1#!/bin/sh 2# *************************************************************************** 3# * _ _ ____ _ 4# * Project ___| | | | _ \| | 5# * / __| | | | |_) | | 6# * | (__| |_| | _ <| |___ 7# * \___|\___/|_| \_\_____| 8# * 9# * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. 10# * 11# * This software is licensed as described in the file COPYING, which 12# * you should have received as part of this distribution. The terms 13# * are also available at https://curl.haxx.se/docs/copyright.html. 14# * 15# * You may opt to use, copy, modify, merge, publish, distribute and/or sell 16# * copies of the Software, and permit persons to whom the Software is 17# * furnished to do so, under the terms of the COPYING file. 18# * 19# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 20# * KIND, either express or implied. 21# * 22# *************************************************************************** 23# This shell script creates a fresh ca-bundle.crt file for use with libcurl. 24# It extracts all ca certs it finds in the local Firefox database and converts 25# them all into PEM format. 26# 27db=`ls -1d $HOME/.mozilla/firefox/*default*` 28out=$1 29 30if test -z "$out"; then 31 out="ca-bundle.crt" # use a sensible default 32fi 33 34currentdate=`date` 35 36cat >$out <<EOF 37## 38## Bundle of CA Root Certificates 39## 40## Converted at: ${currentdate} 41## These were converted from the local Firefox directory by the db2pem script. 42## 43EOF 44 45 46certutil -L -h 'Builtin Object Token' -d $db | \ 47grep ' *[CcGTPpu]*,[CcGTPpu]*,[CcGTPpu]* *$' | \ 48sed -e 's/ *[CcGTPpu]*,[CcGTPpu]*,[CcGTPpu]* *$//' -e 's/\(.*\)/"\1"/' | \ 49sort | \ 50while read nickname; \ 51 do echo $nickname | sed -e "s/Builtin Object Token://g"; \ 52eval certutil -d $db -L -n "$nickname" -a ; \ 53done >> $out 54