add nss_revoke script

b60a535c · phoeagon · c993593b · b60a535c · b60a535c
Commit b60a535c authored 10 years ago by phoeagon
--- a/Linux/nss_revoke.sh
+++ b/Linux/nss_revoke.sh
+#!/bin/sh
+
+DBPATH=$1
+CERTS=$2
+
+echo "Revoking CAs in $DBPATH/cert9.db"
+
+for CERT in $CERTS;do
+    # p,p,p: prohibit all use
+    certutil -d sql:${DBPATH} -A -n "${CERT}" -t p,p,p -i ${CERT}
+done
+
+echo "Done"
--- a/Linux/revoke-china-certs.sh
+++ b/Linux/revoke-china-certs.sh
+#!/bin/sh
+
+set -e
+
+if [ ${1:-extended} = 'all' ];then
+    echo "Generating ALL CRL set"
+    # TODO: Explicitly distinguish between CA & EE certificates.
+    CA_CERTS=`ls ../Windows/Certs/Online/*.crt`
+    EE_CERTS=`ls ../Windows/Certs/Online/\[Fake\]*.crt`
+    echo "all"
+elif [ ${1:-extended} = 'extended' ];then
+    echo "Generating EXTENDED CRL set"
+    CA_CERTS=`ls ../Windows/Certs/Online/CNNIC_*.crt ../Windows/Certs/Online/China_Internet_Network_Information_Center_EV_Certificates_Root.crt ../Windows/Certs/Online/[Suspicious]WaccBaiduCom.crt ../Windows/Certs/Online/GiantRootCA.crt ../Windows/Certs/Online/CFCA_*.crt  ../Windows/Certs/Online/UCA_*.crt  ../Windows/Certs/Online/[Suspicious]GoAgent_CA.crt`
+    EE_CERTS=`ls ../Windows/Certs/Online/\[Fake\]*.crt`
+elif [ ${1:-extended} = 'restore' ];then
+    echo "Generating RESTORE CRL set"
+    CA_CERTS=''
+    EE_CERTS=''
+else
+    echo "Generating Basic CRL set"
+    CA_CERTS=`ls ../Windows/Certs/Online/CNNIC_*.crt ../Windows/Certs/Online/China_Internet_Network_Information_Center_EV_Certificates_Root.crt ../Windows/Certs/Online/[Suspicious]WaccBaiduCom.crt ../Windows/Certs/Online/GiantRootCA.crt`
+    EE_CERTS=`ls ../Windows/Certs/Online/\[Fake\]*.crt`
+fi
+
+CERTS=`echo $CA_CERTS $EE_CERTS`
+./nss_revoke.sh ${2:-~/.pki/nssdb} "${CERTS}"