diff options
author | Christian Hesse <mail@eworm.de> | 2023-12-04 12:35:13 +0100 |
---|---|---|
committer | Christian Hesse <mail@eworm.de> | 2023-12-04 13:05:46 +0100 |
commit | 8de6995c4b38f80439f0b70dc19f747f4f58f83d (patch) | |
tree | 11b6988b02255d9ffffa7ac26bb69af8bfb5e4fa | |
parent | a08df7bdec4a7ddbd758d5066fc59ebb17709413 (diff) |
check-certificates: add workaround for broken certificates...
... where the issuer array is borked. Or is this a RouterOS issue?
[eworm@carpo] > $InspectVar [ $ParseKeyValueStore [ /certificate/get ISRG-Root-X2 issuer ] ]
-type-> array
-key-> C
-type-> str
-value-> US,O=Internet Security Research Group,CN=ISRG Root X2
A good certificate looks like this:
[eworm@carpo] > $InspectVar [ $ParseKeyValueStore [ /certificate/get [ find where name~"eworm.net" ] issuer ] ]
-type-> array
-key-> C
-type-> str
-value-> US
-key-> CN
-type-> str
-value-> E1
-key-> O
-type-> str
-value-> Let's Encrypt
-rw-r--r-- | check-certificates.rsc | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/check-certificates.rsc b/check-certificates.rsc index c501a28..87ad1e5 100644 --- a/check-certificates.rsc +++ b/check-certificates.rsc @@ -90,18 +90,20 @@ :local FormatCertChain do={ :local Cert $1; + :global EitherOr; :global ParseKeyValueStore; :local CertVal [ /certificate/get $Cert ]; :local Return ""; :for I from=0 to=3 do={ - :set Return ($Return . [ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN"); + :set Return ($Return . [ $EitherOr ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN") \ + ([ $ParseKeyValueStore (($CertVal->"issuer")->0) ]->"CN") ]); + :set CertVal [ /certificate/get [ find where skid=($CertVal->"akid") ] ]; :if (($CertVal->"akid") = "" || ($CertVal->"akid") = ($CertVal->"skid")) do={ :return $Return; } :set Return ($Return . " -> "); - :set CertVal [ /certificate/get [ find where skid=($CertVal->"akid") ] ]; } :return ($Return . "..."); } |