Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2024-12-29 04:49:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2363 from teki69/patch-1

Browse Source 
Fix CRL conversion issue when already in PEM format
This commit is contained in:
Dirk Wetter 2023-05-23 18:38:46 +02:00 committed by GitHub
commit 947b2565e6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
testssl.sh
View File

@ -1981,9 +1981,13 @@ check_revocation_crl() {
# -crl_download could be more elegant but is supported from 1.0.2 onwards only
$OPENSSL crl -inform DER -in "$tmpfile" -outform PEM -out "${tmpfile%%.crl}.pem" &>$ERRFILE
if [[ $? -ne 0 ]]; then
pr_warning "conversion of \"$tmpfile\" failed"
fileout "$jsonID" "WARN" "conversion of CRL to PEM format failed"
return 1
if grep -qe 'BEGIN X509 CRL' "$tmpfile"; then
mv "$tmpfile" "${tmpfile%%.crl}.pem"
else
pr_warning "conversion of \"$tmpfile\" failed"
fileout "$jsonID" "WARN" "conversion of CRL to PEM format failed"
return 1
fi
fi
if grep -qe '-----BEGIN CERTIFICATE-----' $TEMPDIR/intermediatecerts.pem; then
$OPENSSL verify -crl_check -CAfile <(cat $ADDTL_CA_FILES "$GOOD_CA_BUNDLE" "${tmpfile%%.crl}.pem") -untrusted $TEMPDIR/intermediatecerts.pem $HOSTCERT &> "${tmpfile%%.crl}.err"