diff options
author | Christian Hesse <mail@eworm.de> | 2020-01-29 21:01:48 +0100 |
---|---|---|
committer | Christian Hesse <mail@eworm.de> | 2020-01-29 21:08:10 +0100 |
commit | 352818ea48438383216a783ef9448570b343c29b (patch) | |
tree | 188557d3a6d4403c815803b3e73080b317a22467 | |
parent | 801dce05fa593f61103a0e48d2175bcc58c061a0 (diff) |
global-functions: $CertificateAvailable: check whole chain
The root certificate is a self-signed certificate. Check for the issue
certificate until we find the self-signed one.
-rw-r--r-- | global-functions | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/global-functions b/global-functions index 9c58450..5f80c0b 100644 --- a/global-functions +++ b/global-functions @@ -116,6 +116,7 @@ :local CommonName [ :tostr $1 ]; :global CertificateDownload; + :global ParseKeyValueStore; :if ([ / system resource get free-hdd-space ] < 8388608 && \ [ / certificate settings get crl-download ] = true && \ @@ -127,6 +128,17 @@ :log info ("Certificate with CommonName \"" . $CommonName . "\" not available."); $CertificateDownload $CommonName; } + + :local CertVal [ / certificate get [ find where common-name=$CommonName ] ]; + :local Issuer ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN"); + :while ($Issuer != $CertVal->"common-name") do={ + :if ([ / certificate print count-only where common-name=$Issuer ] = 0) do={ + :log info ("Certificate chain for \"" . $CommonName . "\" is incomplete, missing \"" . $Issuer . "\"."); + $CertificateDownload $CommonName; + } + :set CertVal [ / certificate get [ find where common-name=$Issuer ] ]; + :set Issuer ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN"); + } } # send notification via e-mail |