Skip to content

Commit 6053b90

Browse files
serghey-rodinserghey-rodin
committed
imroved ssl certificate validation
1 parent 3bbd56c commit 6053b90

File tree

1 file changed

+36
-19
lines changed

1 file changed

+36
-19
lines changed

func/domain.sh

Lines changed: 36 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -249,42 +249,59 @@ get_domain_values() {
249249

250250
# SSL certificate verification
251251
is_web_domain_cert_valid() {
252-
if [ ! -e "$ssl_dir/$domain.crt" ] || [ ! -e "$ssl_dir/$domain.key" ]; then
253-
echo "Error: $ssl_dir/$domain.[crt|key] not found"
252+
if [ ! -e "$ssl_dir/$domain.crt" ]; then
253+
echo "Error: $ssl_dir/$domain.crt not found"
254254
log_event "$E_NOTEXIST" "$EVENT"
255255
exit $E_NOTEXIST
256256
fi
257257

258-
if [ ! -e "$ssl_dir/$domain.ca" ]; then
259-
crt=$(openssl verify $ssl_dir/$domain.crt 2>/dev/null |grep 'OK')
260-
else
261-
crt=$(openssl verify -untrusted $ssl_dir/$domain.ca \
262-
$ssl_dir/$domain.crt 2>/dev/null |grep 'OK')
258+
if [ ! -e "$ssl_dir/$domain.key" ]; then
259+
echo "Error: $ssl_dir/$domain.key not found"
260+
log_event "$E_NOTEXIST" "$EVENT"
261+
exit $E_NOTEXIST
263262
fi
264-
#if [ -z "$crt" ]; then
265-
# echo "Error: certificate is not valid"
266-
# log_event "$E_INVALID" "$EVENT"
267-
# exit $E_INVALID
268-
#fi
269-
270-
openssl rsa -in "$ssl_dir/$domain.key" -check &>/dev/null
271-
if [ "$?" -ne 0 ]; then
272-
echo "Error: ssl key is not valid"
263+
264+
crt_vrf=$(openssl verify $ssl_dir/$domain.crt 2>&1)
265+
if [ ! -z "$(echo $crt_vrf | grep 'unable to load')" ]; then
266+
echo "Error: certificate is not valid"
273267
log_event "$E_INVALID" "$EVENT"
274268
exit $E_INVALID
275269
fi
276270

271+
if [ ! -z "$(echo $crt_vrf | grep 'unable to get local issuer')" ]; then
272+
if [ ! -e "$ssl_dir/$domain.ca" ]; then
273+
echo "Error: certificate authority not found"
274+
log_event "$E_NOTEXIST" "$EVENT"
275+
exit $E_NOTEXIST
276+
fi
277+
fi
278+
277279
if [ -e "$ssl_dir/$domain.ca" ]; then
278-
ca=$(openssl verify $ssl_dir/$domain.ca 2>/dev/null |grep 'OK')
279-
if [ -z "$ca" ]; then
280+
ca_vrf=$(openssl verify $ssl_dir/$domain.ca 2>/dev/null |grep 'OK')
281+
if [ -z "$ca_vrf" ]; then
280282
echo "Error: ssl certificate authority is not valid"
281283
log_event "$E_INVALID" "$EVENT"
282284
exit $E_INVALID
283285
fi
286+
287+
crt_vrf=$(openssl verify -untrusted $ssl_dir/$domain.ca \
288+
$ssl_dir/$domain.crt 2>/dev/null |grep 'OK')
289+
if [ -z "$crt_vrf" ]; then
290+
echo "Error: root or/and intermediate cerificate not found"
291+
log_event "$E_NOTEXIST" "$EVENT"
292+
exit $E_NOTEXIST
293+
fi
294+
fi
295+
296+
key_vrf=$(grep 'RSA PRIVATE KEY' $ssl_dir/$domain.key | wc -l)
297+
if [ "$key_vrf" -ne 2 ]; then
298+
echo "Error: ssl key is not valid"
299+
log_event "$E_INVALID" "$EVENT"
300+
exit $E_INVALID
284301
fi
285302

286303
openssl s_server -quiet -cert $ssl_dir/$domain.crt \
287-
-key $ssl_dir/$domain.key &
304+
-key $ssl_dir/$domain.key >> /dev/null 2>&1 &
288305
pid=$!
289306
sleep 0.5
290307
disown &> /dev/null

0 commit comments

Comments
 (0)