mirror of
https://github.com/ading2210/libcurl.js.git
synced 2025-05-13 14:30:02 -04:00
more efficient ca cert encoding
This commit is contained in:
ading2210
parent
42e927b71b
commit
fe72717db8
4 changed files with 110 additions and 28 deletions
42
client/tools/gen_cert.py
Normal file
42
client/tools/gen_cert.py
Normal file
|
|
@ -0,0 +1,42 @@
|
|||
import sys
|
||||
import base64
|
||||
import re
|
||||
import hashlib
|
||||
|
||||
with open(sys.argv[1]) as f:
|
||||
pem_file = f.read()
|
||||
|
||||
cert_regex = r'-----BEGIN CERTIFICATE-----\n(.+?)\n-----END CERTIFICATE-----'
|
||||
cert_template = "-----BEGIN CERTIFICATE-----\n{b64}\n-----END CERTIFICATE-----"
|
||||
certs_b64 = re.findall(cert_regex, pem_file, flags=re.S)
|
||||
certs_b64 = [s.replace("\n", "") for s in certs_b64]
|
||||
|
||||
certs_str = "\n".join(cert_template.format(b64=s) for s in certs_b64)
|
||||
total_len = len(certs_str)
|
||||
print(hashlib.sha256(certs_str.encode()).hexdigest(), file=sys.stderr)
|
||||
|
||||
header_part_template = """
|
||||
static uint8_t _cert_{num}[] = {array};
|
||||
"""
|
||||
header_end_template = """
|
||||
uint8_t* _certs[] = {certs_array};
|
||||
uint16_t cert_lengths[] = {lengths_array};
|
||||
uint16_t cert_count = {cert_count};
|
||||
"""
|
||||
|
||||
header_file = "#include <stdint.h>"
|
||||
cert_lens = []
|
||||
cert_count = len(certs_b64)
|
||||
for i, cert_b64 in enumerate(certs_b64):
|
||||
cert = base64.b64decode(cert_b64)
|
||||
cert_lens.append(len(cert))
|
||||
array_str = "{" + ",".join(hex(byte) for byte in cert) + "}"
|
||||
header_file += header_part_template.format(num=i, array=array_str)
|
||||
|
||||
header_file += header_end_template.format(
|
||||
certs_array = "{" + ",".join(f"_cert_{i}" for i in range(cert_count)) + "}",
|
||||
lengths_array = "{" + ",".join(str(i) for i in cert_lens) + "}",
|
||||
cert_count=cert_count
|
||||
)
|
||||
|
||||
print(header_file)
|
||||
|
|
@ -3,25 +3,16 @@
|
|||
#export ca certs to a c header file
|
||||
|
||||
set -e
|
||||
set -x
|
||||
|
||||
CURL_PREFIX=$(realpath build/curl-wasm)
|
||||
CURL_PREFIX="$(realpath build/curl-wasm)"
|
||||
CACERT_FILE="$(realpath build/cacert.pem)"
|
||||
CACERT_HEADER="$CURL_PREFIX/include/cacert.h"
|
||||
|
||||
CACERT_DIR="$(dirname $CACERT_FILE)"
|
||||
REPLACE_STR="$(echo $CACERT_DIR | tr '/-' '_')"
|
||||
CACERT_DIR="$(dirname "$CACERT_FILE")"
|
||||
REPLACE_STR="$(echo "$CACERT_DIR" | tr '/-' '_')"
|
||||
|
||||
if [ ! -f $CACERT_FILE ]; then
|
||||
if [ ! -f "$CACERT_FILE" ]; then
|
||||
wget "https://curl.se/ca/cacert.pem" -O "$CACERT_FILE"
|
||||
#without this cert open.spotify.com does not work
|
||||
#https://github.com/wolfSSL/wolfssl/issues/8137
|
||||
new_cert="$(curl "https://www.certainly.com/certificates/Certainly_Intermediate_R1.pem")"
|
||||
insert_before="Certainly Root E1"
|
||||
replacement="$(printf "\n$new_cert\n\n$insert_before")"
|
||||
|
||||
cacert_str="$(cat "$CACERT_FILE")"
|
||||
cacert_str="${cacert_str/"$insert_before"/"$replacement"}"
|
||||
echo "$cacert_str" > $CACERT_FILE
|
||||
python3 tools/gen_cert.py "$CACERT_FILE" > "$CACERT_HEADER"
|
||||
fi
|
||||
xxd -i $CACERT_FILE > $CACERT_HEADER
|
||||
sed -i "s/$REPLACE_STR//" $CACERT_HEADER
|
||||
Loading…
Add table
Add a link
Reference in a new issue