initial commit of file from CVS for smeserver-openvpn-s2s on Sat Sep 7 19:57:57 AEST 2024

root/etc/e-smith/events/actions/openvpn-s2s-update-crl

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+DOMAIN=$(/sbin/e-smith/db configuration get DomainName)
+
+for VPN in $(/sbin/e-smith/db openvpn-s2s keys); do
+    URL=$(/sbin/e-smith/db openvpn-s2s getprop $VPN CrlUrl)
+    AUTH=$(/sbin/e-smith/db openvpn-s2s getprop $VPN Authentication)
+
+    if [ ! -z "$URL" -a "$AUTH" == 'TLS' ]; then
+
+        /usr/bin/wget --timeout=5 $URL -O /tmp/cacrl.pem > /dev/null 2>&1
+
+        /usr/bin/openssl crl -inform PEM -in /tmp/cacrl.pem -text > /dev/null 2>&1
+
+        if [ "$?" -eq "0" ]; then
+            /bin/mv -f /tmp/cacrl.pem /etc/openvpn/s2s/pub/"$VPN"_cacrl.pem > /dev/null 2>&1
+        else
+            cat > /tmp/crlmail <<END
+
+An error occured while updating the CRL for the VPN ID $VPN
+because openssl didn't recognize the file as a valid CRL.
+Below is the copy of the latest CRL downloaded from
+$URL
+
+END
+            cat /tmp/cacrl.pem >> /tmp/crlmail
+            mail -s 'CRL update failed' admin@$DOMAIN < /tmp/crlmail
+        fi
+
+    rm -f /tmp/cacrl.pem
+    rm -f /tmp/crlmail
+    fi
+done
+