35 lines
1008 B
Bash
35 lines
1008 B
Bash
#!/bin/bash
|
|
|
|
DOMAIN=$(/sbin/e-smith/db configuration get DomainName)
|
|
|
|
for VPN in $(/sbin/e-smith/db openvpn-s2s keys); do
|
|
URL=$(/sbin/e-smith/db openvpn-s2s getprop $VPN CrlUrl)
|
|
AUTH=$(/sbin/e-smith/db openvpn-s2s getprop $VPN Authentication)
|
|
|
|
if [ ! -z "$URL" -a "$AUTH" == 'TLS' ]; then
|
|
|
|
/usr/bin/wget --timeout=5 $URL -O /tmp/cacrl.pem > /dev/null 2>&1
|
|
|
|
/usr/bin/openssl crl -inform PEM -in /tmp/cacrl.pem -text > /dev/null 2>&1
|
|
|
|
if [ "$?" -eq "0" ]; then
|
|
/bin/mv -f /tmp/cacrl.pem /etc/openvpn/s2s/pub/"$VPN"_cacrl.pem > /dev/null 2>&1
|
|
else
|
|
cat > /tmp/crlmail <<END
|
|
|
|
An error occured while updating the CRL for the VPN ID $VPN
|
|
because openssl didn't recognize the file as a valid CRL.
|
|
Below is the copy of the latest CRL downloaded from
|
|
$URL
|
|
|
|
END
|
|
cat /tmp/cacrl.pem >> /tmp/crlmail
|
|
mail -s 'CRL update failed' admin@$DOMAIN < /tmp/crlmail
|
|
fi
|
|
|
|
rm -f /tmp/cacrl.pem
|
|
rm -f /tmp/crlmail
|
|
fi
|
|
done
|
|
|