Addl warning for trust with an old-ish OPENSSH version

This commit is contained in:
Frank Breedijk 2015-12-21 14:59:23 +01:00
parent 0bbc0a6a48
commit 7e81ee3f08

View File

@ -2227,6 +2227,7 @@ determine_trust() {
local code local code
local ca_bundles="$INSTALL_DIR/etc/*.pem" local ca_bundles="$INSTALL_DIR/etc/*.pem"
local spaces=" " local spaces=" "
local addtl_warning
if [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == "1.1.0" ]]; then if [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR == "1.1.0" ]]; then
pr_litemagentaln "Your $OPENSSL is too new, needed is version 1.0.2" pr_litemagentaln "Your $OPENSSL is too new, needed is version 1.0.2"
@ -2234,7 +2235,8 @@ determine_trust() {
return 7 return 7
elif [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != "1.0.2" ]]; then elif [[ $OSSL_VER_MAJOR.$OSSL_VER_MINOR != "1.0.2" ]]; then
pr_litemagentaln "Your $OPENSSL is too old, needed is version >=1.0.2" pr_litemagentaln "Your $OPENSSL is too old, needed is version >=1.0.2"
output_finding "trust" "$NODEIP" "$PORT" "WARN" "Your $OPENSSL is too old, need version 1.0.2 to determine trust" addtl_warning="Your $OPENSSL is too old, need version 1.0.2 to determine trust. Results may be unrelyable."
output_finding "trust_warn" "$NODEIP" "$PORT" "WARN" "$addtl_warning"
fi fi
debugme outln debugme outln
for bundle_fname in $ca_bundles; do for bundle_fname in $ca_bundles; do
@ -2261,14 +2263,14 @@ determine_trust() {
# all stores ok # all stores ok
if ${trust[1]} && ${trust[2]} && ${trust[3]} && ${trust[4]}; then if ${trust[1]} && ${trust[2]} && ${trust[3]} && ${trust[4]}; then
pr_litegreen "Ok " pr_litegreen "Ok "
output_finding "trust" "$NODEIP" "$PORT" "OK" "All certificate trust checks passed" output_finding "trust" "$NODEIP" "$PORT" "OK" "All certificate trust checks passed.\n$addtl_warning"
# at least one failed # at least one failed
else else
pr_litered "NOT ok" pr_litered "NOT ok"
# all failed (we assume with the same issue) # all failed (we assume with the same issue)
if ! ${trust[1]} && ! ${trust[2]} && ! ${trust[3]} && ! ${trust[4]}; then if ! ${trust[1]} && ! ${trust[2]} && ! ${trust[3]} && ! ${trust[4]}; then
verify_retcode_helper "${verify_retcode[2]}" verify_retcode_helper "${verify_retcode[2]}"
output_finding "trust" "$NODEIP" "$PORT" "NOT OK" "All certificate trust checks failed: `verify_retcode_helper "${verify_retcode[2]}"`" output_finding "trust" "$NODEIP" "$PORT" "NOT OK" "All certificate trust checks failed: `verify_retcode_helper "${verify_retcode[2]}"`.\n$addtl_warning"
else else
# is one ok and the others not? # is one ok and the others not?
if ${trust[1]} || ${trust[2]} || ${trust[3]} || ${trust[4]}; then if ${trust[1]} || ${trust[2]} || ${trust[3]} || ${trust[4]}; then
@ -2290,7 +2292,7 @@ determine_trust() {
[[ $DEBUG -eq 0 ]] && out "$spaces" [[ $DEBUG -eq 0 ]] && out "$spaces"
pr_litegreen "OK: $ok_was" pr_litegreen "OK: $ok_was"
fi fi
output_finding "trust" "$NODEIP" "$PORT" "NOT OK" "Some certificate trust checks failed\nOK : $ok_was\nNOT ok:\n$notok_was" output_finding "trust" "$NODEIP" "$PORT" "NOT OK" "Some certificate trust checks failed\nOK : $ok_was\nNOT ok:\n$notok_was\n\n$addtl_warning"
fi fi
fi fi
outln outln