diff --git a/UpdateCRL.sh b/UpdateCRL.sh index d534a8f..5ed00db 100755 --- a/UpdateCRL.sh +++ b/UpdateCRL.sh @@ -33,8 +33,8 @@ function ERROR { ########################################################### -PATHCRL=/etc/CertsAndKeys -CRL=(UniHGW-CRL.pem GEANT-RSA-CRL.pem GEANT-ECC-CRL.pem) +PATHCRL=/usr/local/share/ca-certificates +CRL=(UniHGW-CRL GEANT-RSA-CRL GEANT-ECC-CRL) PATHSSL=/etc/ssl/certs LASTRUN=/var/lib/runtime/$(basename "$0" .sh).lastrun ERR=0 @@ -49,52 +49,42 @@ fi for CRL in "${CRL[@]}" do - URLCRL=https://cacher.rz.uni-greifswald.de/$CRL + URLCRL=https://cacher.rz.uni-greifswald.de/$CRL.pem # Download CRL - if ! /usr/bin/timeout 5s wget -q -O /tmp/"$CRL" "$URLCRL"; then + if ! /usr/bin/timeout 5s wget -q -O "/tmp/$CRL.pem" "$URLCRL"; then ERROR "Could not download $CRL!" ERR=1 continue fi # Verify CRL - if ! /usr/bin/openssl crl -CApath "$PATHSSL" -in /tmp/"$CRL" -noout > /dev/null 2>&1; then + if ! /usr/bin/openssl crl -CApath "$PATHSSL" -in "/tmp/$CRL.pem" -noout > /dev/null 2>&1; then ERROR "Could not verify $CRL against $PATHSSL!" ERR=1 - rm -f /tmp/"$CRL" + rm -f "/tmp/$CRL.pem" continue fi # Check CRL validity - CRLDATETIME=$(openssl crl -in /tmp/"$CRL" -nextupdate -noout | sed 's/nextUpdate=//g') + CRLDATETIME=$(openssl crl -in "/tmp/$CRL.pem" -nextupdate -noout | sed 's/nextUpdate=//g') VALIDUNTIL=$(date -d "$CRLDATETIME" +%s) if [[ "$VALIDUNTIL" -lt $(date +%s) ]]; then ERROR "$CRL is invalid!" ERR=1 - rm -f /tmp/"$CRL" + rm -f "/tmp/$CRL.pem" continue fi # Move CRL to final destination path - if ! mv -f /tmp/"$CRL" "$PATHCRL"/"$CRL"; then + if ! mv -f "/tmp/$CRL.pem" "$PATHCRL/$CRL.crt"; then ERROR "Could not move CRL to $PATHCRL!" ERR=1 - rm -f /tmp/"$CRL" + rm -f "/tmp/$CRL.pem" continue fi - # Link CRL - if [[ ! -L "$PATHSSL"/"$CRL" ]]; then - if ! ln -s "$PATHCRL"/"$CRL" "$PATHSSL"/"$CRL"; then - ERROR "Could not create CRL link to $PATHSSL!" - ERR=1 - rm -f "$PATHCRL"/"$CRL" "$PATHSSL"/"$CRL" - continue - fi - fi - INFO "$CRL successfully updated" done