diff options
Diffstat (limited to 'sitemodules/profiles/files/icinga2_external_commands/check_ocsp')
| -rw-r--r-- | sitemodules/profiles/files/icinga2_external_commands/check_ocsp | 56 |
1 files changed, 28 insertions, 28 deletions
diff --git a/sitemodules/profiles/files/icinga2_external_commands/check_ocsp b/sitemodules/profiles/files/icinga2_external_commands/check_ocsp index be3f0f0..97885e2 100644 --- a/sitemodules/profiles/files/icinga2_external_commands/check_ocsp +++ b/sitemodules/profiles/files/icinga2_external_commands/check_ocsp @@ -93,38 +93,38 @@ case ${CLASS} in ;; esac +if [ ! -f "${ISSUER}" ]; then + echo "CRITICAL: issuer certificate file ${ISSUER} not found." + exit 2 +fi + TMP=$(mktemp) ERR=${TMP}-err trap 'rm -f ${TMP} ${ERR}' 0 1 2 3 15 -openssl ocsp -issuer "${ISSUER}" -serial "${SERIAL}" -CApath "${CAPATH}" -url "${RESPONDER}" >"${TMP}" 2>&1 - -awk ' -NR == 1 { - response = $0 - next - } -/This Update:/ { - next - } -/Next Update:/ { - next - } - { - answer = answer " " $0; - } -END { - if (response != "Response verify OK") - exitcode = 2 - else - exitcode = 0 - print response " " answer; - exit(exitcode) - } -' "${TMP}" -EXITCODE=$? -rm -f "${TMP}" -exit ${EXITCODE} +if ! openssl ocsp -issuer "${ISSUER}" -serial "${SERIAL}" -CApath "${CAPATH}" -url "${RESPONDER}" -resp_text >"${TMP}" 2>&1; then + echo "CRITICAL: openssl ocsp command failed" + echo + echo "captured output:" + cat "${TMP}" + exit 2 +fi + +if grep -q "${SERIAL}: good" "${TMP}"; then + echo "OK: OCSP check successful, certificate OK" + exit 0 +fi + +if grep -q "${SERIAL}: revoked" "${TMP}"; then + echo "WARNING: OCSP check successful, certificate revoked" + exit 1 +fi + +echo "UNKNOWN: unexpected response" +echo +echo "captured output:" +cat "${TMP}" +exit 3 ##Response Verify Failure ##17914:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error:ocsp_vfy.c:122:Verify error:certificate has expired |