 + print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL'] + print '!'*74 else: - print("Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \ + print "Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \ (obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'], - obj['CKA_TRUST_EMAIL_PROTECTION'])) + obj['CKA_TRUST_EMAIL_PROTECTION']) for obj in objects: if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': @@ -121,19 +121,13 @@ for obj in objects: .replace('(', '=')\ .replace(')', '=')\ .replace(',', '_') - - # this is the only way to decode the way NSS stores multi-byte UTF-8 - if bytes != str: - bname = bname.encode('utf-8') - bname = bname.decode('unicode_escape').encode('latin-1').decode('utf-8') + bname = bname.decode('string_escape') fname = bname + '.crt' - if os.path.exists(fname): - print("Found duplicate certificate name %s, renaming." % bname) + print "Found duplicate certificate name %s, renaming." % bname fname = bname + '_2.crt' f = open(fname, 'w') f.write("-----BEGIN CERTIFICATE-----\n") - encoded = base64.b64encode(obj['CKA_VALUE']).decode('utf-8') - f.write("\n".join(textwrap.wrap(encoded, 64))) + f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64))) f.write("\n-----END CERTIFICATE-----\n") |