check-certificates: handle decryption failures and warn
If a download succeeds at least one of the given passphrases is expected to decrypt a key in the file.
This commit is contained in:
parent
b0d3e3d5f4
commit
f62328ee8d
|
@ -49,11 +49,20 @@ $WaitFullyConnected;
|
|||
/tool/fetch check-certificate=yes-without-crl \
|
||||
($CertRenewUrl . $CertFileName) dst-path=$CertFileName as-value;
|
||||
$WaitForFile $CertFileName;
|
||||
|
||||
:local DecryptionFailed true;
|
||||
:foreach PassPhrase in=$CertRenewPass do={
|
||||
/certificate/import file-name=$CertFileName passphrase=$PassPhrase as-value;
|
||||
:local Result [ /certificate/import file-name=$CertFileName passphrase=$PassPhrase as-value ];
|
||||
:if ($Result->"decryption-failures" = 0) do={
|
||||
:set DecryptionFailed false;
|
||||
}
|
||||
}
|
||||
/file/remove [ find where name=$CertFileName ];
|
||||
|
||||
:if ($DecryptionFailed = true) do={
|
||||
$LogPrintExit2 warning $0 ("Decryption failed for certificate file " . $CertFileName) false;
|
||||
}
|
||||
|
||||
:foreach CertInChain in=[ /certificate/find where name~("^" . $CertFileName . "_[0-9]+\$") common-name!=($CertVal->"common-name") ] do={
|
||||
$CertificateNameByCN [ /certificate/get $CertInChain common-name ];
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue