diff options
| author | Erich Eckner <git@eckner.net> | 2019-09-01 23:40:29 +0200 |
|---|---|---|
| committer | Erich Eckner <git@eckner.net> | 2019-09-01 23:40:29 +0200 |
| commit | 02572106d5b93bec4ff4325c52a5a4585aa07ed4 (patch) | |
| tree | 82b046a1b5ef82c88132f2b8d3c814733b660e75 | |
| parent | f46afcd7a0cd2f38a99b24257fcfb218f6bfa1fe (diff) | |
| download | simple-pki-02572106d5b93bec4ff4325c52a5a4585aa07ed4.tar.xz | |
sign-request: bug fixes
| -rwxr-xr-x | sign-request.in | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/sign-request.in b/sign-request.in index 6266e45..b464552 100755 --- a/sign-request.in +++ b/sign-request.in @@ -25,6 +25,7 @@ while read -r csr; do if ! content=$( openssl req -text -noout -verify -in "${csr_local}" 2>/dev/null ); then + >&2 echo 'verify failed - skipping' rm "${csr_local}" continue fi @@ -49,11 +50,13 @@ while read -r csr; do | tr -d ' ' \ | tr ',' '/' ) - if [ -n "${cn#${ca_subject_prefix}/CN=*/}" ]; then + if [ -n "${cn%${ca_subject_prefix#/}/CN=*}" ]; then + >&2 printf 'wrong subject: "%s" vs. "%s"\n' \ + "${cn}" \ + "${ca_subject_prefix#/}/CN=*" continue fi - cn="${cn#${ca_subject_prefix}/CN=}" - cn="${cn%/}" + cn="${cn#${ca_subject_prefix#/}/CN=}" sans=$( printf '%s\n' "${content}" \ | sed -n ' @@ -69,6 +72,8 @@ while read -r csr; do ' ) if printf '%s\n' "${sans}" | grep -vq '^\(DNS\|IP\):'; then + >&2 echo 'invalid sans - skipping' + rm "${csr_local}" continue fi sans=$( @@ -82,6 +87,7 @@ while read -r csr; do | while read -r san; do if ! curl -Ss --insecure 'https://'"${san}/${csr#*//*/}" \ | diff -q - "${csr_local}"; then + >&2 printf 'invalid san "%s" - skipping\n' "${san}" rm "${csr_local}" break fi @@ -92,11 +98,12 @@ while read -r csr; do continue fi if [ "$(printf '%s\n' "${cn}" "${sans}")" != "${ok_sans}" ]; then + >&2 echo 'some san was invalid - skipping' rm "${csr_local}" continue fi if [ ! -f "${key_dir}/${ca_name}.key" ] \ - || [ $((2*$(date +%s) + $(stat -c%Y "${key_dir}/${ca_name}.key"))) -gt 3*$(stat -c%Y "${key_dir}/${ca_name}.key.new"))) ]; then + || [ $((2*$(date +%s) + $(stat -c%Y "${key_dir}/${ca_name}.key"))) -gt $((3*$(stat -c%Y "${key_dir}/${ca_name}.key.new"))) ]; then key_to_use="${key_dir}/${ca_name}.key.new" crt_to_use="${key_dir}/${ca_name}.crt.new" else @@ -114,4 +121,4 @@ while read -r csr; do done cd "${tmp_dir}" -tar -czf - * +tar -czf - *.crt |