Package shipping their own CA and security
Nalin Dahyabhai
nalin at redhat.com
Fri Feb 8 18:55:25 UTC 2013
On Fri, Feb 08, 2013 at 06:40:05PM +0100, Michael Scherer wrote:
> Le vendredi 08 février 2013 à 11:08 -0500, Nalin Dahyabhai a écrit :
> > This worked for me:
> > openssl cms -verify -noverify -in cacert.p7s
>
> Sorry to not have been clearer, what i want is the clear text version of
> the certificate. IE, there is 79 certs in the file. Who do thy belong is
> diginotar in it, etc, etc.
>
> ( but this command is still useful to know, as it was non obvious at all)
Each of those can be piped, individually, through a command like
"openssl x509 -noout -text" or "openssl x509 -noout -subject" to get
something more human readable.
So, maybe something like this, though YMMV:
#!/bin/sh
tmpfile=`mktemp`
if test -z "$tmpfile" ; then
echo Error creating temporary file.
fi
trap 'rm -f "$tmpfile"' EXIT
incert=false
openssl cms -verify -noverify -in cacert.p7s | while read line ; do
case "$line" in
*-BEGIN*)
echo "$line" > "$tmpfile"
incert=true
;;
*-END*)
if $incert ; then
echo "$line" >> "$tmpfile"
openssl x509 -noout -text -in "$tmpfile"
cat "$tmpfile"
incert=false
fi
;;
*)
if $incert ; then
echo "$line" >> "$tmpfile"
fi
;;
esac
done
Cheers,
Nalin
More information about the devel
mailing list