diff -ur make-ca-1.14.orig/copy-trust-modifications make-ca-1.14/copy-trust-modifications --- make-ca-1.14.orig/copy-trust-modifications 2024-07-13 20:34:30.000000000 -0700 +++ make-ca-1.14/copy-trust-modifications 2024-10-10 01:06:07.204279974 -0700 @@ -34,7 +34,7 @@ LABELNEW=`echo "${LABEL}" | /bin/sed -e 's@"@@g' -e 's@ @_@g'` # Determine default usage (this can be changed later) - usage=$(openssl x509 -in ${certificate} -noout -text | \ + usage=$(libressl x509 -in ${certificate} -noout -text | \ grep -A1 "X509v3 Key Usage:") trust="" echo ${usage} | grep -q "Certificate Sign" && @@ -43,7 +43,7 @@ trust="${trust} -addtrust emailProtection" # Place into LOCALDIR - openssl x509 -in ${certificate} -text -fingerprint -setalias "${LABEL}" \ + libressl x509 -in ${certificate} -text -fingerprint -setalias "${LABEL}" \ ${trust} -out "${LOCALDIR}/${LABELNEW}.pem" echo -e "${LABELNEW}" unset LABEL LABELNEW usage trust diff -ur make-ca-1.14.orig/include.h2m make-ca-1.14/include.h2m --- make-ca-1.14.orig/include.h2m 2024-07-13 20:34:30.000000000 -0700 +++ make-ca-1.14/include.h2m 2024-10-10 01:06:54.916281150 -0700 @@ -33,7 +33,7 @@ #\ install -vdm755 /etc/ssl/local \ #\ wget http://www.cacert.org/certs/root.crt \ - #\ openssl x509 -in root.crt -text -fingerprint \\ \ + #\ libressl x509 -in root.crt -text -fingerprint \\ \ -setalias "CAcert Class 1 root" \\ \ -addtrust serverAuth \\ \ -addtrust emailProtection \\ \ diff -ur make-ca-1.14.orig/make-ca make-ca-1.14/make-ca --- make-ca-1.14.orig/make-ca 2024-07-13 20:34:30.000000000 -0700 +++ make-ca-1.14/make-ca 2024-10-10 01:08:01.212282784 -0700 @@ -27,7 +27,7 @@ CERTUTIL="/usr/bin/certutil" KEYTOOL="${JAVA_HOME}/bin/keytool" MD5SUM="/usr/bin/md5sum" - OPENSSL="/usr/bin/openssl" + OPENSSL="/usr/bin/libressl" TRUST="/usr/bin/trust" ANCHORDIR="${PKIDIR}/anchors" ANCHORLIST="${PKIDIR}/anchors.md5sums" @@ -41,6 +41,7 @@ LOCALDIR="${SSLDIR}/local" DESTDIR="" URL="https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt" + CURL="/usr/bin/curl" fi # Some data in the certs have UTF-8 characters @@ -316,7 +317,7 @@ echo " -k, --keytool [\$JAVA_HOME/bin/keytool]" echo " The path of the Java keytool utility" echo "" - echo " -s, --openssl [/usr/bin/openssl]" + echo " -s, --openssl [/usr/bin/libressl]" echo " The path of the openssl utility" echo "" echo " -t, --certutil [/usr/bin/certutil]" @@ -682,7 +683,7 @@ SARGS="${SARGS} -proxy ${PROXY}" fi echo GET ${_url} | \ - ${OPENSSL} s_client ${SARGS} 2> /dev/null > "${TEMPDIR}/certdata.txt.log" + ${CURL} ${_url} 2> /dev/null > "${TEMPDIR}/certdata.txt.log" unset _url echo "done." @@ -707,7 +708,7 @@ # Download the new file echo -n "Downloading certdata.txt..." echo GET ${URL} | \ - ${OPENSSL} s_client ${SARGS} 2> /dev/null >> "${CERTDATA}" + ${CURL} ${URL} 2> /dev/null >> "${CERTDATA}" _line=$(( $(grep -n -m 1 "^#$" "${CERTDATA}" | cut -d ":" -f 1) - 1)) sed -e "1,${_line}d" -i "${CERTDATA}" sed "1i # Revision:${REVISION}" -i "${CERTDATA}" diff -ur make-ca-1.14.orig/make-ca.conf.dist make-ca-1.14/make-ca.conf.dist --- make-ca-1.14.orig/make-ca.conf.dist 2024-07-13 20:34:30.000000000 -0700 +++ make-ca-1.14/make-ca.conf.dist 2024-10-10 01:03:38.949276320 -0700 @@ -6,7 +6,7 @@ CERTUTIL="/usr/bin/certutil" KEYTOOL="${JAVA_HOME}/bin/keytool" MD5SUM="/usr/bin/md5sum" -OPENSSL="/usr/bin/openssl" +OPENSSL="/usr/bin/libressl" TRUST="/usr/bin/trust" ANCHORDIR="${PKIDIR}/anchors" ANCHORLIST="${PKIDIR}/anchors.md5sums" @@ -20,6 +20,7 @@ LOCALDIR="${SSLDIR}/local" DESTDIR="" URL="https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt" +CURL="/usr/bin/curl" # Source must be downloaded over https # Valid urls for download are below diff -ur make-ca-1.14.orig/update-mscertsign.sh make-ca-1.14/update-mscertsign.sh --- make-ca-1.14.orig/update-mscertsign.sh 2024-07-13 20:34:30.000000000 -0700 +++ make-ca-1.14/update-mscertsign.sh 2024-10-10 01:09:07.772284424 -0700 @@ -26,7 +26,7 @@ for certbegin in ${startlist}; do awk "NR==$certbegin,/^-----END CERTIFICATE-----/" mscertsign.txt \ > ${certbegin}.crt - openssl x509 -noout -in ${certbegin}.crt -hash >> CS.txt + libressl x509 -noout -in ${certbegin}.crt -hash >> CS.txt rm ${certbegin}.crt done rm -r mscertsign.txt