extract-cert: Cope with multiple X.509 certificates in a single file
authorDavid Woodhouse <David.Woodhouse@intel.com>
Mon, 20 Jul 2015 20:16:33 +0000 (21:16 +0100)
committerDavid Howells <dhowells@redhat.com>
Wed, 12 Aug 2015 16:01:01 +0000 (17:01 +0100)
commit84706caae9e06363db4f956cde4f9715ce5c0ef3
tree282821472d398da61e41035646ab9a20085db816
parented8c20762a314124cbdd62e9d3e8aa7aa2a16020
extract-cert: Cope with multiple X.509 certificates in a single file

This is not required for the module signing key, although it doesn't do any
harm — it just means that any additional certs in the PEM file are also
trusted by the kernel.

But it does allow us to use the extract-cert tool for processing the extra
certs from CONFIG_SYSTEM_TRUSTED_KEYS, instead of that horrid awk|base64
hack.

Also cope with being invoked with no input file, creating an empty output
file as a result.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
scripts/extract-cert.c