aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2020-04-03 16:39:30 +0200
committerGravatar Christian Hesse <mail@eworm.de>2021-02-09 09:58:46 +0100
commit0c2143298d1d4908429e9d5d04aa6b055e88dc13 (patch)
tree2eb39a1ef680ccb4fc2dfff114dbecac74f94303
parentdad525173cf58f0a3a95feacc1d661dc766d0e87 (diff)
global-functions: $CertificateAvailable: check chain by akid and skidrouteros-6.47
We can merge this when RouterOS 6.47 moves to long-term...
-rw-r--r--global-functions19
1 files changed, 11 insertions, 8 deletions
diff --git a/global-functions b/global-functions
index 29ff999..851e632 100644
--- a/global-functions
+++ b/global-functions
@@ -60,6 +60,7 @@
:global CertificateDownload;
:global LogPrintExit;
:global ParseKeyValueStore;
+ :global RequiredRouterOS;
:if ([ / system resource get free-hdd-space ] < 8388608 && \
[ / certificate settings get crl-download ] = true && \
@@ -75,19 +76,21 @@
}
}
- :local CertVal;
- :local Issuer $CommonName;
+ :if ([ $RequiredRouterOS ("\$CertificateAvailable") "6.47" ] = false) do={
+ :return true;
+ }
+
+ :local CertVal [ / certificate get [ find where common-name=$CommonName ] ];
:do {
- :if ([ :len [ / certificate find where common-name=$Issuer ] ] = 0) do={
+ :if ([ :len [ / certificate find where skid=($CertVal->"akid") ] ] = 0) do={
$LogPrintExit info ("Certificate chain for \"" . $CommonName . \
- "\" is incomplete, missing \"" . $Issuer . "\".") false;
+ "\" is incomplete, missing \"" . ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN") . "\".") false;
:if ([ $CertificateDownload $CommonName ] = false) do={
:return false;
}
}
- :set CertVal [ / certificate get [ find where common-name=$Issuer ] ];
- :set Issuer ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN");
- } while=($Issuer != $CertVal->"common-name");
+ :set CertVal [ / certificate get [ find where skid=($CertVal->"akid") ] ];
+ } while=(($CertVal->"akid") != "" && ($CertVal->"akid") != ($CertVal->"skid"));
:return true;
}
@@ -1104,7 +1107,7 @@
}
# check for required RouterOS version
-$RequiredRouterOS "global-functions" "6.43";
+$RequiredRouterOS "global-functions" "6.47";
# signal we are ready
:set GlobalFunctionsReady true;