summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/templates/base/update-crls.epp
blob: 65bc7e8a0ba1435df6430cd6b56eb87ba5e6897b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
<% | Array[String] $services | %>
#!/bin/sh

# THIS FILE IS MANAGED BY PUPPET, MANUAL CHANGES WILL BE OVERWRITTEN AT THE
# NEXT PUPPET RUN.

set -e

CRL_PATH='/var/local/ssl/crls/'
CA_CERT='/etc/ssl/certs/ca-certificates.crt'
RSYNC_LOCATION='crl.cacert.org::crl'

rsync -aqz "$RSYNC_LOCATION" "$CRL_PATH"

for crl in "$CRL_PATH"*.crl
do
	if openssl crl -noout -inform DER -in "$crl" -CAfile "$CA_CERT" 2>/dev/null
	then
		openssl crl -inform DER -in "$crl" -out "$crl".pem
	else
		echo "Error: Could not validate the CRL at $crl" >&2
	fi
done

c_rehash "$CRL_PATH" 2>/dev/null >&2
<% $services.each |$service| { -%>
service <%= $service %> reload > /dev/null
<% } %>

exit 0