Commit | Line | Data |
---|---|---|
66e6e0a3 MW |
1 | #! /bin/sh -e |
2 | ||
3 | bad_issuers=" | |
4 | O = Digital Signature Trust Co., CN = DST Root CA X3 | |
5 | " | |
6 | ||
7 | case $# in | |
8 | 1) certs=$1 ;; | |
9 | *) echo >&2 "usage: $0 CERTLIST-FILE"; exit 2 ;; | |
10 | esac | |
11 | ||
12 | nl=" | |
13 | " | |
14 | mode=skip all= | |
15 | while IFS= read -r line; do | |
16 | case $line,$mode in | |
17 | "-----BEGIN CERTIFICATE-----",skip) | |
18 | mode=keep | |
19 | buf="$line$nl" | |
20 | ;; | |
21 | "-----END CERTIFICATE-----",keep) | |
22 | mode=skip | |
23 | buf="$buf$line" | |
24 | keep=t | |
25 | case "$nl$nl$all$nl$nl" in | |
26 | *"$nl$nl$buf$nl$nl"*) keep=nil ;; | |
27 | esac | |
28 | case $keep in | |
29 | t) | |
30 | issuer=$(echo "$buf" | openssl x509 -noout -issuer) | |
31 | case $bad_issuers in $"$nl$issuer$nl"*) keep=nil ;; esac | |
32 | ;; | |
33 | esac | |
34 | case $keep in t) all="${all:+$all$nl$nl}$buf" ;; esac | |
35 | ;; | |
36 | *,keep) buf="$buf$line$nl" ;; | |
37 | esac | |
38 | done <"$certs" | |
39 | ||
40 | case $all in "") echo >&2 "$0: no certificates found"; exit 127 ;; esac | |
41 | echo "$all" |