cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] mk-ca-bundle.pl: 64 char wrapped PEMs

From: Richard Michael <rmichael_at_edgeofthenet.org>
Date: Thu, 4 Apr 2013 12:27:14 +0200

Hello Günter,

On Thu, Apr 4, 2013 at 12:18 AM, Guenter <lists_at_gknw.net> wrote:

>> Second, the option "-t" is broken. The output file (">> $crt") used
>> in the TMP pipe is clobbered when the temp output file
>> ("ca-bundle.crt.~") is renamed (to "$crt") at the end of the script.
>> :-)
>
> oh! Something to fix then .... :-P
> you have another patch ready?

I'll try; coming in a minute in another thread.

>> Third, I wanted to change the default output of mk-ca-bundle.
>
> and this is something I dont want; the script lives in the source for a
> while now, and others may then scream that we changed it ...

Yes, I thought so too. Perhaps for mk-ca-bundle v2.0.0 ;-) And at
least there's an option for packagers.

Aside, I wonder how many people do diff their existing ca-bundle vs.
simply regenerating (because the certdata.txt freshness is really what
matters). I felt 64 char wrap as default would be better as it's
helpful to newcomers, but harmless to experienced people (e.g. they
already know ca-bundle contains satisfactory PEM, regardless of wrap;
and/or are sufficiently familiar with SSL tools and outputs).

>> Do you mean that the 64 character wrapped MIME::Base64 output will not
>> be identical to the OpenSSL PEM Base64? In the certificates I examine
>> after my patch, the outputs were identical. Could you explain further
>> please?
>
> ok, when you look at one single cert then the output is same I think ...

I only meant the PEM base64 text is the same, obviously not when
including the certificate plaintext, fingerprint: "openssl -in <file>
-outform PEM -text". I also thought about base64 padding, but looking
at the wrap code in MIME::Base64, there is no difference between
splitting at 64 and 76 - padding is calculated on the total message,
not per-line.

>> It's an XS C file; beyond what I am willing to take on for this issue.
>
> sure, but posting a ticket with an enhancement request would be fine ...
> (/me too lazy ...)

It's a very stable and rarely modified module, AFAICT. I feel bad
requesting features on open source, when I know I should send diffs.
;-)

>
> please check the current version if that works for ya;
> colored change view:
> https://github.com/bagder/curl/commit/8efd74de4604ba1114fa191b393f46c7395c8858
> raw:
> https://raw.github.com/bagder/curl/8efd74de4604ba1114fa191b393f46c7395c8858/lib/mk-ca-bundle.pl

Works fine for me.

> Gün.

Thanks for your time and comments.

Regards

>
>
>
>
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-04-04