Permalink
Browse files

Fix to skip untrusted certs.

  • Loading branch information...
1 parent c8ffb40 commit fd765c627fc3d0e3d6dad033833b7f9eb82f2d4c @gknauf gknauf committed Nov 8, 2011
Showing with 46 additions and 31 deletions.
  1. +46 −31 lib/mk-ca-bundle.vbs
View
@@ -26,7 +26,7 @@
'* Hacked by Guenter Knauf
'***************************************************************************
Option Explicit
-Const myVersion = "0.3.5"
+Const myVersion = "0.3.6"
Const myUrl = "http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1"
@@ -96,8 +96,10 @@ If (myAskTiF = TRUE) Then
End If
End If
' Process the received data
-Dim myLines, myPattern, myInsideCert, myInsideLicense, myLicenseText, myNumCerts
-Dim myLabel, myOctets, myData, myPem, myRev, j
+Dim myLines, myPattern, myInsideCert, myInsideLicense, myLicenseText, myNumCerts, myNumSkipped
+Dim myLabel, myOctets, myData, myPem, myRev, myUntrusted, j
+myNumSkipped = 0
+myNumCerts = 0
myData = ""
myLines = Split(myCdData, vbLf, -1)
Set myFh = objFSO.OpenTextFile(myCaFile, 2, TRUE)
@@ -109,7 +111,7 @@ myFh.Write "##" & vbLf
myFh.Write "## This is a bundle of X.509 certificates of public Certificate Authorities" & vbLf
myFh.Write "## (CA). These were automatically extracted from Mozilla's root certificates" & vbLf
myFh.Write "## file (certdata.txt). This file can be found in the mozilla source tree:" & vbLf
-myFh.Write "## '/mozilla/security/nss/lib/ckfw/builtins/certdata.txt'" & vbLf
+myFh.Write "## '/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt'" & vbLf
myFh.Write "##" & vbLf
myFh.Write "## It contains the certificates in PEM format and therefore" & vbLf
myFh.Write "## can be directly used with curl / libcurl / php_curl, or with" & vbLf
@@ -125,36 +127,46 @@ For i = 0 To UBound(myLines)
If (myInsideCert = TRUE) Then
If InstrRev(myLines(i), "END") Then
myInsideCert = FALSE
- myFh.Write myLabel & vbLf
- myFh.Write String(Len(myLabel), "=") & vbLf
- myPem = "-----BEGIN CERTIFICATE-----" & vbLf & _
- Base64Encode(myData) & vbLf & _
- "-----END CERTIFICATE-----" & vbLf
- If (myOptTxt = FALSE) Then
- myFh.Write myPem & vbLf
+ While (i < UBound(myLines)) And Not (myLines(i) = "#")
+ i = i + 1
+ If (InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED") Or _
+ InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUST_UNKNOWN")) Then
+ myUntrusted = TRUE
+ End If
+ Wend
+ If (myUntrusted = TRUE) Then
+ myNumSkipped = myNumSkipped + 1
Else
- Dim myCmd, myRval, myTmpIn, myTmpOut
- myTmpIn = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName
- myTmpOut = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName
- Set myTmpFh = objFSO.OpenTextFile(myTmpIn, 2, TRUE)
- myTmpFh.Write myPem
- myTmpFh.Close
- myCmd = myOpenssl & " x509 -md5 -fingerprint -text -inform PEM" & _
- " -in " & myTmpIn & " -out " & myTmpOut
- myRval = objShell.Run (myCmd, 0, TRUE)
- objFSO.DeleteFile myTmpIn, TRUE
- If Not (myRval = 0) Then
- MsgBox("Failed to process PEM cert with OpenSSL commandline!"), vbCritical, mySelf
+ myFh.Write myLabel & vbLf
+ myFh.Write String(Len(myLabel), "=") & vbLf
+ myPem = "-----BEGIN CERTIFICATE-----" & vbLf & _
+ Base64Encode(myData) & vbLf & _
+ "-----END CERTIFICATE-----" & vbLf
+ If (myOptTxt = FALSE) Then
+ myFh.Write myPem & vbLf
+ Else
+ Dim myCmd, myRval, myTmpIn, myTmpOut
+ myTmpIn = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName
+ myTmpOut = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName
+ Set myTmpFh = objFSO.OpenTextFile(myTmpIn, 2, TRUE)
+ myTmpFh.Write myPem
+ myTmpFh.Close
+ myCmd = myOpenssl & " x509 -md5 -fingerprint -text -inform PEM" & _
+ " -in " & myTmpIn & " -out " & myTmpOut
+ myRval = objShell.Run (myCmd, 0, TRUE)
+ objFSO.DeleteFile myTmpIn, TRUE
+ If Not (myRval = 0) Then
+ MsgBox("Failed to process PEM cert with OpenSSL commandline!"), vbCritical, mySelf
+ objFSO.DeleteFile myTmpOut, TRUE
+ WScript.Quit 3
+ End If
+ Set myTmpFh = objFSO.OpenTextFile(myTmpOut, 1)
+ myFh.Write myTmpFh.ReadAll & vbLf
+ myTmpFh.Close
objFSO.DeleteFile myTmpOut, TRUE
- WScript.Quit 3
End If
- Set myTmpFh = objFSO.OpenTextFile(myTmpOut, 1)
- myFh.Write myTmpFh.ReadAll & vbLf
- myTmpFh.Close
- objFSO.DeleteFile myTmpOut, TRUE
+ myNumCerts = myNumCerts + 1
End If
- myData = ""
- myNumCerts = myNumCerts + 1
Else
myOctets = Split(myLines(i), "\")
For j = 1 To UBound(myOctets)
@@ -169,6 +181,8 @@ For i = 0 To UBound(myLines)
End If
If InstrRev(myLines(i), "CKA_VALUE MULTILINE_OCTAL") Then
myInsideCert = TRUE
+ myUntrusted = FALSE
+ myData = ""
End If
If InstrRev(myLines(i), "***** BEGIN LICENSE BLOCK *****") Then
myInsideLicense = TRUE
@@ -191,7 +205,8 @@ For i = 0 To UBound(myLines)
End If
Next
myFh.Close
-objShell.PopUp "Done (" & myNumCerts & " CA certs processed).", 20, mySelf, vbInformation
+objShell.PopUp "Done (" & myNumCerts & " CA certs processed, " & myNumSkipped & _
+ " untrusted skipped).", 20, mySelf, vbInformation
WScript.Quit 0
Function ConvertBinaryData(arrBytes)

0 comments on commit fd765c6

Please sign in to comment.