From: Stuart Henderson Subject: Re: update cert.pem To: Andrew Hewus Fresh Cc: Theo Buehler , tech@openbsd.org Date: Sat, 2 Nov 2024 09:39:13 +0000 On 2024/11/01 21:13, Andrew Hewus Fresh wrote: > You could do something like this to avoid a little churn: > > (although I don't know quite where to get ca-bundle.crt to test it) > (also, I don't like the name) That's generated by the script from curl that's shown in the note at the top of format-pem.pl. Or you can just feed cert.pem through it again. It's committed already but I do like this... > Index: format-pem.pl > =================================================================== > RCS file: /cvs/src/lib/libcrypto/format-pem.pl,v > diff -u -p -r1.6 format-pem.pl > --- format-pem.pl 3 Jul 2022 15:02:04 -0000 1.6 > +++ format-pem.pl 2 Nov 2024 04:11:24 -0000 > @@ -33,6 +33,8 @@ if (! eval {require Date::Parse;1;}) { > use Date::Parse; > } > > +sub without_case_reliably { lc($a) cmp lc($b) || $a cmp $b } > + > my $tmp = File::Temp->new(TEMPLATE => '/tmp/splitcert.XXXXXXXX'); > my $t = $tmp->filename; > > @@ -115,9 +117,9 @@ while(<>) { > close $tmp; > chomp $rcsid; > print $rcsid; > -foreach my $o (sort{lc($a) cmp lc($b)} keys %ca) { > +foreach my $o (sort without_case_reliably keys %ca) { > print "\n### $o\n\n"; > - foreach my $subj (sort{lc($a) cmp lc($b)} keys %{ $ca{$o} }) { > + foreach my $subj (sort without_case_reliably keys %{ $ca{$o} }) { > if ($ca{$o}{$subj}{'valid'} == 1) { > print "=== $subj\n"; > print $ca{$o}{$subj}{'info'}; > @@ -127,9 +129,9 @@ foreach my $o (sort{lc($a) cmp lc($b)} k > } > > # print a visual summary at the end > -foreach my $o (sort{lc($a) cmp lc($b)} keys %ca) { > +foreach my $o (sort without_case_reliably keys %ca) { > print STDERR "\n$o\n"; > - foreach my $subj (sort{lc($a) cmp lc($b)} keys %{ $ca{$o} }) { > + foreach my $subj (sort without_case_reliably keys %{ $ca{$o} }) { > print STDERR " $subj\n"; > } > } > >