summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/templates/base/update-crls.epp
diff options
context:
space:
mode:
Diffstat (limited to 'sitemodules/profiles/templates/base/update-crls.epp')
-rwxr-xr-xsitemodules/profiles/templates/base/update-crls.epp30
1 files changed, 30 insertions, 0 deletions
diff --git a/sitemodules/profiles/templates/base/update-crls.epp b/sitemodules/profiles/templates/base/update-crls.epp
new file mode 100755
index 0000000..65bc7e8
--- /dev/null
+++ b/sitemodules/profiles/templates/base/update-crls.epp
@@ -0,0 +1,30 @@
+<% | Array[String] $services | %>
+#!/bin/sh
+
+# THIS FILE IS MANAGED BY PUPPET, MANUAL CHANGES WILL BE OVERWRITTEN AT THE
+# NEXT PUPPET RUN.
+
+set -e
+
+CRL_PATH='/var/local/ssl/crls/'
+CA_CERT='/etc/ssl/certs/ca-certificates.crt'
+RSYNC_LOCATION='crl.cacert.org::crl'
+
+rsync -aqz "$RSYNC_LOCATION" "$CRL_PATH"
+
+for crl in "$CRL_PATH"*.crl
+do
+ if openssl crl -noout -inform DER -in "$crl" -CAfile "$CA_CERT" 2>/dev/null
+ then
+ openssl crl -inform DER -in "$crl" -out "$crl".pem
+ else
+ echo "Error: Could not validate the CRL at $crl" >&2
+ fi
+done
+
+c_rehash "$CRL_PATH" 2>/dev/null >&2
+<% $services.each |$service| { -%>
+service <%= $service %> reload > /dev/null
+<% } %>
+
+exit 0