diff options
author | Alberto Gonzalez Iniesta <agi@inittab.org> | 2014-10-29 17:43:51 +0100 |
---|---|---|
committer | Alberto Gonzalez Iniesta <agi@inittab.org> | 2014-10-29 17:43:51 +0100 |
commit | 4d0c77888c6b17b11390eaefe41e14229365c463 (patch) | |
tree | 76db22e48b28d96f16a7ce0111109b00b6f519c3 /contrib/OCSP_check/OCSP_check.sh | |
parent | 52a3e3b0ad96506d705d1759f5a41b40563167ec (diff) | |
parent | 63862ed15e1abb4b29c5a43b469321c928613c62 (diff) |
Merge tag 'upstream/2.3.5'
Upstream version 2.3.5
Diffstat (limited to 'contrib/OCSP_check/OCSP_check.sh')
-rw-r--r-- | contrib/OCSP_check/OCSP_check.sh | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/contrib/OCSP_check/OCSP_check.sh b/contrib/OCSP_check/OCSP_check.sh index 553c3dc..6876c6d 100644 --- a/contrib/OCSP_check/OCSP_check.sh +++ b/contrib/OCSP_check/OCSP_check.sh @@ -97,12 +97,19 @@ if [ $check_depth -eq -1 ] || [ $cur_depth -eq $check_depth ]; then "$nonce" \ -CAfile "$verify" \ -url "$ocsp_url" \ - -serial "${serial}" 2>/dev/null) + -serial "${serial}" 2>&1) if [ $? -eq 0 ]; then - # check that it's good + # check if ocsp didn't report any errors + if echo "$status" | grep -Eq "(error|fail)"; then + exit 1 + fi + # check that the reported status of certificate is ok if echo "$status" | grep -Fq "^${serial}: good"; then - exit 0 + # check if signature on the OCSP response verified correctly + if echo "$status" | grep -Fq "^Response verify OK"; then + exit 0 + fi fi fi fi |