From cf8ec8d75791b1c1d866d8c40f73f776ee496d61 Mon Sep 17 00:00:00 2001 From: phoeagon <phoeagon@gmail.com> Date: Fri, 27 Feb 2015 09:33:25 +0800 Subject: [PATCH] fixes revoke script to remove certs first --- Linux/nss_revoke.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/Linux/nss_revoke.sh b/Linux/nss_revoke.sh index 1a7887c..e6d63ff 100755 --- a/Linux/nss_revoke.sh +++ b/Linux/nss_revoke.sh @@ -3,11 +3,20 @@ DBPATH=$1 CERTS=$2 + +echo "Resetting CA set" +RESETS=`` + +certutil -d sql:${DBPATH} -L | grep -oP "NSS Certificate DB:revoke-china-certs:[^\s]+" | \ +while read CERT;do + certutil -d sql:${DBPATH} -D -n "${CERT}" +done + echo "Revoking CAs in $DBPATH/cert9.db" for CERT in $CERTS;do # p,p,p: prohibit all use - certutil -d sql:${DBPATH} -A -n "${CERT}" -t p,p,p -i ${CERT} + certutil -d sql:${DBPATH} -A -n "revoke-china-certs:${CERT}" -t p,p,p -i ${CERT} done echo "Done" -- GitLab