From 0c2143298d1d4908429e9d5d04aa6b055e88dc13 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 3 Apr 2020 16:39:30 +0200 Subject: global-functions: $CertificateAvailable: check chain by akid and skid We can merge this when RouterOS 6.47 moves to long-term... --- global-functions | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/global-functions b/global-functions index 29ff999..851e632 100644 --- a/global-functions +++ b/global-functions @@ -60,6 +60,7 @@ :global CertificateDownload; :global LogPrintExit; :global ParseKeyValueStore; + :global RequiredRouterOS; :if ([ / system resource get free-hdd-space ] < 8388608 && \ [ / certificate settings get crl-download ] = true && \ @@ -75,19 +76,21 @@ } } - :local CertVal; - :local Issuer $CommonName; + :if ([ $RequiredRouterOS ("\$CertificateAvailable") "6.47" ] = false) do={ + :return true; + } + + :local CertVal [ / certificate get [ find where common-name=$CommonName ] ]; :do { - :if ([ :len [ / certificate find where common-name=$Issuer ] ] = 0) do={ + :if ([ :len [ / certificate find where skid=($CertVal->"akid") ] ] = 0) do={ $LogPrintExit info ("Certificate chain for \"" . $CommonName . \ - "\" is incomplete, missing \"" . $Issuer . "\".") false; + "\" is incomplete, missing \"" . ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN") . "\".") false; :if ([ $CertificateDownload $CommonName ] = false) do={ :return false; } } - :set CertVal [ / certificate get [ find where common-name=$Issuer ] ]; - :set Issuer ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN"); - } while=($Issuer != $CertVal->"common-name"); + :set CertVal [ / certificate get [ find where skid=($CertVal->"akid") ] ]; + } while=(($CertVal->"akid") != "" && ($CertVal->"akid") != ($CertVal->"skid")); :return true; } @@ -1104,7 +1107,7 @@ } # check for required RouterOS version -$RequiredRouterOS "global-functions" "6.43"; +$RequiredRouterOS "global-functions" "6.47"; # signal we are ready :set GlobalFunctionsReady true; -- cgit v1.2.3-70-g09d2