On 2024/11/01 21:13, Andrew Hewus Fresh wrote:
> You could do something like this to avoid a little churn:
> 
> (although I don't know quite where to get ca-bundle.crt to test it)
> (also, I don't like the name)

That's generated by the script from curl that's shown in the note at the
top of format-pem.pl. Or you can just feed cert.pem through it again.

It's committed already but I do like this...

> Index: format-pem.pl
> ===================================================================
> RCS file: /cvs/src/lib/libcrypto/format-pem.pl,v
> diff -u -p -r1.6 format-pem.pl
> --- format-pem.pl	3 Jul 2022 15:02:04 -0000	1.6
> +++ format-pem.pl	2 Nov 2024 04:11:24 -0000
> @@ -33,6 +33,8 @@ if (! eval {require Date::Parse;1;}) {
>  	use Date::Parse;
>  }
>  
> +sub without_case_reliably { lc($a) cmp lc($b) || $a cmp $b }
> +
>  my $tmp = File::Temp->new(TEMPLATE => '/tmp/splitcert.XXXXXXXX');
>  my $t = $tmp->filename;
>  
> @@ -115,9 +117,9 @@ while(<>) {
>  close $tmp;
>  chomp $rcsid;
>  print $rcsid;
> -foreach my $o (sort{lc($a) cmp lc($b)} keys %ca) {
> +foreach my $o (sort without_case_reliably keys %ca) {
>  	print "\n### $o\n\n";
> -	foreach my $subj (sort{lc($a) cmp lc($b)} keys %{ $ca{$o} }) {
> +	foreach my $subj (sort without_case_reliably keys %{ $ca{$o} }) {
>  		if ($ca{$o}{$subj}{'valid'} == 1) {
>  			print "=== $subj\n";
>  			print $ca{$o}{$subj}{'info'};
> @@ -127,9 +129,9 @@ foreach my $o (sort{lc($a) cmp lc($b)} k
>  }
>  
>  # print a visual summary at the end
> -foreach my $o (sort{lc($a) cmp lc($b)} keys %ca) {
> +foreach my $o (sort without_case_reliably keys %ca) {
>  	print STDERR "\n$o\n";
> -	foreach my $subj (sort{lc($a) cmp lc($b)} keys %{ $ca{$o} }) {
> +	foreach my $subj (sort without_case_reliably keys %{ $ca{$o} }) {
>  		print STDERR "  $subj\n";
>  	}
>  }
> 
>