mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-04 23:13:41 +01:00
Attempt to use /etc/ssl/certs/ca-certificates.crt if no CACERTS
are available. On Debian, this is the default location for system-wide trust anchors.
This commit is contained in:
parent
273211f025
commit
7dee967dd7
10
cipherscan
10
cipherscan
@ -8,7 +8,14 @@
|
||||
DOBENCHMARK=0
|
||||
BENCHMARKITER=30
|
||||
OPENSSLBIN="$(dirname $0)/openssl"
|
||||
CACERTS=${CACERTS:-/etc/pki/tls/certs/ca-bundle.crt}
|
||||
if [ -z "$CACERTS" ]; then
|
||||
for f in /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt; do
|
||||
if [ -e "$f" ]; then
|
||||
CACERTS="$f"
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
if [ ! -e "$CACERTS" ]; then
|
||||
echo "Warning: CA Certificates not found at $CACERTS, export CACERTS variable with location of your trust anchors" 1>&2
|
||||
fi
|
||||
@ -326,6 +333,7 @@ do
|
||||
done
|
||||
|
||||
if [ $VERBOSE != 0 ] ; then
|
||||
[ -n "$CACERTS" ] && echo "Using trust anchors from $CACERTS"
|
||||
echo "Loading $($OPENSSLBIN ciphers -v $CIPHERSUITE 2>/dev/null|grep Kx|wc -l) ciphersuites from $(echo -n $($OPENSSLBIN version 2>/dev/null))"
|
||||
$OPENSSLBIN ciphers ALL 2>/dev/null
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user