aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2020-04-03 16:39:30 +0200
committerGravatar Christian Hesse <mail@eworm.de>2020-09-19 22:37:21 +0200
commitcfd26746b8ad3b7ec32bd2ae470f76e932d54a74 (patch)
treed393891f4696d1cd5578846ea51d564b9513a247
parent9f3e39206c0c03978bfbe59f9a61974b964167b7 (diff)
downloadrouteros-scripts-certs-akid-skid.tar.gz
routeros-scripts-certs-akid-skid.tar.zst
global-functions: $CertificateAvailable: check chain by akid and skidcerts-akid-skid
We can merge this when RouterOS 6.47 moves to long-term...
-rw-r--r--global-functions12
1 files changed, 5 insertions, 7 deletions
diff --git a/global-functions b/global-functions
index f46aff3..ef2d9b1 100644
--- a/global-functions
+++ b/global-functions
@@ -74,19 +74,17 @@
}
}
- :local CertVal;
- :local Issuer $CommonName;
+ :local CertVal [ / certificate get [ find where common-name=$CommonName ] ];
:do {
- :if ([ :len [ / certificate find where common-name=$Issuer ] ] = 0) do={
+ :if ([ :len [ / certificate find where skid=($CertVal->"akid") ] ] = 0) do={
$LogPrintExit info ("Certificate chain for \"" . $CommonName . \
- "\" is incomplete, missing \"" . $Issuer . "\".") false;
+ "\" is incomplete, missing \"" . ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN") . "\".") false;
:if ([ $CertificateDownload $CommonName ] = false) do={
:return false;
}
}
- :set CertVal [ / certificate get [ find where common-name=$Issuer ] ];
- :set Issuer ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN");
- } while=($Issuer != $CertVal->"common-name");
+ :set CertVal [ / certificate get [ find where skid=($CertVal->"akid") ] ];
+ } while=(($CertVal->"akid") != "" && ($CertVal->"akid") != ($CertVal->"skid"));
:return true;
}