Date: Wed, 20 Feb 2013 08:07:13 +0000 (UTC) From: Matthias Andree <mandree@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r312617 - head/security/ca_root_nss/files Message-ID: <201302200807.r1K87DOa088879@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mandree Date: Wed Feb 20 08:07:13 2013 New Revision: 312617 URL: http://svnweb.freebsd.org/changeset/ports/312617 Log: Support WITH_DEBUG=yes to get more debug output from the bundle creation, to verbosely print omitted and included certificates. Approved by: flo@ on "as long as you fix it if it breaks" condition Modified: head/security/ca_root_nss/files/MAca-bundle.pl.in Modified: head/security/ca_root_nss/files/MAca-bundle.pl.in ============================================================================== --- head/security/ca_root_nss/files/MAca-bundle.pl.in Wed Feb 20 07:34:26 2013 (r312616) +++ head/security/ca_root_nss/files/MAca-bundle.pl.in Wed Feb 20 08:07:13 2013 (r312617) @@ -4,7 +4,7 @@ ## Rewritten in September 2011 by Matthias Andree to heed untrust ## -## Copyright (c) 2011, Matthias Andree +## Copyright (c) 2011, 2013 Matthias Andree <mandree@FreeBSD.org> ## All rights reserved. ## ## Redistribution and use in source and binary forms, with or without @@ -49,7 +49,10 @@ print <<EOH; ## with $VERSION ## EOH -my $debug = 1; +my $debug = 0; +$debug++ + if defined $ENV{'WITH_DEBUG'} + and $ENV{'WITH_DEBUG'} !~ m/(?i)^(no|0|false|)$/; my %certs; my %trusts; @@ -146,29 +149,36 @@ sub grabtrust() { while (<>) { if (/^CKA_CLASS .* CKO_CERTIFICATE/) { my ($serial, $label, $certdata) = grabcert(); - if (defined $certs{$serial.$label}) { + if (defined $certs{$label."\0".$serial}) { warn "Certificate $label duplicated!\n"; } - $certs{$serial.$label} = $certdata; + $certs{$label."\0".$serial} = $certdata; } elsif (/^CKA_CLASS .* CKO_(NSS|NETSCAPE)_TRUST/) { my ($serial, $label, $trust) = grabtrust(); - if (defined $trusts{$serial.$label}) { + if (defined $trusts{$label."\0".$serial}) { warn "Trust for $label duplicated!\n"; } - $trusts{$serial.$label} = $trust; + $trusts{$label."\0".$serial} = $trust; } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) { print "## Source: \"certdata.txt\" CVS revision $1\n##\n\n"; } } +sub printlabel(@) { + my @res = @_; + map { s/\0.*//; s/[^[:print:]]/_/g; $_ = "\"$_\""; } @res; + return wantarray ? @res : $res[0]; +} + # weed out untrusted certificates my $untrusted = 0; foreach my $it (keys %trusts) { if (!$trusts{$it}) { if (!exists($certs{$it})) { - warn "Found trust for nonexistent certificate\n"; + warn "Found trust for nonexistent certificate ".printlabel($it)."\n" if $debug; } else { delete $certs{$it}; + warn "Skipping untrusted ".printlabel($it)."\n" if $debug; $untrusted++; } } @@ -177,13 +187,14 @@ foreach my $it (keys %trusts) { print "## Untrusted certificates omitted from this bundle: $untrusted\n\n"; my $certcount = 0; -foreach my $it (keys %certs) { +foreach my $it (sort {uc($a) cmp uc($b)} keys %certs) { if (!exists($trusts{$it})) { die "Found certificate without trust block,\naborting"; } printcert("", $certs{$it}); print "\n\n\n"; $certcount++; + print STDERR "Trusting $certcount: ".printlabel($it)."\n" if $debug; } print "## Number of certificates: $certcount\n";
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201302200807.r1K87DOa088879>