cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: bug in 'mk-ca-bundle' script

From: <starlight.2012q3_at_binnacle.cx>
Date: Tue, 04 Sep 2012 10:59:12 -0400

I'm sure it's in the new script because
I adapted an old one and fixed that
it did not omit NOT_TRUSTED certs.
Also fixed the issue here.

When I advised the site hosting the
old copy that it was flawed they
suggested I contact the upstream,
at which time I discovered that the
lesser bug is indeed still there
though the bad cert omission was
fixed last year.

The HAXX current version emits 155
certs from the FF15 'certdata.txt'.
There are 156. I checked manually,
one-by-one and found the omitted

   Hellenic Academic and Research Institutions RootCA 2011

certificate. Try it yourself--I've
attached the FF15 'certdata.txt' to
save you the hassle of downloading
and extracting it from the source
tarball. The FF version of 'certdata.txt'
is somewhat different that the SeaMonkey
one that the script downloads. Never
checked the latter.

At 04:33 PM 9/4/2012 +0200, Daniel Stenberg wrote:
>On Tue, 4 Sep 2012, starlight.2012q3_at_binnacle.cx wrote:
>
>> While adapting 'mk-ca-bundle' to generate separate PEM files
>for 'sendmail'
>> I came across a bug in the state-machine logic that reads
>'certdata.txt'.
>
>Thanks for your contribution! But...
>
>You seem to have based your version on a rather old version of
>the
>mk-ca-bundle script. Look at the most recent one here and see if
>you can spot
>a problem with it:

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2012-09-04