2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-05 07:23:42 +01:00

Use local ca bundle if none is found on the system, fixes issues with MacOS

This commit is contained in:
Julien Vehent 2014-10-10 16:55:09 -04:00
parent cc1230efd9
commit 7d2c8b4cad
2 changed files with 3955 additions and 10 deletions

3946
ca-bundle.crt Normal file

File diff suppressed because it is too large Load Diff

View File

@ -8,6 +8,7 @@
DOBENCHMARK=0 DOBENCHMARK=0
BENCHMARKITER=30 BENCHMARKITER=30
OPENSSLBIN="$(dirname $0)/openssl" OPENSSLBIN="$(dirname $0)/openssl"
# find a list of trusted CAs on the local system, or use the provided list
if [ -z "$CACERTS" ]; then if [ -z "$CACERTS" ]; then
for f in /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt; do for f in /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt; do
if [ -e "$f" ]; then if [ -e "$f" ]; then
@ -17,11 +18,9 @@ if [ -z "$CACERTS" ]; then
done done
fi fi
if [ ! -e "$CACERTS" ]; then if [ ! -e "$CACERTS" ]; then
CACERTS="/etc/ssl/certs/ca-certificates.crt" CACERTS="$(dirname $0)/ca-bundle.crt"
fi
if [ ! -e "$CACERTS" ]; then
echo "Warning: CA Certificates not found at $CACERTS, export CACERTS variable with location of your trust anchors" 1>&2
fi fi
# RSA ciphers are put at the end to force Google servers to accept ECDSA ciphers # RSA ciphers are put at the end to force Google servers to accept ECDSA ciphers
# (probably a result of a workaround for the bug in Apple implementation of ECDSA) # (probably a result of a workaround for the bug in Apple implementation of ECDSA)
CIPHERSUITE="ALL:COMPLEMENTOFALL:+aRSA" CIPHERSUITE="ALL:COMPLEMENTOFALL:+aRSA"