#!/bin/sh

# Fetches a CA Cert bundle from curl.se.
# https://curl.se/docs/caextract.html

# Fedora 20 hosts can no longer make this request.
# curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).

F30_HOST='better-mousetrap.mit.edu'


if [ $(lsb_release -rs) -lt 30 ]; then
    if [ "${F30_HOST}" = "${HOSTNAME}" ]; then
        echo "Expected f30 host is running older release."
        exit 1;
    fi
    ssh "${F30_HOST}" "$(readlink -fn $0)" 2>/dev/null
    exit $?
fi

(
    cd /afs/sipb.mit.edu/project/git/certs;
    export CURL_CA_BUNDLE=cacert.pem
    curl --silent --show-error \
         --time-cond cacert.pem \
         --remote-name https://curl.se/ca/cacert.pem
)