summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBernhard Fröhlich <bernhard@cacert.org>2011-07-10 23:20:56 +0200
committerBernhard Fröhlich <bernhard@cacert.org>2011-07-10 23:20:56 +0200
commit1b5357c5c57816cc05f9641fa2790a265db7d0ea (patch)
tree4d500bb49102124378370bcd170f40cfd3c15118
parentf4c461112808f12fddf96c9e169dac793854e52e (diff)
downloadcacert-devel-1b5357c5c57816cc05f9641fa2790a265db7d0ea.tar.gz
cacert-devel-1b5357c5c57816cc05f9641fa2790a265db7d0ea.tar.xz
cacert-devel-1b5357c5c57816cc05f9641fa2790a265db7d0ea.zip
created new script mass-revoke.php to do the revocation. Minor adjustments in DumpWeakCerts.pl
-rwxr-xr-xscripts/mass-revoke.php55
1 files changed, 55 insertions, 0 deletions
diff --git a/scripts/mass-revoke.php b/scripts/mass-revoke.php
new file mode 100755
index 0000000..e51f116
--- /dev/null
+++ b/scripts/mass-revoke.php
@@ -0,0 +1,55 @@
+#!/usr/bin/php -q
+<? # Companion script to DumpWeakCerts.pl, takes output and revokes weak certs
+ # Only first and last column ($cert_type and $cert_recid) are used, the others are ignored
+
+ include_once("../includes/mysql.php");
+ # Main
+
+ $num_domain = 0;
+ $num_client = 0;
+ $num_orgdomain = 0;
+ $num_orgclient = 0;
+
+ $num_failures = 0;
+
+ $in = fopen("php://stdin", "r");
+
+ # The restriction on revoked timestamp os only "to be sure" for non-Org certs,
+ # but Org certs (email and serer) may be included multiple times in the output of DumpWeakCerts.pl (once for each OrgAdmin).
+ while($in_string = rtrim(fgets($in, 255))) {
+ list($cert_type, $cert_email, $owner_name, $cert_expire, $cert_CN, $reason, $cert_serial, $cert_recid) = explode("\t", $in_string);
+
+ if ($cert_type == "DomainCert") {
+ $query = "UPDATE `domaincerts` SET `revoked`='1970-01-01 10:00:01' where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
+
+ if (!mysql_query($query)) {
+ $num_failures++;
+ }
+ $num_domain+=mysql_affected_rows();
+ } else if ($cert_type == "EmailCert") {
+ $query = "UPDATE `emailcerts` SET `revoked`='1970-01-01 10:00:01' where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
+
+ if (!mysql_query($query)) {
+ $num_failures++;
+ }
+ $num_client+=mysql_affected_rows();
+ } else if ($cert_type == "OrgServerCert") {
+ $query = "UPDATE `orgdomaincerts` SET `revoked`='1970-01-01 10:00:01' where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
+
+ if (!mysql_query($query)) {
+ $num_failures++;
+ }
+ $num_orgdomain+=mysql_affected_rows();
+ } else if ($cert_type == "OrgEmailCert") {
+ $query = "UPDATE `orgemailcerts` SET `revoked`='1970-01-01 10:00:01' where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
+
+ if (!mysql_query($query)) {
+ $num_failures++;
+ }
+ $num_orgclient+=mysql_affected_rows();
+ }
+ }
+ fclose($in);
+ echo "Certificates revoked: $num_domain server certs, $num_client client certs, $num_orgdomain Org server certs, $num_orgclient Org client certs.\n";
+ echo "Update failures: $num_failures\n";
+?>