Fix for https://bugs.cacert.org/view.php?id=954 which has been requested by
Arbitration Case https://wiki.cacert.org/Arbitrations/a20110312.1pull/1/head
parent
da58aac918
commit
5e1c4114af
@ -0,0 +1,89 @@
|
||||
#!/usr/bin/php -q
|
||||
<? /*
|
||||
LibreSSL - CAcert web application
|
||||
Copyright (C) 2004-2011 CAcert Inc.
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; version 2 of the License.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License along
|
||||
with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
# Companion script to DumpWeakCerts.pl, takes output and revokes weak certs
|
||||
# Only first and last column ($cert_type and $cert_recid) are used, the others
|
||||
# are ignored
|
||||
|
||||
include_once("../includes/mysql.php");
|
||||
# Main
|
||||
|
||||
$num_domain = 0;
|
||||
$num_client = 0;
|
||||
$num_orgdomain = 0;
|
||||
$num_orgclient = 0;
|
||||
|
||||
$num_failures = 0;
|
||||
|
||||
$in = fopen("php://stdin", "r");
|
||||
|
||||
# The restriction on revoked timestamp os only "to be sure" for non-Org certs,
|
||||
# but Org certs (email and serer) may be included multiple times in the output
|
||||
# of DumpWeakCerts.pl (once for each OrgAdmin).
|
||||
while($in_string = rtrim(fgets($in))) {
|
||||
list($cert_type, $cert_email, $owner_name, $cert_expire, $cert_CN, $reason,
|
||||
$cert_serial, $cert_recid) = explode("\t", $in_string);
|
||||
|
||||
if ($cert_type == "DomainCert") {
|
||||
$query = "UPDATE `domaincerts` SET `revoked`='1970-01-01 10:00:01'
|
||||
where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
|
||||
|
||||
if (!mysql_query($query)) {
|
||||
$num_failures++;
|
||||
}
|
||||
$num_domain+=mysql_affected_rows();
|
||||
|
||||
} else if ($cert_type == "EmailCert") {
|
||||
$query = "UPDATE `emailcerts` SET `revoked`='1970-01-01 10:00:01'
|
||||
where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
|
||||
|
||||
if (!mysql_query($query)) {
|
||||
$num_failures++;
|
||||
}
|
||||
$num_client+=mysql_affected_rows();
|
||||
|
||||
} else if ($cert_type == "OrgServerCert") {
|
||||
$query = "UPDATE `orgdomaincerts` SET `revoked`='1970-01-01 10:00:01'
|
||||
where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
|
||||
|
||||
if (!mysql_query($query)) {
|
||||
$num_failures++;
|
||||
}
|
||||
$num_orgdomain+=mysql_affected_rows();
|
||||
|
||||
} else if ($cert_type == "OrgEmailCert") {
|
||||
$query = "UPDATE `orgemailcerts` SET `revoked`='1970-01-01 10:00:01'
|
||||
where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
|
||||
|
||||
if (!mysql_query($query)) {
|
||||
$num_failures++;
|
||||
}
|
||||
$num_orgclient+=mysql_affected_rows();
|
||||
}
|
||||
}
|
||||
|
||||
fclose($in);
|
||||
|
||||
echo "Certificates revoked: ".
|
||||
"$num_domain server certs, ".
|
||||
"$num_client client certs, ".
|
||||
"$num_orgdomain Org server certs, ".
|
||||
"$num_orgclient Org client certs.\n";
|
||||
echo "Update failures: $num_failures\n";
|
||||
?>
|
Loading…
Reference in New Issue