openvpn

mirror of https://github.com/OpenVPN/openvpn.git synced 2024-09-20 12:02:28 +02:00

History

David Sommerseth 233105d2c9 OCSP_check.sh: new check logic contrib/OCSP_check/OCSP_check.sh: I discovered that, quite surprisingly, the exit status of "openssl ocsp" is 0 even if the certificate status is "revoked". This means that the logic of the script needs to be rewritten so that it parses the output returned by the query and explicitly looks for a "0x<serial number>: good" line, and exit if either the command has a non-zero exit status, or the above line is not found. Doing that portably without bashisms requires some juggling around, so perhaps the code is slightly less clean now, but it does have many comments. Signed-off-by: Davide Brini <dave_br@gmx.com> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: David Sommerseth <dazo@users.sourceforge.net>	2010-10-21 11:40:36 +02:00
..
OCSP_check.sh	OCSP_check.sh: new check logic	2010-10-21 11:40:36 +02:00

David Sommerseth 233105d2c9 OCSP_check.sh: new check logic

contrib/OCSP_check/OCSP_check.sh:
  I discovered that, quite surprisingly, the exit status of "openssl ocsp"
  is 0 even if the certificate status is "revoked". This means that the
  logic of the script needs to be rewritten so that it parses the output
  returned by the query and explicitly looks for a

  "0x<serial number>: good"

  line, and exit if either the command has a non-zero exit status, or the
  above line is not found.

  Doing that portably without bashisms requires some juggling around, so
  perhaps the code is slightly less clean now, but it does have many
  comments.

Signed-off-by: Davide Brini <dave_br@gmx.com>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>

2010-10-21 11:40:36 +02:00

OCSP_check.sh

OCSP_check.sh: new check logic

2010-10-21 11:40:36 +02:00