mirror/eworm-de-routeros-scripts
1
0
Fork 0
mirror of https://github.com/eworm-de/routeros-scripts.git synced 2024-05-11 05:55:19 +00:00
Code Releases Activity

global-functions: $CertificateAvailable: check whole chain

Browse Source 
The root certificate is a self-signed certificate. Check for the issue
certificate until we find the self-signed one.
This commit is contained in:
Christian Hesse
2020-01-29 21:01:48 +01:00
parent 801dce05fa
commit 352818ea48
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
global-functions
View File

@@ -116,6 +116,7 @@
:local CommonName [ :tostr $1 ];
:global CertificateDownload;
:global ParseKeyValueStore;
:if ([ / system resource get free-hdd-space ] < 8388608 && \
[ / certificate settings get crl-download ] = true && \
@@ -127,6 +128,17 @@
:log info ("Certificate with CommonName \"" . $CommonName . "\" not available.");
$CertificateDownload $CommonName;
}
:local CertVal [ / certificate get [ find where common-name=$CommonName ] ];
:local Issuer ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN");
:while ($Issuer != $CertVal->"common-name") do={
:if ([ / certificate print count-only where common-name=$Issuer ] = 0) do={
:log info ("Certificate chain for \"" . $CommonName . "\" is incomplete, missing \"" . $Issuer . "\".");
$CertificateDownload $CommonName;
}
:set CertVal [ / certificate get [ find where common-name=$Issuer ] ];
:set Issuer ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN");
}
}
# send notification via e-mail