"MUST_VERIFY_TRUST",# This explicitly tells us that it ISN'T a CA but is otherwise ok. In other words, this should tell the app to ignore any other sources that claim this is a CA.
"TRUSTED"# This cert is trusted, but only for itself and not for delegates (i.e. it is not a CA).
);
my$default_signature_algorithms=$opt_s="MD5";
my@valid_signature_algorithms=(
"MD5",
"SHA1",
"SHA256",
"SHA384",
"SHA512"
);
$0=~s@.*(/|\\)@@;
$Getopt::Std::STANDARD_HELP_VERSION=1;
getopts('bd:fhilnp:qs:tuvw:');
if(!defined($opt_d)){
# to make plain "-d" use not cause warnings, and actually still work
$opt_d='release';
}
# Use predefined URL or else custom URL specified on command line.
print"\t-f\tforce rebuild even if certdata.txt is current\n";
print"\t-i\tprint version info about used modules\n";
print"\t-l\tprint license info about certdata.txt\n";
print"\t-n\tno download of certdata.txt (to use existing)\n";
printwrap("\t","\t\t","-p\tlist of Mozilla trust purposes and levels for certificates to include in output. Takes the form of a comma separated list of purposes, a colon, and a comma separated list of levels. (default: $default_mozilla_trust_purposes:$default_mozilla_trust_levels)"),"\n";
print"\t-q\tbe really quiet (no progress output at all)\n";
printwrap("\t","\t\t","-s\tcomma separated list of certificate signatures/hashes to output in plain text mode. (default: $default_signature_algorithms)\n");