mirror of
https://github.com/serghey-rodin/vesta.git
synced 2025-08-19 13:01:51 -07:00
imroved ssl certificate validation
This commit is contained in:
Serghey Rodin
parent
3bbd56c588
commit
6053b90fbd
1 changed files with 41 additions and 24 deletions
|
|
@ -249,42 +249,59 @@ get_domain_values() {
|
||||||
|
|
||||||
# SSL certificate verification
|
# SSL certificate verification
|
||||||
is_web_domain_cert_valid() {
|
is_web_domain_cert_valid() {
|
||||||
if [ ! -e "$ssl_dir/$domain.crt" ] || [ ! -e "$ssl_dir/$domain.key" ]; then
|
if [ ! -e "$ssl_dir/$domain.crt" ]; then
|
||||||
echo "Error: $ssl_dir/$domain.[crt|key] not found"
|
echo "Error: $ssl_dir/$domain.crt not found"
|
||||||
log_event "$E_NOTEXIST" "$EVENT"
|
log_event "$E_NOTEXIST" "$EVENT"
|
||||||
exit $E_NOTEXIST
|
exit $E_NOTEXIST
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! -e "$ssl_dir/$domain.ca" ]; then
|
if [ ! -e "$ssl_dir/$domain.key" ]; then
|
||||||
crt=$(openssl verify $ssl_dir/$domain.crt 2>/dev/null |grep 'OK')
|
echo "Error: $ssl_dir/$domain.key not found"
|
||||||
else
|
log_event "$E_NOTEXIST" "$EVENT"
|
||||||
crt=$(openssl verify -untrusted $ssl_dir/$domain.ca \
|
exit $E_NOTEXIST
|
||||||
$ssl_dir/$domain.crt 2>/dev/null |grep 'OK')
|
|
||||||
fi
|
fi
|
||||||
#if [ -z "$crt" ]; then
|
|
||||||
# echo "Error: certificate is not valid"
|
|
||||||
# log_event "$E_INVALID" "$EVENT"
|
|
||||||
# exit $E_INVALID
|
|
||||||
#fi
|
|
||||||
|
|
||||||
openssl rsa -in "$ssl_dir/$domain.key" -check &>/dev/null
|
crt_vrf=$(openssl verify $ssl_dir/$domain.crt 2>&1)
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ ! -z "$(echo $crt_vrf | grep 'unable to load')" ]; then
|
||||||
|
echo "Error: certificate is not valid"
|
||||||
|
log_event "$E_INVALID" "$EVENT"
|
||||||
|
exit $E_INVALID
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -z "$(echo $crt_vrf | grep 'unable to get local issuer')" ]; then
|
||||||
|
if [ ! -e "$ssl_dir/$domain.ca" ]; then
|
||||||
|
echo "Error: certificate authority not found"
|
||||||
|
log_event "$E_NOTEXIST" "$EVENT"
|
||||||
|
exit $E_NOTEXIST
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -e "$ssl_dir/$domain.ca" ]; then
|
||||||
|
ca_vrf=$(openssl verify $ssl_dir/$domain.ca 2>/dev/null |grep 'OK')
|
||||||
|
if [ -z "$ca_vrf" ]; then
|
||||||
|
echo "Error: ssl certificate authority is not valid"
|
||||||
|
log_event "$E_INVALID" "$EVENT"
|
||||||
|
exit $E_INVALID
|
||||||
|
fi
|
||||||
|
|
||||||
|
crt_vrf=$(openssl verify -untrusted $ssl_dir/$domain.ca \
|
||||||
|
$ssl_dir/$domain.crt 2>/dev/null |grep 'OK')
|
||||||
|
if [ -z "$crt_vrf" ]; then
|
||||||
|
echo "Error: root or/and intermediate cerificate not found"
|
||||||
|
log_event "$E_NOTEXIST" "$EVENT"
|
||||||
|
exit $E_NOTEXIST
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
key_vrf=$(grep 'RSA PRIVATE KEY' $ssl_dir/$domain.key | wc -l)
|
||||||
|
if [ "$key_vrf" -ne 2 ]; then
|
||||||
echo "Error: ssl key is not valid"
|
echo "Error: ssl key is not valid"
|
||||||
log_event "$E_INVALID" "$EVENT"
|
log_event "$E_INVALID" "$EVENT"
|
||||||
exit $E_INVALID
|
exit $E_INVALID
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -e "$ssl_dir/$domain.ca" ]; then
|
|
||||||
ca=$(openssl verify $ssl_dir/$domain.ca 2>/dev/null |grep 'OK')
|
|
||||||
if [ -z "$ca" ]; then
|
|
||||||
echo "Error: ssl certificate authority is not valid"
|
|
||||||
log_event "$E_INVALID" "$EVENT"
|
|
||||||
exit $E_INVALID
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
openssl s_server -quiet -cert $ssl_dir/$domain.crt \
|
openssl s_server -quiet -cert $ssl_dir/$domain.crt \
|
||||||
-key $ssl_dir/$domain.key &
|
-key $ssl_dir/$domain.key >> /dev/null 2>&1 &
|
||||||
pid=$!
|
pid=$!
|
||||||
sleep 0.5
|
sleep 0.5
|
||||||
disown &> /dev/null
|
disown &> /dev/null
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue