Add notice to README.Debian about CA policy

[ca-certificates.git] / mozilla / certdata2pem.py

diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
index d6dfa53fb4496692465b44a0f57c1e3b3f1b1fd1..773ce0d32af81626952c5c0448e57dc98ca115f6 100644 (file)
--- a/mozilla/certdata2pem.py
+++ b/mozilla/certdata2pem.py
@@ -92,15 +92,18 @@ if os.path.exists('blacklist.txt'):
 # Build up trust database.
 trust = dict()
 for obj in objects:
-    if obj['CKA_CLASS'] != 'CKO_NETSCAPE_TRUST':
+    if obj['CKA_CLASS'] not in ('CKO_NETSCAPE_TRUST', 'CKO_NSS_TRUST'):
         continue
     if obj['CKA_LABEL'] in blacklist:
         print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']
-    elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR':
+    elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_TRUSTED_DELEGATOR',
+                                          'CKT_NSS_TRUSTED_DELEGATOR'):
         trust[obj['CKA_LABEL']] = True
-    elif obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR':
+    elif obj['CKA_TRUST_EMAIL_PROTECTION'] in ('CKT_NETSCAPE_TRUSTED_DELEGATOR',
+                                               'CKT_NSS_TRUSTED_DELEGATOR'):
         trust[obj['CKA_LABEL']] = True
-    elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_UNTRUSTED':
+    elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_UNTRUSTED',
+                                          'CKT_NSS_NOT_TRUSTED'):
         print '!'*74
         print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']
         print '!'*74