extract root CA certs from Mozilla?
Joe Orton
jorton at redhat.com
Fri Apr 9 10:55:41 UTC 2004
On Fri, Apr 09, 2004 at 06:09:58AM -0400, James Ralston wrote:
> Has anyone figured out a way to extract the root CA certs from Mozilla
> into individually PEM-encoded certs?
We were looking into this a while back, to see whether we could include
the Mozilla root CA bundle in the OpenSSL package... it wasn't clear
whether we could because of the licensing. (certdata.txt is licensed
under the MPL)
Debian have a "ca-certificates" package, the source of which includes a
Ruby script which converts Mozilla's certdata.txt into a set of PEM
files (attached).
Regards,
joe
-------------- next part --------------
#!/usr/bin/ruby
while line = $stdin.gets
next if line =~ /^#/
next if line =~ /^\s*$/
line.chomp!
if line =~ /CKA_LABEL/
label,type,val = line.split(' ',3)
val.sub!(/^"/, "")
val.sub!(/"$/, "")
fname = val.gsub(/\//,"_").gsub(/\s+/, "_").gsub(/[()]/, "=").gsub(/,/, "_") + ".crt"
next
end
if line =~ /CKA_VALUE MULTILINE_OCTAL/
data=''
while line = $stdin.gets
break if /^END/
line.chomp!
line.gsub(/\\([0-3][0-7][0-7])/) { data += $1.oct.chr }
end
open(fname, "w") do |fp|
fp.puts "-----BEGIN CERTIFICATE-----"
fp.puts [data].pack("m*")
fp.puts "-----END CERTIFICATE-----"
end
puts "Created #{fname}"
end
end
# system("c_rehash", ".")
More information about the fedora-list
mailing list