~mdw / distorted-letsencrypt / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
bin/make-cert, bin/fix-cert-chain: Hack certificate chains for compatiblity.
[distorted-letsencrypt] / bin / fix-cert-chain
1 #! /bin/sh -e
2
3 bad_issuers="
4 O = Digital Signature Trust Co., CN = DST Root CA X3
5 "
6
7 case $# in
8 1) certs=$1 ;;
9 *) echo >&2 "usage: $0 CERTLIST-FILE"; exit 2 ;;
10 esac
11
12 nl="
13 "
14 mode=skip all=
15 while IFS= read -r line; do
16 case $line,$mode in
17 "-----BEGIN CERTIFICATE-----",skip)
18 mode=keep
19 buf="$line$nl"
20 ;;
21 "-----END CERTIFICATE-----",keep)
22 mode=skip
23 buf="$buf$line"
24 keep=t
25 case "$nl$nl$all$nl$nl" in
26 *"$nl$nl$buf$nl$nl"*) keep=nil ;;
27 esac
28 case $keep in
29 t)
30 issuer=$(echo "$buf" | openssl x509 -noout -issuer)
31 case $bad_issuers in $"$nl$issuer$nl"*) keep=nil ;; esac
32 ;;
33 esac
34 case $keep in t) all="${all:+$all$nl$nl}$buf" ;; esac
35 ;;
36 *,keep) buf="$buf$line$nl" ;;
37 esac
38 done <"$certs"
39
40 case $all in "") echo >&2 "$0: no certificates found"; exit 127 ;; esac
41 echo "$all"
Wrapping around the EFF LetsEncrypt client.