Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Adds a warning when downloaded CRL is PEM format

Browse Source
This commit is contained in:
teki69 2023-05-23 11:37:03 +02:00 committed by GitHub
parent ebcb5554a8
commit eb76fd08cb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 24046 additions and 24043 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
testssl.sh
View File

@ -1979,12 +1979,15 @@ check_revocation_crl() {
return 1 return 1
fi fi
# -crl_download could be more elegant but is supported from 1.0.2 onwards only # -crl_download could be more elegant but is supported from 1.0.2 onwards only
cp "$tmpfile" "${tmpfile%%.crl}.pem" $OPENSSL crl -inform DER -in "$tmpfile" -outform PEM -out "${tmpfile%%.crl}.pem" &>$ERRFILE
grep -qe 'BEGIN X509 CRL' "${tmpfile%%.crl}.pem" || $OPENSSL crl -inform DER -in "$tmpfile" -outform PEM -out "${tmpfile%%.crl}.pem" &>$ERRFILE
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
pr_warning "conversion of \"$tmpfile\" failed" if grep -qe 'BEGIN X509 CRL' "$tmpfile"; then
fileout "$jsonID" "WARN" "conversion of CRL to PEM format failed" mv "$tmpfile" "${tmpfile%%.crl}.pem"
return 1 else
pr_warning "conversion of \"$tmpfile\" failed"
fileout "$jsonID" "WARN" "conversion of CRL to PEM format failed"
return 1
fi
fi fi
if grep -qe '-----BEGIN CERTIFICATE-----' $TEMPDIR/intermediatecerts.pem; then if grep -qe '-----BEGIN CERTIFICATE-----' $TEMPDIR/intermediatecerts.pem; then
$OPENSSL verify -crl_check -CAfile <(cat $ADDTL_CA_FILES "$GOOD_CA_BUNDLE" "${tmpfile%%.crl}.pem") -untrusted $TEMPDIR/intermediatecerts.pem $HOSTCERT &> "${tmpfile%%.crl}.err" $OPENSSL verify -crl_check -CAfile <(cat $ADDTL_CA_FILES "$GOOD_CA_BUNDLE" "${tmpfile%%.crl}.pem") -untrusted $TEMPDIR/intermediatecerts.pem $HOSTCERT &> "${tmpfile%%.crl}.err"