X-Git-Url: https://git.distorted.org.uk/~mdw/distorted-letsencrypt/blobdiff_plain/fffac188628941e2e083f20934aa7c700096d07f..66e6e0a3eda20be4da74317266f28a1e95005166:/bin/fix-cert-chain

diff --git a/bin/fix-cert-chain b/bin/fix-cert-chain
new file mode 100755
index 0000000..dc9a313
--- /dev/null
+++ b/bin/fix-cert-chain
@@ -0,0 +1,41 @@
+#! /bin/sh -e
+
+bad_issuers="
+O = Digital Signature Trust Co., CN = DST Root CA X3
+"
+
+case $# in
+  1) certs=$1 ;;
+  *) echo >&2 "usage: $0 CERTLIST-FILE"; exit 2 ;;
+esac
+
+nl="
+"
+mode=skip all=
+while IFS= read -r line; do
+  case $line,$mode in
+    "-----BEGIN CERTIFICATE-----",skip)
+      mode=keep
+      buf="$line$nl"
+      ;;
+    "-----END CERTIFICATE-----",keep)
+      mode=skip
+      buf="$buf$line"
+      keep=t
+      case "$nl$nl$all$nl$nl" in
+	*"$nl$nl$buf$nl$nl"*) keep=nil ;;
+      esac
+      case $keep in
+	t)
+	  issuer=$(echo "$buf" | openssl x509 -noout -issuer)
+	  case $bad_issuers in $"$nl$issuer$nl"*) keep=nil ;; esac
+	  ;;
+      esac
+      case $keep in t) all="${all:+$all$nl$nl}$buf" ;; esac
+      ;;
+    *,keep) buf="$buf$line$nl" ;;
+  esac
+done <"$certs"
+
+case $all in "") echo >&2 "$0: no certificates found"; exit 127 ;; esac
+echo "$all"