1
0
Bifurcation 0

script_refresh-proxied-certs: fix: don't overwrite when host is unavailable

Cette révision appartient à :
Chl 2020-01-21 22:47:23 +01:00
Parent 9da2d8701e
révision 266b15b535
1 fichiers modifiés avec 2 ajouts et 1 suppressions

Voir le fichier

@ -30,7 +30,8 @@ for i in *.crt; do
sed -n '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/p' > "$TMPFILE"
# Check that the new cert still match the local key
if [ "$( ( openssl x509 -noout -modulus -in "$FQDN_HOSTNAME.crt"; openssl rsa -noout -modulus -in "$FQDN_HOSTNAME.key" ) | uniq | wc -l )" -ne 1 ]; then
# (it should also fail safely when the host wasn't reachable)
if [ "$( ( openssl x509 -noout -modulus -in "$TMPFILE"; openssl rsa -noout -modulus -in "$FQDN_HOSTNAME.key" ) | uniq | wc -l )" -ne 1 ]; then
# Mismatch : raise an alert
echo "WARNING: retrieved certificate does not match '$FQDN_HOSTNAME.key'" >&2
EXIT_STATUS=1