Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2021-01-11 | check-certificates: do not renew if loosing private key | Christian Hesse | 1 | -0/+5 | |
2021-01-11 | check-certificates: show info on private key | Christian Hesse | 1 | -0/+2 | |
2021-01-01 | update copyright for 2021 | Christian Hesse | 1 | -1/+1 | |
2020-12-18 | check-certificates: make the certificate renewal time configurablechange-40 | Christian Hesse | 1 | -1/+2 | |
2020-11-26 | global-functions: clickable links in telegram notifications | Christian Hesse | 1 | -1/+1 | |
2020-11-13 | check-certificates: decrease log severity to info | Christian Hesse | 1 | -2/+2 | |
2020-09-18 | extend magic pattern with "by RouterOS" | Christian Hesse | 1 | -1/+1 | |
This matches the string included in export. | |||||
2020-09-06 | check-certificates: do not notify with missing validity period | Christian Hesse | 1 | -1/+1 | |
2020-09-01 | check-certificates: better check for non-empty value | Christian Hesse | 1 | -1/+1 | |
2020-08-26 | [ ... print count-only ...] -> [ :len [ ... find ... ] ] | Christian Hesse | 1 | -1/+1 | |
Using 'print count-only' always prints a number to terminal, even if the value is evaluated in a condition or assigned to a variable. This can be quite annoying. Behavior will not chance (SUP-25503), so replacing the code... | |||||
2020-08-21 | check-certificates: wait to be fully connected | Christian Hesse | 1 | -4/+2 | |
2020-08-21 | check-certificates: fix usage of function | Christian Hesse | 1 | -1/+1 | |
2020-07-17 | check-certificates: add symbol in notification | Christian Hesse | 1 | -2/+3 | |
2020-07-16 | check-certificates: use $IfThenElse | Christian Hesse | 1 | -7/+3 | |
2020-06-19 | explicitly name the license | Christian Hesse | 1 | -0/+1 | |
Copyright (C) 2013-2020 Christian Hesse <mail@eworm.de> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. https://www.gnu.org/licenses/#GPL https://www.gnu.org/licenses/gpl.html https://www.gnu.org/licenses/gpl.md | |||||
2020-04-24 | check-certificates: exclude issued certificates on SCEP server | Christian Hesse | 1 | -16/+20 | |
2020-04-24 | check-certificates: always use parenthesis | Christian Hesse | 1 | -2/+2 | |
2020-04-24 | check-certificates: add missing blank | Christian Hesse | 1 | -1/+1 | |
2020-04-03 | check-certificates: warn about missing chain | Christian Hesse | 1 | -1/+3 | |
2020-04-03 | check-certificates: check and download certificate chain | Christian Hesse | 1 | -0/+3 | |
2020-03-27 | add doc/check-certificates.md | Christian Hesse | 1 | -0/+1 | |
2020-03-20 | check-certificates: exclude certificates issued by SCEP | Christian Hesse | 1 | -2/+2 | |
2020-03-05 | check-certificates: use $LogPrintExit for debug | Christian Hesse | 1 | -5/+5 | |
2020-02-28 | global-functions: sort alphabetically | Christian Hesse | 1 | -3/+3 | |
2020-02-26 | global-functions: merge $LogAnd{Error,Put} to $LogPrintExit ... | Christian Hesse | 1 | -7/+6 | |
... and fix logging. Logging with severity from variable (:log $severity ...) is not possible, this is considered a syntax error. Also the 'workaround' with parsing code failed with missing message in log. The reliable code is a lot longer, so merge the two functions to save a lot of duplicate code. | |||||
2020-02-26 | check-certificates: use $LogAndPut | Christian Hesse | 1 | -2/+3 | |
2020-02-26 | check-certificates: use $LogAndError | Christian Hesse | 1 | -2/+1 | |
2020-02-26 | global-functions: $LogAndError: add severity | Christian Hesse | 1 | -1/+1 | |
2020-02-26 | check-certificates: use $LogAndError | Christian Hesse | 1 | -2/+2 | |
2020-02-24 | check-certificates: check for synced time | Christian Hesse | 1 | -0/+6 | |
2020-02-06 | check-certificates: rename all certificates by their common names | Christian Hesse | 1 | -0/+5 | |
2020-01-01 | update copyright for 2020 | Christian Hesse | 1 | -1/+1 | |
2019-11-11 | check-certificates: make renew notification silent | Christian Hesse | 1 | -1/+1 | |
2019-07-31 | check-certificates: fix renewing certificate in place | Christian Hesse | 1 | -14/+18 | |
2019-07-18 | check-certificates: use $ParseKeyValueStore | Christian Hesse | 1 | -11/+3 | |
2019-05-21 | check-certificates: get certificate values into array | Christian Hesse | 1 | -43/+28 | |
2019-05-02 | check-certificates: do not try to renew locally issued certificates | Christian Hesse | 1 | -1/+1 | |
2019-05-02 | check-certificates: give issuer info on locally issued certificates | Christian Hesse | 1 | -1/+2 | |
Certificates issued locally do not have an 'issuer' property, but a 'ca' one. Looks like either of both is filled, so just concatenate. | |||||
2019-04-30 | global-functions: add $WaitForFile, wait for file on fetch | Christian Hesse | 1 | -1/+4 | |
The fetch command is asynchronous, the file is not guaranteed to be available when command terminates. I opened an issue at Mikrotik support (Ticket#2019041722004999), their answer: > You should perform a check in a loop. > :delay until file exist > > That can happen also with any configuration not just files. So add a function to wait for a file with given name. I have not seen this with other configuration, though. | |||||
2019-04-11 | check-certificates: make sure fingerprint is a string | Christian Hesse | 1 | -1/+1 | |
This makes sure the condition below works for certificate templates, which do not have a fingerprint. | |||||
2019-04-11 | check-certificates: do not send notification for templates | Christian Hesse | 1 | -1/+1 | |
2019-04-11 | check-certificates: always return a string in $GetIssuerCN | Christian Hesse | 1 | -0/+1 | |
2019-04-10 | check-certificates: add url encoding for certificate download | Christian Hesse | 1 | -4/+6 | |
2019-04-10 | check-certificates: try to fetch PEM and P12 file | Christian Hesse | 1 | -4/+10 | |
2019-04-10 | check-certificates: use full path... | Christian Hesse | 1 | -3/+3 | |
... to make sure syntax does not break if package is not installed. | |||||
2019-04-10 | check-certificates: just change certificates, no loop | Christian Hesse | 1 | -12/+4 | |
2019-04-09 | drop deprecated mode= for fetch | Christian Hesse | 1 | -1/+1 | |
2019-04-03 | always write warnings and errors to log | Christian Hesse | 1 | -0/+1 | |
2019-04-01 | check-certificates: support multiple passphraseschange-3 | Christian Hesse | 1 | -1/+3 | |
2019-03-28 | check-certificates: show remaining time | Christian Hesse | 1 | -8/+16 | |
2019-03-25 | check-certificates: update certificates for ipsec identities | Christian Hesse | 1 | -1/+12 | |
2019-03-06 | check-certificates: split loop for certificate renew and warning | Christian Hesse | 1 | -20/+27 | |
This allows to have differnt time values. | |||||
2019-01-12 | check-certificates: strip prefix from issuer CN | Christian Hesse | 1 | -1/+1 | |
2019-01-12 | check-certificates: properly handle expired certificates | Christian Hesse | 1 | -4/+11 | |
2019-01-09 | check-certificates: move conditions to loop | Christian Hesse | 1 | -60/+50 | |
2019-01-09 | check-certificates: shorten key for detailed infos | Christian Hesse | 1 | -10/+10 | |
2019-01-09 | check-certificates: show issuer CN only | Christian Hesse | 1 | -2/+11 | |
2019-01-09 | check-certificates: include the issuer in notifications | Christian Hesse | 1 | -0/+4 | |
2019-01-09 | check-certificates: update CommonName after renewal | Christian Hesse | 1 | -0/+1 | |
2019-01-09 | check-certificates: use time functionality | Christian Hesse | 1 | -25/+10 | |
No need to calculate that... | |||||
2019-01-09 | check-certificates: send notification on renewal | Christian Hesse | 1 | -8/+18 | |
2019-01-09 | check-certificates: drop extra warning | Christian Hesse | 1 | -2/+0 | |
A sent notification implies that renewal failed. | |||||
2019-01-04 | global: variable names are CamelCase | Christian Hesse | 1 | -47/+46 | |
___ _ ___ __ / _ )(_)__ _ / _/__ _/ /_ / _ / / _ `/ / _/ _ `/ __/ /____/_/\_, / /_/ \_,_/\__/ _ __ /___/ _ __ | | / /___ __________ (_)___ ____ _/ / | | /| / / __ `/ ___/ __ \/ / __ \/ __ `/ / | |/ |/ / /_/ / / / / / / / / / / /_/ /_/ |__/|__/\__,_/_/ /_/ /_/_/_/ /_/\__, (_) /____/ RouterOS has some odd behavior when it comes to variable names. Let's have a look at the interfaces: [admin@MikroTik] > / interface print where name=en1 Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU 0 RS en1 ether 1500 1598 That looks ok. Now we use a script: { :local interface "en1"; / interface print where name=$interface; } And the result... [admin@MikroTik] > { :local interface "en1"; {... / interface print where name=$interface; } Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU 0 RS en1 ether 1500 1598 ... still looks ok. We make a little modification to the script: { :local name "en1"; / interface print where name=$name; } And the result: [admin@MikroTik] > { :local name "en1"; {... / interface print where name=$name; } Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU 0 RS en1 ether 1500 1598 1 S en2 ether 1500 1598 2 S en3 ether 1500 1598 3 S en4 ether 1500 1598 4 S en5 ether 1500 1598 5 R br-local bridge 1500 1598 Ups! The filter has no effect! That happens whenever the variable name ($name) matches the property name (name=). And another modification: { :local type "en1"; / interface print where name=$type; } And the result: [admin@MikroTik] > { :local type "en1"; {... / interface print where name=$type; } Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU Ups! Nothing? Even if the variable name ($type) matches whatever property name (type=) things go wrong. The answer from MikroTik support (in Ticket#2019010222000454): > This is how scripting works in RouterOS and we will not fix it. To get around this we use variable names in CamelCase. Let's hope Mikrotik never ever introduces property names in CamelCase... *fingers crossed* | |||||
2019-01-02 | update copyright for 2019 | Christian Hesse | 1 | -1/+1 | |
2018-12-20 | check-certificates: support auto-renew of certificates | Christian Hesse | 1 | -10/+44 | |
2018-11-28 | global-functions: add identity tag in $SendNotification | Christian Hesse | 1 | -1/+1 | |
... and send subject in telegram message. | |||||
2018-10-10 | global: remove unused variables | Christian Hesse | 1 | -2/+0 | |
2018-10-09 | check-certificates: use function for notification | Christian Hesse | 1 | -3/+4 | |
2018-09-27 | start scripts with a magic token / shebang | Christian Hesse | 1 | -1/+1 | |
2018-08-24 | add empty comment at first line... | Christian Hesse | 1 | -0/+1 | |
... for better formatting in export. | |||||
2018-07-05 | add scripts | Christian Hesse | 1 | -0/+52 | |