aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2020-01-29 21:01:48 +0100
committerGravatar Christian Hesse <mail@eworm.de>2020-01-29 21:08:10 +0100
commit352818ea48438383216a783ef9448570b343c29b (patch)
tree188557d3a6d4403c815803b3e73080b317a22467
parent801dce05fa593f61103a0e48d2175bcc58c061a0 (diff)
global-functions: $CertificateAvailable: check whole chain
The root certificate is a self-signed certificate. Check for the issue certificate until we find the self-signed one.
-rw-r--r--global-functions12
1 files changed, 12 insertions, 0 deletions
diff --git a/global-functions b/global-functions
index 9c58450..5f80c0b 100644
--- a/global-functions
+++ b/global-functions
@@ -116,6 +116,7 @@
:local CommonName [ :tostr $1 ];
:global CertificateDownload;
+ :global ParseKeyValueStore;
:if ([ / system resource get free-hdd-space ] < 8388608 && \
[ / certificate settings get crl-download ] = true && \
@@ -127,6 +128,17 @@
:log info ("Certificate with CommonName \"" . $CommonName . "\" not available.");
$CertificateDownload $CommonName;
}
+
+ :local CertVal [ / certificate get [ find where common-name=$CommonName ] ];
+ :local Issuer ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN");
+ :while ($Issuer != $CertVal->"common-name") do={
+ :if ([ / certificate print count-only where common-name=$Issuer ] = 0) do={
+ :log info ("Certificate chain for \"" . $CommonName . "\" is incomplete, missing \"" . $Issuer . "\".");
+ $CertificateDownload $CommonName;
+ }
+ :set CertVal [ / certificate get [ find where common-name=$Issuer ] ];
+ :set Issuer ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN");
+ }
}
# send notification via e-mail