Ede_Vau
/
routeros-scripts
mirror of https://github.com/eworm-de/routeros-scripts
1
0
Fork 0
Code Issues Releases Wiki Activity

check-certificates: handle decryption failures and warn 

If a download succeeds at least one of the given passphrases is
expected to decrypt a key in the file.
This commit is contained in:
Christian Hesse 2023-01-26 21:20:10 +01:00
parent b0d3e3d5f4
commit f62328ee8d
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
check-certificates
View File

@ -49,11 +49,20 @@ $WaitFullyConnected;
/tool/fetch check-certificate=yes-without-crl \
($CertRenewUrl . $CertFileName) dst-path=$CertFileName as-value;
$WaitForFile $CertFileName;
:local DecryptionFailed true;
:foreach PassPhrase in=$CertRenewPass do={
/certificate/import file-name=$CertFileName passphrase=$PassPhrase as-value;
:local Result [ /certificate/import file-name=$CertFileName passphrase=$PassPhrase as-value ];
:if ($Result->"decryption-failures" = 0) do={
:set DecryptionFailed false;
}
}
/file/remove [ find where name=$CertFileName ];
:if ($DecryptionFailed = true) do={
$LogPrintExit2 warning $0 ("Decryption failed for certificate file " . $CertFileName) false;
}
:foreach CertInChain in=[ /certificate/find where name~("^" . $CertFileName . "_[0-9]+\$") common-name!=($CertVal->"common-name") ] do={
$CertificateNameByCN [ /certificate/get $CertInChain common-name ];
}