Index: build/builtin-certs-update ================================================================== --- build/builtin-certs-update +++ build/builtin-certs-update @@ -6,6 +6,12 @@ cd "${outdir}" || exit 1 make -C certs/dod distclean all make -C certs/federal distclean all -./certs-to-c certs/*/*.crt > ../cackey_builtin_certs.h +if [ "$1" = '--commercial' ]; then + commercial='commercial' +else + commercial='SKIP' +fi + +./certs-to-c certs/{dod,federal,$commercial}/*.crt > ../cackey_builtin_certs.h Index: build/certs-to-c ================================================================== --- build/certs-to-c +++ build/certs-to-c @@ -1,22 +1,27 @@ #! /bin/bash for file in "$@"; do + if [ ! -f "${file}" ]; then + continue + fi + rm -f tmpfile.x509 if ! openssl x509 -in "${file}" -inform pem -noout -checkend 0 >/dev/null 2>/dev/null; then echo "warning: Skipping \"${file}\" as it is invalid or expired." >&2 continue fi openssl x509 -in "${file}" -out tmpfile.x509 -inform pem -outform der - pubkeylen="$(openssl x509 -in tmpfile.x509 -inform der -text -noout | grep 'RSA Public Key:' | sed 's@^.*(\([0-9][0-9]*\) bit).*$@\1@')" - certlen="$(cat tmpfile.x509 | wc -c)" + pubkeylen="$(openssl x509 -in tmpfile.x509 -inform der -text -noout | grep 'Public[- ]Key:' | sed 's@^.*(\([0-9][0-9]*\) bit).*$@\1@')" + certlen="$(cat tmpfile.x509 | wc -c | awk '{ print $1 }')" cert="$(( cat tmpfile.x509 | od -t x1 | cut -c 9- | tr "\n" ' '; echo ) | sed 's@ @@g;s@..@\\x&@g')" cat << _EOF_ + /* ${file} */ { CACKEY_ID_TYPE_CERT_ONLY, /* id_type */ ${certlen}, /* certificate_len */ (unsigned char *) "${cert}", /* certificate */ ${pubkeylen} /* keysize */ Index: cackey_builtin_certs.h ================================================================== --- cackey_builtin_certs.h +++ cackey_builtin_certs.h cannot compute difference between binary files