Comment 1 for bug 1207004

curl has updated their script today. I notified the developers a couple of weeks ago.

https://github.com/bagder/curl/commit/51f0b798f
http://curl.haxx.se/docs/caextract.html

SuSE's certdata.txt parsing script handles the flag correctly

https://github.com/openSUSE/ca-certificates/blob/master/extractcerts.pl