aboutsummaryrefslogtreecommitdiff
path: root/sources
diff options
context:
space:
mode:
authorDavid Sommerseth <dazo@users.sourceforge.net>2010-05-16 19:42:40 +0200
committerDavid Sommerseth <dazo@users.sourceforge.net>2010-10-21 11:40:36 +0200
commit233105d2c9d1a2c6911342d8249b19310e94c251 (patch)
tree031046a0daa777874e9882c7ef4bc57fcff31471 /sources
parentAvoid repetition of "this config may cache passwords in memory" (v2) (diff)
downloadopenvpn-233105d2c9d1a2c6911342d8249b19310e94c251.tar.xz
OCSP_check.sh: new check logic
contrib/OCSP_check/OCSP_check.sh: I discovered that, quite surprisingly, the exit status of "openssl ocsp" is 0 even if the certificate status is "revoked". This means that the logic of the script needs to be rewritten so that it parses the output returned by the query and explicitly looks for a "0x<serial number>: good" line, and exit if either the command has a non-zero exit status, or the above line is not found. Doing that portably without bashisms requires some juggling around, so perhaps the code is slightly less clean now, but it does have many comments. Signed-off-by: Davide Brini <dave_br@gmx.com> Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> Acked-by: David Sommerseth <dazo@users.sourceforge.net>
Diffstat (limited to 'sources')
0 files changed, 0 insertions, 0 deletions