From 26f0c6595348bd2b6c9cc3b30736d350afb782c7 Mon Sep 17 00:00:00 2001
From: Serghey Rodin <serghey.rodin@gmail.com>
Date: Tue, 22 Jul 2014 00:17:41 +0300
Subject: [PATCH] SSL CA validation improvements

---
 func/domain.sh | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/func/domain.sh b/func/domain.sh
index fc10c38d..65d62f73 100644
--- a/func/domain.sh
+++ b/func/domain.sh
@@ -327,15 +327,9 @@ is_web_domain_cert_valid() {
     fi
 
     if [ -e "$ssl_dir/$domain.ca" ]; then
-        ca_vrf=$(openssl verify $ssl_dir/$domain.ca 2>/dev/null |grep 'OK')
-        if [ -z "$ca_vrf" ]; then
-            echo "Error: ssl certificate authority is not valid"
-            log_event "$E_INVALID" "$EVENT"
-            exit $E_INVALID
-        fi
-
-        crt_vrf=$(openssl verify -untrusted $ssl_dir/$domain.ca \
-            $ssl_dir/$domain.crt 2>/dev/null |grep 'OK')
+        crt_vrf=$(openssl verify -purpose sslserver \
+            -CAfile $ssl_dir/$domain.ca $ssl_dir/$domain.crt 2>/dev/null |\
+            grep 'OK')
         if [ -z "$crt_vrf" ]; then
             echo "Error: root or/and intermediate cerificate not found"
             log_event "$E_NOTEXIST" "$EVENT"