ca-certificates/ca-legacy
Kai Engert e24bfeb6b0 - Introduce the ca-legacy utility and a ca-legacy.conf configuration file.
By default, legacy roots required for OpenSSL/GnuTLS compatibility
  are kept enabled. Using the ca-legacy utility, the legacy roots can be
  disabled. If disabled, the system will use the trust set as provided
  by the upstream Mozilla CA list. (See also: rhbz#1158197)
2014-10-28 20:54:15 +01:00

84 lines
1.5 KiB
Bash

#!/bin/sh
#set -vx
LCFILE=/etc/pki/ca-trust/ca-legacy.conf
LLINK=/etc/pki/ca-trust/source/ca-bundle.legacy.crt
LENABLE=/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.enable.crt
LDISABLE=/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.disable.crt
do_grep()
{
grep -i "^legacy *= *enable *$" $LCFILE >/dev/null 2>&1
}
do_check()
{
do_grep
if [ $? -eq 0 ]; then
echo "Legacy CAs are set to ENABLED in file $LCFILE (affects install/upgrade)"
LEXPECT=$LENABLE
else
echo "Legacy CAs are set to DISABLED in file $LCFILE (affects install/upgrade)"
LEXPECT=$LDISABLE
fi
echo "Status of symbolic link $LLINK:"
readlink -v $LLINK
}
do_install()
{
do_grep
if [ $? -eq 0 ]; then
# expression was found, legacy is enabled
ln -sf $LENABLE $LLINK
else
# not found, legacy is disabled
ln -sf $LDISABLE $LLINK
fi
}
do_enable()
{
sed -i 's/^legacy *=.*$/legacy=enable/' $LCFILE
do_install
/usr/bin/update-ca-trust
}
do_disable()
{
sed -i 's/^legacy *=.*$/legacy=disable/' $LCFILE
do_install
/usr/bin/update-ca-trust
}
do_help()
{
echo "usage: $0 [check | enable | disable | install]"
}
if [[ $# -eq 0 ]]; then
# no parameters
do_help
exit $?
fi
if [[ "$1" = "install" ]]; then
do_install
exit $?
fi
if [[ "$1" = "enable" ]]; then
do_enable
exit $?
fi
if [[ "$1" = "disable" ]]; then
do_disable
exit $?
fi
if [[ "$1" = "check" ]]; then
do_check
exit $?
fi