summaryrefslogtreecommitdiff
path: root/main/openvpn/contrib/OCSP_check
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2014-10-16 12:40:17 +0200
committerArne Schwabe <arne@rfc2549.org>2014-10-16 12:40:17 +0200
commitde0fb97e71f0bc63f59ad8a6cfa19dc4914f2514 (patch)
tree999f069ee9fa03f1cdafbb41286a17d231732e16 /main/openvpn/contrib/OCSP_check
parent6a01eb5e6ec9c775e5053c8eb858cf5b6dc2a18d (diff)
Update OpenVPN
--HG-- extra : rebase_source : eae76bb97139022b5592b2599b7e3870054bcaa9
Diffstat (limited to 'main/openvpn/contrib/OCSP_check')
-rw-r--r--main/openvpn/contrib/OCSP_check/OCSP_check.sh13
1 files changed, 10 insertions, 3 deletions
diff --git a/main/openvpn/contrib/OCSP_check/OCSP_check.sh b/main/openvpn/contrib/OCSP_check/OCSP_check.sh
index 553c3dce..6876c6d8 100644
--- a/main/openvpn/contrib/OCSP_check/OCSP_check.sh
+++ b/main/openvpn/contrib/OCSP_check/OCSP_check.sh
@@ -97,12 +97,19 @@ if [ $check_depth -eq -1 ] || [ $cur_depth -eq $check_depth ]; then
"$nonce" \
-CAfile "$verify" \
-url "$ocsp_url" \
- -serial "${serial}" 2>/dev/null)
+ -serial "${serial}" 2>&1)
if [ $? -eq 0 ]; then
- # check that it's good
+ # check if ocsp didn't report any errors
+ if echo "$status" | grep -Eq "(error|fail)"; then
+ exit 1
+ fi
+ # check that the reported status of certificate is ok
if echo "$status" | grep -Fq "^${serial}: good"; then
- exit 0
+ # check if signature on the OCSP response verified correctly
+ if echo "$status" | grep -Fq "^Response verify OK"; then
+ exit 0
+ fi
fi
fi
fi