Simplify check for trusted certificates. (0ce410a6) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

lib/mk-ca-bundle.pl

+3 −5

Original line number	Diff line number	Diff line
		@@ -164,7 +164,7 @@ while (<TXT>) {
		if ($start_of_cert && /^CKA_LABEL UTF8 \"(.*)\"/) {
		$caname = $1;
		}
		my $untrusted = 0;
		my $untrusted = 1;
		if ($start_of_cert && /^CKA_VALUE MULTILINE_OCTAL/) {
		my $data;
		while (<TXT>) {
		@@ -184,10 +184,8 @@ while (<TXT>) {
		# now scan the trust part for untrusted certs
		while (<TXT>) {
		last if (/^#/);
		if (/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_NOT_TRUSTED$/
		or /^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_TRUST_UNKNOWN$/
		or /^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_MUST_VERIFY_TRUST/) {
		$untrusted = 1;
		if (/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_TRUSTED_DELEGATOR$/) {
		$untrusted = 0;
		}
		}
		if ($untrusted) {

+3 −5

Original line number	Diff line number	Diff line
		@@ -130,10 +130,8 @@ For i = 0 To UBound(myLines)
		myInsideCert = FALSE
		While (i < UBound(myLines)) And Not (myLines(i) = "#")
		i = i + 1
		If (InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED") Or _
		InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUST_UNKNOWN") Or _
		InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST")) Then
		myUntrusted = TRUE
		If InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR") Then
		myUntrusted = FALSE
		End If
		Wend
		If (myUntrusted = TRUE) Then
		@@ -183,7 +181,7 @@ For i = 0 To UBound(myLines)
		End If
		If InstrRev(myLines(i), "CKA_VALUE MULTILINE_OCTAL") Then
		myInsideCert = TRUE
		myUntrusted = FALSE
		myUntrusted = TRUE
		myData = ""
		End If
		If InstrRev(myLines(i), "*** BEGIN LICENSE BLOCK ***") Then