smeserver-openvpn-s2s/root/etc/e-smith/events/actions/openvpn-s2s-update-crl

35 lines
1008 B
Bash

#!/bin/bash
DOMAIN=$(/sbin/e-smith/db configuration get DomainName)
for VPN in $(/sbin/e-smith/db openvpn-s2s keys); do
URL=$(/sbin/e-smith/db openvpn-s2s getprop $VPN CrlUrl)
AUTH=$(/sbin/e-smith/db openvpn-s2s getprop $VPN Authentication)
if [ ! -z "$URL" -a "$AUTH" == 'TLS' ]; then
/usr/bin/wget --timeout=5 $URL -O /tmp/cacrl.pem > /dev/null 2>&1
/usr/bin/openssl crl -inform PEM -in /tmp/cacrl.pem -text > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
/bin/mv -f /tmp/cacrl.pem /etc/openvpn/s2s/pub/"$VPN"_cacrl.pem > /dev/null 2>&1
else
cat > /tmp/crlmail <<END
An error occured while updating the CRL for the VPN ID $VPN
because openssl didn't recognize the file as a valid CRL.
Below is the copy of the latest CRL downloaded from
$URL
END
cat /tmp/cacrl.pem >> /tmp/crlmail
mail -s 'CRL update failed' admin@$DOMAIN < /tmp/crlmail
fi
rm -f /tmp/cacrl.pem
rm -f /tmp/crlmail
fi
done