1#!/bin/sh
2# ***************************************************************************
3# *                                  _   _ ____  _
4# *  Project                     ___| | | |  _ \| |
5# *                             / __| | | | |_) | |
6# *                            | (__| |_| |  _ <| |___
7# *                             \___|\___/|_| \_\_____|
8# *
9# * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
10# *
11# * This software is licensed as described in the file COPYING, which
12# * you should have received as part of this distribution. The terms
13# * are also available at https://curl.haxx.se/docs/copyright.html.
14# *
15# * You may opt to use, copy, modify, merge, publish, distribute and/or sell
16# * copies of the Software, and permit persons to whom the Software is
17# * furnished to do so, under the terms of the COPYING file.
18# *
19# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
20# * KIND, either express or implied.
21# *
22# ***************************************************************************
23# This shell script creates a fresh ca-bundle.crt file for use with libcurl.
24# It extracts all ca certs it finds in the local Firefox database and converts
25# them all into PEM format.
26#
27db=`ls -1d $HOME/.mozilla/firefox/*default*`
28out=$1
29
30if test -z "$out"; then
31  out="ca-bundle.crt" # use a sensible default
32fi
33
34currentdate=`date`
35
36cat >$out <<EOF
37##
38## Bundle of CA Root Certificates
39##
40## Converted at: ${currentdate}
41## These were converted from the local Firefox directory by the db2pem script.
42##
43EOF
44
45
46certutil -L -h 'Builtin Object Token' -d $db | \
47grep ' *[CcGTPpu]*,[CcGTPpu]*,[CcGTPpu]* *$' | \
48sed -e 's/ *[CcGTPpu]*,[CcGTPpu]*,[CcGTPpu]* *$//' -e 's/\(.*\)/"\1"/' | \
49sort | \
50while read nickname; \
51 do echo $nickname | sed -e "s/Builtin Object Token://g"; \
52eval certutil -d $db -L -n "$nickname" -a ; \
53done >> $out
54