handle better missing ca_hashes.txt

This commit is contained in:
Dirk 2016-11-04 08:39:14 +01:00
parent 63ec369f34
commit f18a398ce3
1 changed files with 6 additions and 1 deletions

View File

@ -1168,7 +1168,7 @@ run_hpkp() {
# we compare now against a precompiled list of SPKIs against the ROOT CAs we have in $ca_hashes # we compare now against a precompiled list of SPKIs against the ROOT CAs we have in $ca_hashes
if ! "$certificate_found"; then if ! "$certificate_found"; then
hpkp_matches=$(grep -h "$hpkp_spki" $ca_hashes | sort -u) hpkp_matches=$(grep -h "$hpkp_spki" $ca_hashes 2>/dev/null | sort -u)
if [[ -n $hpkp_matches ]]; then if [[ -n $hpkp_matches ]]; then
certificate_found=true # root CA found certificate_found=true # root CA found
spki_match=true spki_match=true
@ -1230,6 +1230,11 @@ run_hpkp() {
outln "$spaces_indented ${backup_spki[i]}" outln "$spaces_indented ${backup_spki[i]}"
fi fi
done done
if [[ ! -f "$ca_hashes" ]] && "$spki_match"; then
out "$spaces "
pr_warningln "Attribution of further hashes couldn't be done as $ca_hashes could not be found"
fileout "hpkp_spkimatch" "WARN" "Attribution of further hashes couldn't be done as $ca_hashes could not be found"
fi
# If all else fails... # If all else fails...
if ! "$spki_match"; then if ! "$spki_match"; then