mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-05 07:23:42 +01:00
Use local ca bundle if none is found on the system, fixes issues with MacOS
This commit is contained in:
parent
cc1230efd9
commit
7d2c8b4cad
3946
ca-bundle.crt
Normal file
3946
ca-bundle.crt
Normal file
File diff suppressed because it is too large
Load Diff
19
cipherscan
19
cipherscan
@ -8,20 +8,19 @@
|
|||||||
DOBENCHMARK=0
|
DOBENCHMARK=0
|
||||||
BENCHMARKITER=30
|
BENCHMARKITER=30
|
||||||
OPENSSLBIN="$(dirname $0)/openssl"
|
OPENSSLBIN="$(dirname $0)/openssl"
|
||||||
|
# find a list of trusted CAs on the local system, or use the provided list
|
||||||
if [ -z "$CACERTS" ]; then
|
if [ -z "$CACERTS" ]; then
|
||||||
for f in /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt; do
|
for f in /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt; do
|
||||||
if [ -e "$f" ]; then
|
if [ -e "$f" ]; then
|
||||||
CACERTS="$f"
|
CACERTS="$f"
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
if [ ! -e "$CACERTS" ]; then
|
if [ ! -e "$CACERTS" ]; then
|
||||||
CACERTS="/etc/ssl/certs/ca-certificates.crt"
|
CACERTS="$(dirname $0)/ca-bundle.crt"
|
||||||
fi
|
|
||||||
if [ ! -e "$CACERTS" ]; then
|
|
||||||
echo "Warning: CA Certificates not found at $CACERTS, export CACERTS variable with location of your trust anchors" 1>&2
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# RSA ciphers are put at the end to force Google servers to accept ECDSA ciphers
|
# RSA ciphers are put at the end to force Google servers to accept ECDSA ciphers
|
||||||
# (probably a result of a workaround for the bug in Apple implementation of ECDSA)
|
# (probably a result of a workaround for the bug in Apple implementation of ECDSA)
|
||||||
CIPHERSUITE="ALL:COMPLEMENTOFALL:+aRSA"
|
CIPHERSUITE="ALL:COMPLEMENTOFALL:+aRSA"
|
||||||
|
Loading…
Reference in New Issue
Block a user