vasco/FSI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OPENSSL !!!!!!!

Browse Source
This commit is contained in:
Vasco
2026-04-22 00:24:07 +01:00
parent 4bac977a45
commit 1d466a368f
1 changed files with 1 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
conf/ocsp-verify.sh
View File

@@ -1,13 +1,10 @@
#!/bin/bash #!/bin/bash
# OpenVPN passes cert depth as $1
depth=$1 depth=$1
# Only check client certificate (depth 0)
env >> /etc/openvpn/server/ocsp_env.log env >> /etc/openvpn/server/ocsp_env.log
if [ "$depth" -eq 0 ]; then if [ "$depth" -eq 0 ]; then
echo "Checking OCSP for serial=$tls_serial_0" >> /etc/openvpn/server/ocsp.log echo "Checking OCSP for serial=$tls_serial_0" >> /etc/openvpn/server/ocsp.log
if [ -n "$tls_serial_0" ]; then if [ -n "$tls_serial_0" ]; then
# OpenVPN exports tls_serial_0 as decimal, OpenSSL expects hex # é preciso converter o serial para hexadecimal porque o openssl espera em hex
hex_serial=$(printf '%x' "$tls_serial_0") hex_serial=$(printf '%x' "$tls_serial_0")
status=$(openssl ocsp -issuer /etc/openvpn/server/ca.crt -serial "0x$hex_serial" -url http://10.60.0.1:8888 -CAfile /etc/openvpn/server/ca.crt 2>>/etc/openvpn/server/ocsp.log) status=$(openssl ocsp -issuer /etc/openvpn/server/ca.crt -serial "0x$hex_serial" -url http://10.60.0.1:8888 -CAfile /etc/openvpn/server/ca.crt 2>>/etc/openvpn/server/ocsp.log)
echo "OCSP Status: $status" >> /etc/openvpn/server/ocsp.log echo "OCSP Status: $status" >> /etc/openvpn/server/ocsp.log