Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
mk-ca-bundle.pl: Use stricter logic to process the certificates
.. and bump version to 1.29. This change makes the script properly ignore unknown blocks and otherwise fail when Mozilla changes the certdata format in ways we don't expect. Though this is less flexible behavior it makes it far less likely that an invalid certificate can slip through. Prior to this change the state machine did not always properly reset, and it was possible that a certificate marked as invalid could then later be marked as valid when there was conflicting trust info or an unknown block was erroneously processed as part of the certificate. Ref: curl#7801 (review) Closes curl#8411
- Loading branch information