global-functions: $CertificateAvailable: check whole chain

The root certificate is a self-signed certificate. Check for the issue certificate until we find the self-signed one.
author: Christian Hesse <mail@eworm.de> 2020-01-29 21:01:48 +0100
committer: Christian Hesse <mail@eworm.de> 2020-01-29 21:08:10 +0100
commit: 352818ea48438383216a783ef9448570b343c29b (patch)
tree: 188557d3a6d4403c815803b3e73080b317a22467
parent: 801dce05fa593f61103a0e48d2175bcc58c061a0 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/global-functions b/global-functions
index 9c58450..5f80c0b 100644
--- a/global-functions
+++ b/global-functions
@@ -116,6 +116,7 @@
   :local CommonName [ :tostr $1 ];
 
   :global CertificateDownload;
+  :global ParseKeyValueStore;
 
   :if ([ / system resource get free-hdd-space ] < 8388608 && \
        [ / certificate settings get crl-download ] = true && \
@@ -127,6 +128,17 @@
     :log info ("Certificate with CommonName \"" . $CommonName . "\" not available.");
     $CertificateDownload $CommonName;
   }
+
+  :local CertVal [ / certificate get [ find where common-name=$CommonName ] ];
+  :local Issuer ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN");
+  :while ($Issuer != $CertVal->"common-name") do={
+    :if ([ / certificate print count-only where common-name=$Issuer ] = 0) do={
+      :log info ("Certificate chain for \"" . $CommonName . "\" is incomplete, missing \"" . $Issuer . "\".");
+      $CertificateDownload $CommonName;
+    }
+    :set CertVal [ / certificate get [ find where common-name=$Issuer ] ];
+    :set Issuer ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN");
+  }
 }
 
 # send notification via e-mail
author	Christian Hesse <mail@eworm.de>	2020-01-29 21:01:48 +0100
committer	Christian Hesse <mail@eworm.de>	2020-01-29 21:08:10 +0100
commit	352818ea48438383216a783ef9448570b343c29b (patch)
tree	188557d3a6d4403c815803b3e73080b317a22467
parent	801dce05fa593f61103a0e48d2175bcc58c061a0 (diff)