Use certifi to get the mozilla ca bundle

2020-03-20 11:27:15 +01:00 · 2020-03-20 11:27:15 +01:00 · fd5b903caa
commit fd5b903caa
parent 1256d13c42
1 changed files with 2 additions and 11 deletions
--- a/sort_certificate.py
+++ b/sort_certificate.py
@ -7,22 +7,15 @@ from __future__ import print_function

 import logging
 import re
-import os
 import fileinput
 from argparse import ArgumentParser
 from datetime import datetime
 from OpenSSL import crypto
 from Crypto.Util import asn1
 from cryptography.hazmat.primitives import serialization
+import certifi.core


-# XXX Scan a couple of known locations to get this file
-MOZROOTBUNDLE_LOCATIONS = [
-    '/etc/ssl/cert.pem',
-    '/etc/pki/tls/cert.pem',
-    '/etc/ssl/certs/ca-certificates.crt',
-]
-
 VALID_HOSTNAME_RE = '^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])'\
                    '(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}'\
                    '[a-zA-Z0-9]))*$'
@ -195,9 +188,7 @@ def main():
    main program start and argument parsing
    '''

-    mozrootbundle_location = [fname for fname in MOZROOTBUNDLE_LOCATIONS
-                              if os.path.exists(fname)].pop(0)
-
+    mozrootbundle_location = certifi.core.where()
    parser = ArgumentParser(description='Reorder X509/RSA data for'
                                        ' hosting use')