From c04ca9cf0f228920bbe786d05b1dd41cc068a60f Mon Sep 17 00:00:00 2001
From: Michael Shuler <michael@pbandjelly.org>
Date: Sun, 11 Dec 2011 17:42:46 -0600
Subject: [PATCH] Update mozilla/certdata2pem.py to parse NETSCAPE or NSS data

---
 debian/changelog        |  4 ++--
 mozilla/certdata2pem.py | 12 ++++++++----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 06d6b0d..9b11eea 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,9 +11,9 @@ ca-certificates (20111025.4) UNRELEASED; urgency=low
   * Use 'set -e' in body of debian/postinst
   * Update mozilla/certdata.txt to primary Mozilla repository version 1.80
     (no added/removed CAs)
-  ! TODO: update mozilla/certdata2pem.py to grok [NETSCAPE||NSS]...
+  * Update mozilla/certdata2pem.py to parse NETSCAPE or NSS data
 
- -- Michael Shuler <michael@pbandjelly.org>  Sun, 11 Dec 2011 15:00:20 -0600
+ -- Michael Shuler <michael@pbandjelly.org>  Sun, 11 Dec 2011 17:26:19 -0600
 
 ca-certificates (20111025) unstable; urgency=low
 
diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
index d6dfa53..3c89e92 100644
--- a/mozilla/certdata2pem.py
+++ b/mozilla/certdata2pem.py
@@ -92,15 +92,19 @@ if os.path.exists('blacklist.txt'):
 # Build up trust database.
 trust = dict()
 for obj in objects:
-    if obj['CKA_CLASS'] != 'CKO_NETSCAPE_TRUST':
+    if not (obj['CKA_CLASS'] == 'CKO_NETSCAPE_TRUST' or
+            obj['CKA_CLASS'] == 'CKO_NSS_TRUST'):
         continue
     if obj['CKA_LABEL'] in blacklist:
         print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']
-    elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR':
+    elif (obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR' or
+          obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR'):
         trust[obj['CKA_LABEL']] = True
-    elif obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR':
+    elif (obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR' or
+          obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_TRUSTED_DELEGATOR'):
         trust[obj['CKA_LABEL']] = True
-    elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_UNTRUSTED':
+    elif (obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_UNTRUSTED' or
+          obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED'):
         print '!'*74
         print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']
         print '!'*74
-- 
2.39.2