--- /usr/sbin/openssl-vulnkey.orig	2008-05-21 02:21:06.000000000 +0200
+++ /usr/sbin/openssl-vulnkey	2008-05-30 20:09:26.000000000 +0200
@@ -27,6 +27,7 @@
 
 version = "0.1.1"
 db_prefix = "/usr/share/openssl-blacklist/blacklist.RSA-"
+wl_file = "/usr/share/openssl-blacklist/whitelist"
 
 parser = OptionParser(usage="%prog FILE [FILE]", \
                       version="%prog: " + version, \
@@ -106,6 +107,33 @@
 
     return ""
 
+def whitelist_key(wlfile,keyfile):
+
+    try:
+        sha1 = sha.sha( open( keyfile, 'rb' ).read() ).hexdigest()
+
+        fh = open(wlfile, 'a')
+        fh.write(sha1+"\n")
+        fh.close()
+    except IOError:
+        print >> sys.stderr, "ERROR: Failed to whitelist key in %s\n" % (wlfile)
+        pass
+
+    return ""
+
+def is_whitelisted(wlfile,keyfile):
+    try:
+        sha1 = sha.sha( open( keyfile, 'rb' ).read() ).hexdigest()
+        fh = open(wlfile, 'r')
+        db_lines = fh.read().split('\n')
+        fh.close()    
+        if sha1 in db_lines:
+            return sha1
+    except IOError:
+        pass
+
+    return ""
+
 
 # Check each file
 found = False
@@ -115,6 +143,9 @@
             print >> sys.stderr, "'%s' could not be opened (skipping)" % (f)
         continue
 
+    if ( is_whitelisted(wl_file,f) ):
+        sys.exit(0)
+
     type = get_type(f)
     if type == "":
         if not options.quiet:
@@ -158,6 +189,7 @@
             print "COMPROMISED: %s %s" % (key, f)
         found = True
     else:
+	whitelist_key(wl_file,f)
         if not options.quiet:
             print "Not blacklisted: %s %s" % (key, f)