#3266: Certificate Authority Certificates procedure fails
---------------------+------------------------------------------------------
Reporter: rafe | Owner: blfs-book@…
Type: defect | Status: new
Priority: lowest | Milestone: 6.7
Component: BOOK | Version: SVN
Severity: trivial | Keywords: Authority Certificates
---------------------+------------------------------------------------------
Blfs page postlfs/cacerts.html[[BR]]
Using the latest CA Certificate Download from mozilla, the script /bin
/remove-expired-certs.sh produces error messages. This is due to the fact
that some expiry dates are now beyond Jan 19 03:14:07 2038 GMT which is
the largest date that 'date (GNU coreutils) 8.12' can handle. I solved the
problem for myself by parsing the date output from openssl using a 'bash'
function instead of the call to 'date'. While revising the script I also
removed the hard-coded path to openssl and improved the awkward defaulting
of DIR.
{{{
#!/bin/bash
# Begin /bin/remove-expired-certs.sh
MON=(Zer Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec)
DIR="${1:-/etc/ssl/certs}"
certs=$( find "$DIR" -type f -name "*.pem" -o -name "*.crt" )
today=$( date +%Y%m%d )
Date(){
mon=${1:9:3};
for M in `seq 1 12`; do [ ${MON[$M]} = $mon ] && break; done
[ ${#M} = 1 ] && M=0$M;
[ ${#2} = 1 ] && D=0$2 || D=$2;
expiry=$4$M$D
}
for cert in $certs; do
Date $( openssl x509 -enddate -in "$cert" -noout )
[ $today -le $expiry ] && continue
echo -n "${cert##*/} expired on $expiry, "
rm -fv "$cert"
done
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/3266>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
