1 #!/bin/sh 2 # *************************************************************************** 3 # * _ _ ____ _ 4 # * Project ___| | | | _ \| | 5 # * / __| | | | |_) | | 6 # * | (__| |_| | _ <| |___ 7 # * \___|\___/|_| \_\_____| 8 # * 9 # * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel (at] haxx.se>, et al. 10 # * 11 # * This software is licensed as described in the file COPYING, which 12 # * you should have received as part of this distribution. The terms 13 # * are also available at https://curl.haxx.se/docs/copyright.html. 14 # * 15 # * You may opt to use, copy, modify, merge, publish, distribute and/or sell 16 # * copies of the Software, and permit persons to whom the Software is 17 # * furnished to do so, under the terms of the COPYING file. 18 # * 19 # * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 20 # * KIND, either express or implied. 21 # * 22 # *************************************************************************** 23 # This shell script creates a fresh ca-bundle.crt file for use with libcurl. 24 # It extracts all ca certs it finds in the local Firefox database and converts 25 # them all into PEM format. 26 # 27 db=`ls -1d $HOME/.mozilla/firefox/*default*` 28 out=$1 29 30 if test -z "$out"; then 31 out="ca-bundle.crt" # use a sensible default 32 fi 33 34 currentdate=`date` 35 36 cat >$out <<EOF 37 ## 38 ## Bundle of CA Root Certificates 39 ## 40 ## Converted at: ${currentdate} 41 ## These were converted from the local Firefox directory by the db2pem script. 42 ## 43 EOF 44 45 46 certutil -L -h 'Builtin Object Token' -d $db | \ 47 grep ' *[CcGTPpu]*,[CcGTPpu]*,[CcGTPpu]* *$' | \ 48 sed -e 's/ *[CcGTPpu]*,[CcGTPpu]*,[CcGTPpu]* *$//' -e 's/\(.*\)/"\1"/' | \ 49 sort | \ 50 while read nickname; \ 51 do echo $nickname | sed -e "s/Builtin Object Token://g"; \ 52 eval certutil -d $db -L -n "$nickname" -a ; \ 53 done >> $out 54 55
