+make_sure_expired_and_rm() {
+ cert="$1"
+ rm -rf pld-tests
+ install -d pld-tests
+ cat "$cert" | awk '/^-+BEGIN/ { i++; } /^-+BEGIN/, /^-+END/ { print > "pld-tests/" i ".extracted.crt" }'
+ for tmpcert in pld-tests/*.extracted.crt; do
+ # check expiration date
+ EXPDATE=$(openssl x509 -enddate -noout -in "$tmpcert")
+ EXPDATE=${EXPDATE#notAfter=}
+ EXPDATETIMESTAMP=$(date +"%s" -d "$EXPDATE")
+ NOWTIMESTAMP=$(date +"%s")
+ # mksh is 32bit only
+ if /usr/bin/test "$EXPDATETIMESTAMP" -ge "$NOWTIMESTAMP"; then
+ echo "$cert ($tmpcert): not expired! ${EXPDATE}"
+ return 1
+ fi
+ done
+ rm "$cert"
+ return 0
+}
+
+# expired
+make_sure_expired_and_rm mozilla/Sonera_Class_2_Root_CA.crt
+make_sure_expired_and_rm mozilla/DST_Root_CA_X3.crt
+make_sure_expired_and_rm mozilla/QuoVadis_Root_CA.crt
+