2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-27 00:13:41 +01:00

Use local ca bundle if none is found on the system, fixes issues with MacOS

This commit is contained in:
Julien Vehent 2014-10-10 16:55:09 -04:00
parent cc1230efd9
commit 7d2c8b4cad
2 changed files with 3955 additions and 10 deletions

3946
ca-bundle.crt Normal file

File diff suppressed because it is too large Load Diff

View File

@ -8,20 +8,19 @@
DOBENCHMARK=0
BENCHMARKITER=30
OPENSSLBIN="$(dirname $0)/openssl"
# find a list of trusted CAs on the local system, or use the provided list
if [ -z "$CACERTS" ]; then
for f in /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt; do
if [ -e "$f" ]; then
CACERTS="$f"
break
fi
done
for f in /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt; do
if [ -e "$f" ]; then
CACERTS="$f"
break
fi
done
fi
if [ ! -e "$CACERTS" ]; then
CACERTS="/etc/ssl/certs/ca-certificates.crt"
fi
if [ ! -e "$CACERTS" ]; then
echo "Warning: CA Certificates not found at $CACERTS, export CACERTS variable with location of your trust anchors" 1>&2
CACERTS="$(dirname $0)/ca-bundle.crt"
fi
# RSA ciphers are put at the end to force Google servers to accept ECDSA ciphers
# (probably a result of a workaround for the bug in Apple implementation of ECDSA)
CIPHERSUITE="ALL:COMPLEMENTOFALL:+aRSA"