cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH] Utils: Make ca-bundle PEM certs 64 chars wide.

From: Richard Michael <rmichael_at_edgeofthenet.org>
Date: Wed, 3 Apr 2013 18:15:08 +0200

RFC1421 indicates PEM Base64 should wrap at 64 characters, but the
mk-ca-bundle script uses MIME Base64 which wraps at 76 characters.

OpenSSL (correctly) outputs PEM certificates wrapped at 64 characters.

Consequently, curl CA bundle certificates must be round-tripped through
OpenSSL to text diff easily against OpenSSL output.

Moreover, with a multitude of certificate formats and acronyms in the
SSL domain, it is useful to output consistently formatted PEM
certificates such that users are not confused by different "looking"
certificates, despite identical technical function.

---
 lib/mk-ca-bundle.pl | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/mk-ca-bundle.pl b/lib/mk-ca-bundle.pl
index 18dc156..d29f63e 100755
--- a/lib/mk-ca-bundle.pl
+++ b/lib/mk-ca-bundle.pl
@@ -182,8 +182,10 @@ while (<TXT>) {
     if ($untrusted) {
       $skipnum ++;
     } else {
+      my $encoded = MIME::Base64::encode_base64($data, '');
+      $encoded =~ s/(.{1,64})/$1\n/g;
       my $pem = "-----BEGIN CERTIFICATE-----\n"
-              . MIME::Base64::encode($data)
+              . $encoded
               . "-----END CERTIFICATE-----\n";
       print CRT "\n$caname\n";
       print CRT ("=" x length($caname) . "\n");
--
1.8.2
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2001-09-17