diff options
| author | Jan Pokorný <jpokorny@redhat.com> | 2014-01-08 23:42:21 +0100 |
|---|---|---|
| committer | Jan Pokorný <jpokorny@redhat.com> | 2014-01-08 23:42:21 +0100 |
| commit | 85222ae4f1f028abb02a0c82ae449e3dad0b4861 (patch) | |
| tree | 86cadad9920dd00ff33bffe021adf4570e1544bc | |
| parent | b2d5e39a4e1ae80da2971befd1b2039ebf3648cc (diff) | |
| download | dotfiles-85222ae4f1f028abb02a0c82ae449e3dad0b4861.tar.gz dotfiles-85222ae4f1f028abb02a0c82ae449e3dad0b4861.tar.xz dotfiles-85222ae4f1f028abb02a0c82ae449e3dad0b4861.zip | |
Cert scripts: fix some issue with GeoTrust distributed certs
- CRLF newlines !
- no trailing newline!!
Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
| -rwxr-xr-x | scripts/certs/cert-check | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/scripts/certs/cert-check b/scripts/certs/cert-check index d349933..b3b66f7 100755 --- a/scripts/certs/cert-check +++ b/scripts/certs/cert-check @@ -91,24 +91,24 @@ cert_pick_url_selfsigned() { [ "$(guess_cmd "${cont}")" = "x509" ] || return $? { echo -e "GET /${cont} HTTP/1.0\nHost: ${machine}\n"; sleep 2; } \ | openssl s_client -connect "${machine}:${port}" -crlf 2>/dev/null \ - | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/{p;d};/^\r$/,/-BEGIN CERTIFICATE-/{/-BEGIN CERTIFICATE-/d;p}' \ + | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/{/-END CERTIFICATE-/{s|^\(-\+[A-Z ]\+-\+\).*|\1|};s|\r||g;p;d}' \ + -e '/^\r$/,/-BEGIN CERTIFICATE-/{/-BEGIN CERTIFICATE-/p;d}' \ | { local tmpfile=$(mktemp /tmp/.XXXXXX) cat >${tmpfile} # try converting DER to PEM and appending to the original file - awk '/-END CERTIFICATE-/{++i;next;}{if(i > 0){print;};}' ${tmpfile} \ - | tail -n+2 \ + awk '/-BEGIN CERTIFICATE-/{++i;}{if(i > 1){print;}}' ${tmpfile} \ | openssl x509 -inform DER -in /dev/stdin >${tmpfile}.1 cat ${tmpfile}.1 >> ${tmpfile} rm ${tmpfile}.1 [ $i -eq 1 ] \ || openssl verify -CAfile \ - <(cat "${HOMEBUNDLE}" "${outtmpfile}") \ - <(awk '/-BEGIN CERTIFICATE-/{++i;}{if(i > 1){print;}}' ${tmpfile}) >&2 + <(cat "${HOMEBUNDLE}" "${outtmpfile}") \ + <(awk '/-BEGIN CERTIFICATE-/{++i;}{if(i > 1){print;}}' ${tmpfile}) >&2 ret=$? - #echo "i: $i, ret: $ret; $outtmpfile, $tmpfile" >&2 + echo "i: $i, ret: $ret; $outtmpfile, $tmpfile" >&2 [ $ret -eq 0 ] \ - && openssl x509 -inform "${inform}" -in \ - <(awk '/-BEGIN CERTIFICATE-/{++i;}{if(i > 1){print;}}' ${tmpfile}) >>${outtmpfile} + && openssl x509 -inform "${inform}" -in \ + <(awk '/-BEGIN CERTIFICATE-/{++i;}{if(i > 1){print;}}' ${tmpfile}) >>${outtmpfile} [ $i -eq $# ] \ && { awk '/-END CERTIFICATE-/{print; exit;}{print;}' ${tmpfile} \ |