|
|
|
|
@ -128,7 +128,7 @@ foreach (keys %revokefile)
|
|
|
|
|
{
|
|
|
|
|
next unless (-f $revokefile{$_});
|
|
|
|
|
my $revokehash=sha1_hex(readfile($revokefile{$_}));
|
|
|
|
|
SysLog "Root $_: Hash $revokefile{$_} = $revokehash";
|
|
|
|
|
SysLog "Root $_: Hash $revokefile{$_} = $revokehash\n";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -496,7 +496,7 @@ sub CRLuptodate($)
|
|
|
|
|
{
|
|
|
|
|
return 0 unless(-f $_[0]);
|
|
|
|
|
my $data=`$opensslbin crl -in "$_[0]" -noout -lastupdate -inform der`;
|
|
|
|
|
SysLog "CRL: $data";
|
|
|
|
|
SysLog "CRL: $data\n";
|
|
|
|
|
#lastUpdate=Aug 8 10:26:34 2007 GMT
|
|
|
|
|
# Is the timezone handled properly?
|
|
|
|
|
if($data=~m/lastUpdate=(\w{2,4}) *(\d{1,2}) *(\d{1,2}:\d{1,2}:\d{1,2}) (\d{4}) GMT/)
|
|
|
|
|
@ -933,14 +933,14 @@ sub DoCRL($$)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
my $res=`openssl crl -verify -in $crlname.tmp -inform der -noout 2>&1`;
|
|
|
|
|
SysLog "verify: $res";
|
|
|
|
|
SysLog "verify: $res\n";
|
|
|
|
|
if($res=~m/verify OK/)
|
|
|
|
|
{
|
|
|
|
|
rename "$crlname.tmp","$crlname";
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
SysLog "VERIFICATION OF NEW CRL DID NOT SUCCEED! PLEASE REPAIR!";
|
|
|
|
|
SysLog "VERIFICATION OF NEW CRL DID NOT SUCCEED! PLEASE REPAIR!\n";
|
|
|
|
|
SysLog "Broken CRL is available as $crlname.tmp\n";
|
|
|
|
|
#Override for testing:
|
|
|
|
|
rename "$crlname.tmp","$crlname";
|
|
|
|
|
|
Philipp Dunkel
15 years ago