summaryrefslogtreecommitdiff
path: root/contrib/OCSP_check/OCSP_check.sh
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2014-10-29 17:43:51 +0100
committerAlberto Gonzalez Iniesta <agi@inittab.org>2014-10-29 17:43:51 +0100
commit4d0c77888c6b17b11390eaefe41e14229365c463 (patch)
tree76db22e48b28d96f16a7ce0111109b00b6f519c3 /contrib/OCSP_check/OCSP_check.sh
parent52a3e3b0ad96506d705d1759f5a41b40563167ec (diff)
parent63862ed15e1abb4b29c5a43b469321c928613c62 (diff)
Merge tag 'upstream/2.3.5'
Upstream version 2.3.5
Diffstat (limited to 'contrib/OCSP_check/OCSP_check.sh')
-rw-r--r--contrib/OCSP_check/OCSP_check.sh13
1 files changed, 10 insertions, 3 deletions
diff --git a/contrib/OCSP_check/OCSP_check.sh b/contrib/OCSP_check/OCSP_check.sh
index 553c3dc..6876c6d 100644
--- a/contrib/OCSP_check/OCSP_check.sh
+++ b/contrib/OCSP_check/OCSP_check.sh
@@ -97,12 +97,19 @@ if [ $check_depth -eq -1 ] || [ $cur_depth -eq $check_depth ]; then
"$nonce" \
-CAfile "$verify" \
-url "$ocsp_url" \
- -serial "${serial}" 2>/dev/null)
+ -serial "${serial}" 2>&1)
if [ $? -eq 0 ]; then
- # check that it's good
+ # check if ocsp didn't report any errors
+ if echo "$status" | grep -Eq "(error|fail)"; then
+ exit 1
+ fi
+ # check that the reported status of certificate is ok
if echo "$status" | grep -Fq "^${serial}: good"; then
- exit 0
+ # check if signature on the OCSP response verified correctly
+ if echo "$status" | grep -Fq "^Response verify OK"; then
+ exit 0
+ fi
fi
fi
fi