Index: build/builtin-certs-update
==================================================================
--- build/builtin-certs-update
+++ build/builtin-certs-update
@@ -6,6 +6,12 @@
 cd "${outdir}" || exit 1
 
 make -C certs/dod distclean all
 make -C certs/federal distclean all
 
-./certs-to-c certs/*/*.crt > ../cackey_builtin_certs.h
+if [ "$1" = '--commercial' ]; then
+	commercial='commercial'
+else
+	commercial='SKIP'
+fi
+
+./certs-to-c certs/{dod,federal,$commercial}/*.crt > ../cackey_builtin_certs.h

Index: build/certs-to-c
==================================================================
--- build/certs-to-c
+++ build/certs-to-c
@@ -1,22 +1,27 @@
 #! /bin/bash
 
 for file in "$@"; do
+	if [ ! -f "${file}" ]; then
+		continue
+	fi
+
 	rm -f tmpfile.x509
 	if ! openssl x509 -in "${file}" -inform pem -noout -checkend 0 >/dev/null 2>/dev/null; then
 		echo "warning: Skipping \"${file}\" as it is invalid or expired." >&2
 
 		continue
 	fi
 
 	openssl x509 -in "${file}" -out tmpfile.x509 -inform pem -outform der
 
-	pubkeylen="$(openssl x509 -in tmpfile.x509 -inform der -text -noout | grep 'RSA Public Key:' | sed 's@^.*(\([0-9][0-9]*\) bit).*$@\1@')"
-	certlen="$(cat tmpfile.x509 | wc -c)"
+	pubkeylen="$(openssl x509 -in tmpfile.x509 -inform der -text -noout | grep 'Public[- ]Key:' | sed 's@^.*(\([0-9][0-9]*\) bit).*$@\1@')"
+	certlen="$(cat tmpfile.x509 | wc -c | awk '{ print $1 }')"
 	cert="$(( cat tmpfile.x509 | od -t x1 | cut -c 9- | tr "\n" ' '; echo ) | sed 's@ @@g;s@..@\\x&@g')"
 
 	cat << _EOF_
+	/* ${file} */
 	{
 		CACKEY_ID_TYPE_CERT_ONLY, /* id_type */
 		${certlen}, /* certificate_len */
 		(unsigned char *) "${cert}", /* certificate */
 		${pubkeylen} /* keysize */

Index: cackey_builtin_certs.h
==================================================================
--- cackey_builtin_certs.h
+++ cackey_builtin_certs.h
cannot compute difference between binary files