mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-04 23:13:41 +01:00
Use local ca bundle if none is found on the system, fixes issues with MacOS
This commit is contained in:
parent
cc1230efd9
commit
7d2c8b4cad
3946
ca-bundle.crt
Normal file
3946
ca-bundle.crt
Normal file
File diff suppressed because it is too large
Load Diff
19
cipherscan
19
cipherscan
@ -8,20 +8,19 @@
|
||||
DOBENCHMARK=0
|
||||
BENCHMARKITER=30
|
||||
OPENSSLBIN="$(dirname $0)/openssl"
|
||||
# find a list of trusted CAs on the local system, or use the provided list
|
||||
if [ -z "$CACERTS" ]; then
|
||||
for f in /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt; do
|
||||
if [ -e "$f" ]; then
|
||||
CACERTS="$f"
|
||||
break
|
||||
fi
|
||||
done
|
||||
for f in /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt; do
|
||||
if [ -e "$f" ]; then
|
||||
CACERTS="$f"
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
if [ ! -e "$CACERTS" ]; then
|
||||
CACERTS="/etc/ssl/certs/ca-certificates.crt"
|
||||
fi
|
||||
if [ ! -e "$CACERTS" ]; then
|
||||
echo "Warning: CA Certificates not found at $CACERTS, export CACERTS variable with location of your trust anchors" 1>&2
|
||||
CACERTS="$(dirname $0)/ca-bundle.crt"
|
||||
fi
|
||||
|
||||
# RSA ciphers are put at the end to force Google servers to accept ECDSA ciphers
|
||||
# (probably a result of a workaround for the bug in Apple implementation of ECDSA)
|
||||
CIPHERSUITE="ALL:COMPLEMENTOFALL:+aRSA"
|
||||
|
Loading…
Reference in New Issue
Block a user