Commit b70526b6 authored by Thomas Roessler's avatar Thomas Roessler

The script will try to pick out the end-user cert and pass that to

openssl. The code which tells the difference may not be perfect. It
works with all the certs in my collection, though. I won't be at all
surprised if someone comes across a cert chain which confuses it,
but it should print out an error in that case. Hopefully they will
send us the chain so we can adjust our code.

(From Mike Schiraldi.)
parent 153a49d9
......@@ -286,10 +286,43 @@ sub list_certs () {
print "$fields[1]: Issued for: $fields[0] \"$fields[2]\" $keyflags{$fields[4]}\n";
my $format = -B "$certificates_path/$fields[1]" ? 'DER' : 'PEM';
my $cmd = "openssl x509 -subject -issuer -dates -noout -in $certificates_path/$fields[1] -inform $format";
(my $subject_in, my $issuer_in, my $date1_in, my $date2_in) = `$cmd`;
$? and die "'$cmd' returned $?";
my $certfile = "$certificates_path/$fields[1]";
my $cert;
open F, $certfile or
die "Couldn't open $certfile: $!";
local $/;
$cert = <F>;
my $subject_in;
my $issuer_in;
my $date1_in;
my $date2_in;
while (1) {
open(TMP_FILE, ">cert_tmp.list")
or die "Couldn't open cert_tmp.list: $!";
print TMP_FILE $cert;
close TMP_FILE;
my $format = -B $certfile ? 'DER' : 'PEM';
my $cmd = "openssl x509 -subject -issuer -dates -noout -in cert_tmp.list -inform $format";
($subject_in, $issuer_in, $date1_in, $date2_in) = `$cmd`;
$? and die "'$cmd' returned $?";
last if $subject_in =~ /email\=/i;
last if $subject_in =~ /cn\=recipients/i;
my $index = index $cert, '-----END CERTIFICATE-----';
$index > 0
or die "Certificate $certfile cannot be parsed";
$index += length '-----END CERTIFICATE-----';
$cert = substr $cert, $index;
my @subject = split(/\//, $subject_in);
while(@subject) {
......@@ -320,8 +353,8 @@ sub list_certs () {
-e "$private_keys_path/$fields[1]" and
print "$tab - Matching private key installed -\n";
$format = -B "$certificates_path/$fields[1]" ? 'DER' : 'PEM';
$cmd = "openssl x509 -purpose -noout -in $certificates_path/$fields[1] -inform $format";
my $format = -B "$certificates_path/$fields[1]" ? 'DER' : 'PEM';
my $cmd = "openssl x509 -purpose -noout -in cert_tmp.list -inform $format";
my $purpose_in = `$cmd`;
$? and die "'$cmd' returned $?";
......@@ -337,6 +370,8 @@ sub list_certs () {
print "\n";
unlink 'cert_tmp.list';
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment