Skip to content
Snippets Groups Projects
Commit 1ba2910e authored by Gabriel Moreau's avatar Gabriel Moreau
Browse files

Better code and better test ?

parent 61851285
No related branches found
No related tags found
No related merge requests found
Pipeline #192651 passed
Stage: build
Stage: deploy
Hide whitespace changes
Inline Side-by-side
Showing
with 14 additions and 24 deletions
certcheck
+ 14
24
View file @ 1ba2910e
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
export LANG=C export LANG=C
export VERSION=0.3.11 export VERSION=0.3.12
function usage() { function usage() {
cat <<END_USAGE cat <<END_USAGE
...@@ -30,17 +30,17 @@ function say_warning() { ...@@ -30,17 +30,17 @@ function say_warning() {
[ -z "$(pidof openssl)" ] || say_warning "openssl running, consider: killall openssl" [ -z "$(pidof openssl)" ] || say_warning "openssl running, consider: killall openssl"
PID_SSL= PID_SSL=
function call_kick() { function call_server_kick() {
[ -n "${PID_SSL}" ] && kill "${PID_SSL}" && sleep .2 [ -n "${PID_SSL}" ] && kill "${PID_SSL}" && sleep .2
PID_SSL= PID_SSL=
} }
trap 'call_kick' 0 trap 'call_server_kick' 0
function call_serve() { function call_server_launch() {
call_kick call_server_kick
PID_SSL= PID_SSL=
openssl s_server -key "${KEY}" -cert "${CRT}" "$@" -www & openssl s_server -key "${KEY}" -cert "${CRT}" "$@" -www > /dev/null &
PID_SSL=$! PID_SSL=$!
sleep .5 # give it time to startup sleep .5 # give it time to startup
} }
...@@ -62,17 +62,7 @@ function call_check_chained() { ...@@ -62,17 +62,7 @@ function call_check_chained() {
} }
function call_check_selfsigned() { function call_check_selfsigned() {
while read -r line echo | openssl s_client -verify 8 -CApath /etc/ssl/certs/ 2>&1 | grep -q 'Verification error: self-signed certificate' && return 0
do
case "$line" in
'Verification error: self-signed certificate')
return 0
;;
'Verification error: '*)
return 1
;;
esac
done < <(echo | openssl s_client -verify 8 -CApath /etc/ssl/certs/)
say_warning "something failed, verification output not found!" say_warning "something failed, verification output not found!"
return 2 return 2
} }
...@@ -91,7 +81,7 @@ function check_certchained() { ...@@ -91,7 +81,7 @@ function check_certchained() {
return $((${same} - 1)) return $((${same} - 1))
} }
function call_cfiles() { function call_configfiles() {
[ -s "${CRT}" ] || CRT="${ARG}" [ -s "${CRT}" ] || CRT="${ARG}"
[ -s "${CRT}" ] || CRT="${ARG}.cer" [ -s "${CRT}" ] || CRT="${ARG}.cer"
[ -s "${CRT}" ] || CRT="${ARG}.pub.pem" [ -s "${CRT}" ] || CRT="${ARG}.pub.pem"
...@@ -106,7 +96,7 @@ ARG="${1%.}" ...@@ -106,7 +96,7 @@ ARG="${1%.}"
CRT="${ARG}.crt" CRT="${ARG}.crt"
KEY="${ARG}.key" KEY="${ARG}.key"
BND="${ARG}.bundle" BND="${ARG}.bundle"
call_cfiles call_configfiles
case "${action}" in case "${action}" in
check) check)
...@@ -119,22 +109,22 @@ case "${action}" in ...@@ -119,22 +109,22 @@ case "${action}" in
[ -s "${BND}" ] || say_warning "missing ${BND}" [ -s "${BND}" ] || say_warning "missing ${BND}"
fi fi
call_serve call_server_launch
if check_certchained "${CRT}" if check_certchained "${CRT}"
then then
call_check_chained && echo "Error: CA-Bundle is not needed!" call_check_chained && echo "Error: CA-Bundle is not needed!"
echo echo
call_serve -CAfile "${BND}" call_server_launch -CAfile "${BND}"
call_check_chained call_check_chained
else else
call_check_selfsigned && echo "Error: not self-signed certificate!" call_check_selfsigned || echo "Error: not self-signed certificate!"
echo echo
fi fi
ret=$? ret=$?
call_kick call_server_kick
echo echo
case $ret in case ${ret} in
0) 0)
echo "Ok: everything is good" echo "Ok: everything is good"
echo "ApacheConf: SSLCertificateKeyFile ${KEY}" echo "ApacheConf: SSLCertificateKeyFile ${KEY}"
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment