From cd3cf55b47332769a0e737feb9c5a6d48dce5de9 Mon Sep 17 00:00:00 2001
From: Guenter Knauf <lists@gknw.net>
Date: Tue, 20 Sep 2011 12:05:31 +0200
Subject: [PATCH] Also skip certs masked as CKT_NSS_TRUST_UNKNOWN.

Fix posted by Tomas Hoger <thoger redhat com>.
---
 lib/mk-ca-bundle.pl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/mk-ca-bundle.pl b/lib/mk-ca-bundle.pl
index 868e23843a..189ed01b6a 100755
--- a/lib/mk-ca-bundle.pl
+++ b/lib/mk-ca-bundle.pl
@@ -160,7 +160,8 @@ while (<TXT>) {
     }
     while (<TXT>) {
       last if (/^#$/);
-      $untrusted = 1 if (/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_NOT_TRUSTED$/);
+      $untrusted = 1 if (/^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_NOT_TRUSTED$/
+                     or /^CKA_TRUST_SERVER_AUTH\s+CK_TRUST\s+CKT_NSS_TRUST_UNKNOWN$/);
     }
     if ($untrusted) {
       $skipnum ++;
-- 
GitLab