curl/curl
1
1
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-09-18 10:02:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

lib/mk-ca-bundle.pl: skip certs passed Not Valid After date

Browse Source 
With this change applied, the now expired 'DST Root CA X3' cert will no
longer be included in the output.

Details: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/

Closes #7801
This commit is contained in:
Daniel Stenberg 2021-09-30 23:10:35 +02:00
parent ffb634d4ef
commit 85f91248cf
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
lib/mk-ca-bundle.pl
View File

@ -436,9 +436,25 @@ while (<TXT>) {
last if (/\*\*\*\*\* END LICENSE BLOCK \*\*\*\*\*/);
}
}
elsif(/^# (Issuer|Serial Number|Subject|Not Valid Before|Not Valid After |Fingerprint \(MD5\)|Fingerprint \(SHA1\)):/) {
# Not Valid After : Thu Sep 30 14:01:15 2021
elsif(/^# Not Valid After : (.*)/) {
my $stamp = $1;
use Time::Piece;
my $t = Time::Piece->strptime
($stamp, "%a %b %d %H:%M:%S %Y");
my $delta = ($t->epoch - time()); # negative means no longer valid
if($delta < 0) {
$skipnum++;
report "Skipping: $caname is not valid anymore" if ($opt_v);
$valid = 0;
}
else {
$valid = 1;
}
next;
}
elsif(/^# (Issuer|Serial Number|Subject|Not Valid Before|Fingerprint \(MD5\)|Fingerprint \(SHA1\)):/) {
push @precert, $_;
$valid = 1;
next;
}
elsif(/^#|^\s*$/) {