Verified Commit eeeb6ce6 authored by Michal 'vorner' Vaner's avatar Michal 'vorner' Vaner
Browse files

Give wget a proper CA certificate

Since we use our own CA, we need wget to verify it against that. Include
the certificate and link to it.
parent a471097e
-----BEGIN CERTIFICATE-----
MIIGBzCCA++gAwIBAgIJANFfZI2j2HaYMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
VQQGEwJDWjEXMBUGA1UECAwOQ3plY2ggcmVwdWJsaWMxDzANBgNVBAcMBlByYWd1
ZTEPMA0GA1UECgwGQ1ouTklDMQ0wCwYDVQQLDARMYWJzMRwwGgYDVQQDDBNUdXJy
aXMgRW1lcmdlbmN5IENBMSIwIAYJKoZIhvcNAQkBFhNtaWNoYWwudmFuZXJAbmlj
LmN6MB4XDTE2MDQwODA4MDAxNloXDTI2MDQwNjA4MDAxNlowgZkxCzAJBgNVBAYT
AkNaMRcwFQYDVQQIDA5DemVjaCByZXB1YmxpYzEPMA0GA1UEBwwGUHJhZ3VlMQ8w
DQYDVQQKDAZDWi5OSUMxDTALBgNVBAsMBExhYnMxHDAaBgNVBAMME1R1cnJpcyBF
bWVyZ2VuY3kgQ0ExIjAgBgkqhkiG9w0BCQEWE21pY2hhbC52YW5lckBuaWMuY3ow
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJknvUe3uFUCyvr8+Ishcb
2NyW3lYYay5NTAfMFR9VvQaAESIKaUwQ4GNXo0E7DCMKEYxvPDvZZ0nSOaLFHws5
gJ0QS62sG+pwZMQJnRhYhCFuEcBFajLG5bmkZcDYIJOiuarr52VVMKMEnTSL0DEI
O7GXlEPSfwKYBcefDkOGTHTQM+eIoWppL1I0UuzWdNUHcvHB0alR2NTG240dsG4I
mPr8RmfEO3L6wYT5E4WlQwRVcdFvQqcRU2lbO+brDS+1TiVatt/mKHzQrbvflkJI
9kBTGiED6I+xDPwKwfCOiHotEMSdgUx4eLjAxBX7bVDW+CuXkke5munlUeOaz8q7
nwCmlwlBvzaS4ua4Tn8eQNEYlt00To5nUgt81OCa7WF/ylAfw3Ec/xsuOZ1Idv+N
ld54U2lOJ3NfynIOvsLkHeIf8+i76eFAIm9ivby+dqEkCVbgMnelNP40M0UDZKW8
z5ceFLWoyJ1bA/MXi2gYB2g+kA4ZgeQAXhLgdiUHxhuZ538cTH4d6iOWyS3MOHob
9XU+0lp2OExYiSus04crab+fjvCTz4kduDB8sLY1do+u/1d6gAyDPh2kLAuiOfLA
nD331CglPmRdneyTrLHcQ7prYOcTNMmF2ZETV5HVd1+yYCr/8OSVcTGhgAFajgBN
/Z+cXVGOO0DEHQ5YbidHJQIDAQABo1AwTjAdBgNVHQ4EFgQUrCj0B4Fr74JHAiG4
0LGd4c30oB4wHwYDVR0jBBgwFoAUrCj0B4Fr74JHAiG40LGd4c30oB4wDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEACzPel+BhqY2d6lfbQdCwdNGdoV7f
hbdk3Yhd2Te03t7oU6k02welgIWRg86TtYxzQCi8HWmlWoDhq1UdYnLjheYjUQSR
pT7EXTxhBnDKQRiSYsAZWpETSidQ/ipSffIO7VGVcpdJPH0BTd3BqwunUnfXhd1e
DW3HBOOk5k6FUMBt9uM34NZ4S99klQDvu8q6EEBaNtOMgeYEPh5mnxqhuZICxmeh
4AtLagmOoLlypOKZgoJNGz+43MPPbXRb8eqj6N2E8pTBt1iB96qvYd/B1O5N38P2
lTz4jLNBXfWieqV+yRnRMENsR9PW+7mEAn6WtM7IlFbDwMtgygh5Xj6PGTzwPCXl
186ljFV0W/2y0KCey4TWVqliKwymJPhQ7uRCbAjG22eY2GgoMSz6EIHIPJMfd5mL
W0FiZUR/pJJe7+ljVKweNqfLs657/mXGGf+mArbe/Yv58B7XWLZrys6aLnXzfIa/
sb+EXqLrd431l6kmmylbPFSg5OwBjmo9rOQxcUOTXuiuKGGuzqMGsd7rhMnYtLKm
3AfcQPYEQIjhjxQDirKPx5LM15U0T2gP2hCkQ86KoWEGIG8tLxzgQD7FWoDYqEAv
HTdnnlsjzPd9hJqyyo0eQcynI75rMdpKI5crvD3l9xJ04IRPRXipKwoX5XnWuAYy
e3NhUtRgGGzR1ek=
-----END CERTIFICATE-----
package Tagger::FlowFilter;
use common::sense;
use AddrStoreBuild qw($cfg addr_store_content);
use FindBin;
sub perform($$) {
my ($dbh, $blacklist) = @_;
# Read the IPset rules and extract addresses
open my $ipsets, '-|', 'wget', 'https://api.turris.cz/firewall/turris-ipsets', '-q', '-O', '-' or die "Couldn't download ip set rules: $!\n";
open my $ipsets, '-|', 'wget', 'https://api.turris.cz/firewall/turris-ipsets', '-q', "--ca-certificate=${FindBin::Bin}/../ca.pem", '-O', '-' or die "Couldn't download ip set rules: $!\n";
my %data;
my %ranges;
while (<$ipsets>) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment