1#!/bin/sh 2# *************************************************************************** 3# * _ _ ____ _ 4# * Project ___| | | | _ \| | 5# * / __| | | | |_) | | 6# * | (__| |_| | _ <| |___ 7# * \___|\___/|_| \_\_____| 8# * 9# * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 10# * 11# * This software is licensed as described in the file COPYING, which 12# * you should have received as part of this distribution. The terms 13# * are also available at https://curl.se/docs/copyright.html. 14# * 15# * You may opt to use, copy, modify, merge, publish, distribute and/or sell 16# * copies of the Software, and permit persons to whom the Software is 17# * furnished to do so, under the terms of the COPYING file. 18# * 19# * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 20# * KIND, either express or implied. 21# * 22# * SPDX-License-Identifier: curl 23# * 24# *************************************************************************** 25# This shell script creates a fresh ca-bundle.crt file for use with libcurl. 26# It extracts all ca certs it finds in the local Firefox database and converts 27# them all into PEM format. 28# 29db=$(ls -1d $HOME/.mozilla/firefox/*default*) 30out=$1 31 32if test -z "$out"; then 33 out="ca-bundle.crt" # use a sensible default 34fi 35 36currentdate=$(date) 37 38cat >$out <<EOF 39## 40## Bundle of CA Root Certificates 41## 42## Converted at: ${currentdate} 43## These were converted from the local Firefox directory by the db2pem script. 44## 45EOF 46 47 48certutil -L -h 'Builtin Object Token' -d "$db" | \ 49grep ' *[CcGTPpu]*,[CcGTPpu]*,[CcGTPpu]* *$' | \ 50sed -e 's/ *[CcGTPpu]*,[CcGTPpu]*,[CcGTPpu]* *$//' -e 's/\(.*\)/"\1"/' | \ 51sort | \ 52while read -r nickname; \ 53 do echo "$nickname" | sed -e "s/Builtin Object Token://g"; \ 54eval certutil -d "$db" -L -n "$nickname" -a ; \ 55done >> $out 56