Re: Package shipping their own CA and security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Feb 08, 2013 at 06:40:05PM +0100, Michael Scherer wrote:
> Le vendredi 08 février 2013 à 11:08 -0500, Nalin Dahyabhai a écrit :
> > This worked for me:
> >   openssl cms -verify -noverify -in cacert.p7s
> 
> Sorry to not have been clearer, what i want is the clear text version of
> the certificate. IE, there is 79 certs in the file. Who do thy belong is
> diginotar in it, etc, etc. 
> 
> ( but this command is still useful to know, as it was non obvious at all)

Each of those can be piped, individually, through a command like
"openssl x509 -noout -text" or "openssl x509 -noout -subject" to get
something more human readable.

So, maybe something like this, though YMMV:

    #!/bin/sh
    tmpfile=`mktemp`
    if test -z "$tmpfile" ; then
        echo Error creating temporary file.
    fi
    trap 'rm -f "$tmpfile"' EXIT
    incert=false
    openssl cms -verify -noverify -in cacert.p7s | while read line ; do
        case "$line" in
        *-BEGIN*)
            echo "$line" > "$tmpfile"
            incert=true
            ;;
        *-END*)
            if $incert ; then
                echo "$line" >> "$tmpfile"
                openssl x509 -noout -text -in "$tmpfile"
                cat "$tmpfile"
                incert=false
            fi
            ;;
        *)
            if $incert ; then
                echo "$line" >> "$tmpfile"
            fi
            ;;
        esac
    done

Cheers,

Nalin
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux