From fd765c627fc3d0e3d6dad033833b7f9eb82f2d4c Mon Sep 17 00:00:00 2001 From: Guenter Knauf Date: Tue, 8 Nov 2011 05:46:46 +0100 Subject: Fix to skip untrusted certs. --- lib/mk-ca-bundle.vbs | 77 +++++++++++++++++++++++++++++++--------------------- 1 file changed, 46 insertions(+), 31 deletions(-) (limited to 'lib') diff --git a/lib/mk-ca-bundle.vbs b/lib/mk-ca-bundle.vbs index 39d2fbc6b..7fd74c176 100755 --- a/lib/mk-ca-bundle.vbs +++ b/lib/mk-ca-bundle.vbs @@ -26,7 +26,7 @@ '* Hacked by Guenter Knauf '*************************************************************************** Option Explicit -Const myVersion = "0.3.5" +Const myVersion = "0.3.6" Const myUrl = "http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1" @@ -96,8 +96,10 @@ If (myAskTiF = TRUE) Then End If End If ' Process the received data -Dim myLines, myPattern, myInsideCert, myInsideLicense, myLicenseText, myNumCerts -Dim myLabel, myOctets, myData, myPem, myRev, j +Dim myLines, myPattern, myInsideCert, myInsideLicense, myLicenseText, myNumCerts, myNumSkipped +Dim myLabel, myOctets, myData, myPem, myRev, myUntrusted, j +myNumSkipped = 0 +myNumCerts = 0 myData = "" myLines = Split(myCdData, vbLf, -1) Set myFh = objFSO.OpenTextFile(myCaFile, 2, TRUE) @@ -109,7 +111,7 @@ myFh.Write "##" & vbLf myFh.Write "## This is a bundle of X.509 certificates of public Certificate Authorities" & vbLf myFh.Write "## (CA). These were automatically extracted from Mozilla's root certificates" & vbLf myFh.Write "## file (certdata.txt). This file can be found in the mozilla source tree:" & vbLf -myFh.Write "## '/mozilla/security/nss/lib/ckfw/builtins/certdata.txt'" & vbLf +myFh.Write "## '/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt'" & vbLf myFh.Write "##" & vbLf myFh.Write "## It contains the certificates in PEM format and therefore" & vbLf myFh.Write "## can be directly used with curl / libcurl / php_curl, or with" & vbLf @@ -125,36 +127,46 @@ For i = 0 To UBound(myLines) If (myInsideCert = TRUE) Then If InstrRev(myLines(i), "END") Then myInsideCert = FALSE - myFh.Write myLabel & vbLf - myFh.Write String(Len(myLabel), "=") & vbLf - myPem = "-----BEGIN CERTIFICATE-----" & vbLf & _ - Base64Encode(myData) & vbLf & _ - "-----END CERTIFICATE-----" & vbLf - If (myOptTxt = FALSE) Then - myFh.Write myPem & vbLf + While (i < UBound(myLines)) And Not (myLines(i) = "#") + i = i + 1 + If (InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED") Or _ + InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUST_UNKNOWN")) Then + myUntrusted = TRUE + End If + Wend + If (myUntrusted = TRUE) Then + myNumSkipped = myNumSkipped + 1 Else - Dim myCmd, myRval, myTmpIn, myTmpOut - myTmpIn = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName - myTmpOut = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName - Set myTmpFh = objFSO.OpenTextFile(myTmpIn, 2, TRUE) - myTmpFh.Write myPem - myTmpFh.Close - myCmd = myOpenssl & " x509 -md5 -fingerprint -text -inform PEM" & _ - " -in " & myTmpIn & " -out " & myTmpOut - myRval = objShell.Run (myCmd, 0, TRUE) - objFSO.DeleteFile myTmpIn, TRUE - If Not (myRval = 0) Then - MsgBox("Failed to process PEM cert with OpenSSL commandline!"), vbCritical, mySelf + myFh.Write myLabel & vbLf + myFh.Write String(Len(myLabel), "=") & vbLf + myPem = "-----BEGIN CERTIFICATE-----" & vbLf & _ + Base64Encode(myData) & vbLf & _ + "-----END CERTIFICATE-----" & vbLf + If (myOptTxt = FALSE) Then + myFh.Write myPem & vbLf + Else + Dim myCmd, myRval, myTmpIn, myTmpOut + myTmpIn = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName + myTmpOut = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName + Set myTmpFh = objFSO.OpenTextFile(myTmpIn, 2, TRUE) + myTmpFh.Write myPem + myTmpFh.Close + myCmd = myOpenssl & " x509 -md5 -fingerprint -text -inform PEM" & _ + " -in " & myTmpIn & " -out " & myTmpOut + myRval = objShell.Run (myCmd, 0, TRUE) + objFSO.DeleteFile myTmpIn, TRUE + If Not (myRval = 0) Then + MsgBox("Failed to process PEM cert with OpenSSL commandline!"), vbCritical, mySelf + objFSO.DeleteFile myTmpOut, TRUE + WScript.Quit 3 + End If + Set myTmpFh = objFSO.OpenTextFile(myTmpOut, 1) + myFh.Write myTmpFh.ReadAll & vbLf + myTmpFh.Close objFSO.DeleteFile myTmpOut, TRUE - WScript.Quit 3 End If - Set myTmpFh = objFSO.OpenTextFile(myTmpOut, 1) - myFh.Write myTmpFh.ReadAll & vbLf - myTmpFh.Close - objFSO.DeleteFile myTmpOut, TRUE + myNumCerts = myNumCerts + 1 End If - myData = "" - myNumCerts = myNumCerts + 1 Else myOctets = Split(myLines(i), "\") For j = 1 To UBound(myOctets) @@ -169,6 +181,8 @@ For i = 0 To UBound(myLines) End If If InstrRev(myLines(i), "CKA_VALUE MULTILINE_OCTAL") Then myInsideCert = TRUE + myUntrusted = FALSE + myData = "" End If If InstrRev(myLines(i), "***** BEGIN LICENSE BLOCK *****") Then myInsideLicense = TRUE @@ -191,7 +205,8 @@ For i = 0 To UBound(myLines) End If Next myFh.Close -objShell.PopUp "Done (" & myNumCerts & " CA certs processed).", 20, mySelf, vbInformation +objShell.PopUp "Done (" & myNumCerts & " CA certs processed, " & myNumSkipped & _ + " untrusted skipped).", 20, mySelf, vbInformation WScript.Quit 0 Function ConvertBinaryData(arrBytes) -- cgit v1.2.1