From cf8ec8d75791b1c1d866d8c40f73f776ee496d61 Mon Sep 17 00:00:00 2001
From: phoeagon <phoeagon@gmail.com>
Date: Fri, 27 Feb 2015 09:33:25 +0800
Subject: [PATCH] fixes revoke script to remove certs first

---
 Linux/nss_revoke.sh | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/Linux/nss_revoke.sh b/Linux/nss_revoke.sh
index 1a7887c..e6d63ff 100755
--- a/Linux/nss_revoke.sh
+++ b/Linux/nss_revoke.sh
@@ -3,11 +3,20 @@
 DBPATH=$1
 CERTS=$2
 
+
+echo "Resetting CA set"
+RESETS=``
+
+certutil -d sql:${DBPATH} -L | grep -oP "NSS Certificate DB:revoke-china-certs:[^\s]+" | \
+while read CERT;do
+    certutil -d sql:${DBPATH} -D -n "${CERT}"
+done
+
 echo "Revoking CAs in $DBPATH/cert9.db"
 
 for CERT in $CERTS;do
     # p,p,p: prohibit all use
-    certutil -d sql:${DBPATH} -A -n "${CERT}" -t p,p,p -i ${CERT}
+    certutil -d sql:${DBPATH} -A -n "revoke-china-certs:${CERT}" -t p,p,p -i ${CERT}
 done
 
 echo "Done"
-- 
GitLab