Fix to skip untrusted certs.

diff --git a/lib/mk-ca-bundle.vbs b/lib/mk-ca-bundle.vbs
index 39d2fbc6be5f05f358d6bc604bb49915fd16cb70..7fd74c1762332b97edcf019c9e9f7c6e1ebf8887 100755 (executable)
--- a/lib/mk-ca-bundle.vbs
+++ b/lib/mk-ca-bundle.vbs
@@ -26,7 +26,7 @@
 '* Hacked by Guenter Knauf\r
 '***************************************************************************\r
 Option Explicit\r
-Const myVersion = "0.3.5"\r
+Const myVersion = "0.3.6"\r
 \r
 Const myUrl = "http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1"\r
 \r
@@ -96,8 +96,10 @@ If (myAskTiF = TRUE) Then
   End If\r
 End If\r
 ' Process the received data\r
-Dim myLines, myPattern, myInsideCert, myInsideLicense, myLicenseText, myNumCerts\r
-Dim myLabel, myOctets, myData, myPem, myRev, j\r
+Dim myLines, myPattern, myInsideCert, myInsideLicense, myLicenseText, myNumCerts, myNumSkipped\r
+Dim myLabel, myOctets, myData, myPem, myRev, myUntrusted, j\r
+myNumSkipped = 0\r
+myNumCerts = 0\r
 myData = ""\r
 myLines = Split(myCdData, vbLf, -1)\r
 Set myFh = objFSO.OpenTextFile(myCaFile, 2, TRUE)\r
@@ -109,7 +111,7 @@ myFh.Write "##" & vbLf
 myFh.Write "## This is a bundle of X.509 certificates of public Certificate Authorities" & vbLf\r
 myFh.Write "## (CA). These were automatically extracted from Mozilla's root certificates" & vbLf\r
 myFh.Write "## file (certdata.txt).  This file can be found in the mozilla source tree:" & vbLf\r
-myFh.Write "## '/mozilla/security/nss/lib/ckfw/builtins/certdata.txt'" & vbLf\r
+myFh.Write "## '/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt'" & vbLf\r
 myFh.Write "##" & vbLf\r
 myFh.Write "## It contains the certificates in PEM format and therefore" & vbLf\r
 myFh.Write "## can be directly used with curl / libcurl / php_curl, or with" & vbLf\r
@@ -125,36 +127,46 @@ For i = 0 To UBound(myLines)
   If (myInsideCert = TRUE) Then\r
     If InstrRev(myLines(i), "END") Then\r
       myInsideCert = FALSE\r
-      myFh.Write myLabel & vbLf\r
-      myFh.Write String(Len(myLabel), "=") & vbLf\r
-      myPem = "-----BEGIN CERTIFICATE-----" & vbLf & _\r
-              Base64Encode(myData) & vbLf & _\r
-              "-----END CERTIFICATE-----" & vbLf\r
-      If (myOptTxt = FALSE) Then\r
-        myFh.Write myPem & vbLf\r
+      While (i < UBound(myLines)) And Not (myLines(i) = "#")\r
+        i = i + 1\r
+        If (InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_NOT_TRUSTED") Or _\r
+           InstrRev(myLines(i), "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUST_UNKNOWN")) Then\r
+          myUntrusted = TRUE\r
+        End If\r
+      Wend\r
+      If (myUntrusted = TRUE) Then\r
+        myNumSkipped = myNumSkipped + 1\r
       Else\r
-        Dim myCmd, myRval, myTmpIn, myTmpOut\r
-        myTmpIn = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName\r
-        myTmpOut = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName\r
-        Set myTmpFh = objFSO.OpenTextFile(myTmpIn, 2, TRUE)\r
-        myTmpFh.Write myPem\r
-        myTmpFh.Close\r
-        myCmd = myOpenssl & " x509 -md5 -fingerprint -text -inform PEM" & _\r
-                " -in " & myTmpIn & " -out " & myTmpOut\r
-        myRval = objShell.Run (myCmd, 0, TRUE)\r
-        objFSO.DeleteFile myTmpIn, TRUE\r
-        If Not (myRval = 0) Then\r
-          MsgBox("Failed to process PEM cert with OpenSSL commandline!"), vbCritical, mySelf\r
+        myFh.Write myLabel & vbLf\r
+        myFh.Write String(Len(myLabel), "=") & vbLf\r
+        myPem = "-----BEGIN CERTIFICATE-----" & vbLf & _\r
+                Base64Encode(myData) & vbLf & _\r
+                "-----END CERTIFICATE-----" & vbLf\r
+        If (myOptTxt = FALSE) Then\r
+          myFh.Write myPem & vbLf\r
+        Else\r
+          Dim myCmd, myRval, myTmpIn, myTmpOut\r
+          myTmpIn = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName\r
+          myTmpOut = objFSO.GetSpecialFolder(2).Path & "\" & objFSO.GetTempName\r
+          Set myTmpFh = objFSO.OpenTextFile(myTmpIn, 2, TRUE)\r
+          myTmpFh.Write myPem\r
+          myTmpFh.Close\r
+          myCmd = myOpenssl & " x509 -md5 -fingerprint -text -inform PEM" & _\r
+                  " -in " & myTmpIn & " -out " & myTmpOut\r
+          myRval = objShell.Run (myCmd, 0, TRUE)\r
+          objFSO.DeleteFile myTmpIn, TRUE\r
+          If Not (myRval = 0) Then\r
+            MsgBox("Failed to process PEM cert with OpenSSL commandline!"), vbCritical, mySelf\r
+            objFSO.DeleteFile myTmpOut, TRUE\r
+            WScript.Quit 3\r
+          End If\r
+          Set myTmpFh = objFSO.OpenTextFile(myTmpOut, 1)\r
+          myFh.Write myTmpFh.ReadAll & vbLf\r
+          myTmpFh.Close\r
           objFSO.DeleteFile myTmpOut, TRUE\r
-          WScript.Quit 3\r
         End If\r
-        Set myTmpFh = objFSO.OpenTextFile(myTmpOut, 1)\r
-        myFh.Write myTmpFh.ReadAll & vbLf\r
-        myTmpFh.Close\r
-        objFSO.DeleteFile myTmpOut, TRUE\r
+        myNumCerts = myNumCerts + 1\r
       End If\r
-      myData = ""\r
-      myNumCerts = myNumCerts + 1\r
     Else\r
       myOctets = Split(myLines(i), "\")\r
       For j = 1 To UBound(myOctets)\r
@@ -169,6 +181,8 @@ For i = 0 To UBound(myLines)
   End If\r
   If InstrRev(myLines(i), "CKA_VALUE MULTILINE_OCTAL") Then\r
     myInsideCert = TRUE\r
+    myUntrusted = FALSE\r
+    myData = ""\r
   End If\r
   If InstrRev(myLines(i), "***** BEGIN LICENSE BLOCK *****") Then\r
     myInsideLicense = TRUE\r
@@ -191,7 +205,8 @@ For i = 0 To UBound(myLines)
   End If\r
 Next\r
 myFh.Close\r
-objShell.PopUp "Done (" & myNumCerts & " CA certs processed).", 20, mySelf, vbInformation\r
+objShell.PopUp "Done (" & myNumCerts & " CA certs processed, " & myNumSkipped & _\r
+               " untrusted skipped).", 20, mySelf, vbInformation\r
 WScript.Quit 0\r
 \r
 Function ConvertBinaryData(arrBytes)\r