From bc36fb74c38525084316b46633af971aa2ab0baf Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 2 Jan 2019 13:16:23 +0100 Subject: update-tunnelbroker: verify certificate --- update-tunnelbroker | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'update-tunnelbroker') diff --git a/update-tunnelbroker b/update-tunnelbroker index ee8e0e8..fccd41c 100644 --- a/update-tunnelbroker +++ b/update-tunnelbroker @@ -9,6 +9,8 @@ :global tunnelid; :global tunnelint; +:global CertificateAvailable; + :if ([ / ip cloud get ddns-enabled ] != true) do={ :error "IP cloud DDNS is not enabled."; } @@ -24,9 +26,11 @@ while ([ / ip cloud get status ] != "updated" ) do={ :local tunnelip [ / ip cloud get public-address ]; :if ($tunnelip != $tunnellastip) do={ + $CertificateAvailable "Starfield Secure Certificate Authority - G2" "starfield"; :log info ("Local address changed, sending UPDATE to tunnelbroker! New address: " . $tunnelip); - / tool fetch mode=https address=$tunnelurl user=$tunneluser password=$tunnelpass \ - src-path=("/nic/update\?hostname=" . $tunnelid) keep-result=no; + / tool fetch mode=https check-certificate=yes-without-crl \ + ("https://" . $tunnelurl . "/nic/update\?hostname=" . $tunnelid) \ + user=$tunneluser password=$tunnelpass keep-result=no; / interface 6to4 set [ / interface 6to4 find where name=$tunnelint ] local-address=$tunnelip; } else={ :log debug "All tunnelbroker configuration is up to date."; -- cgit v1.2.3-54-g00ecf