local-server/vendor/github.com/cloudflare/cfssl/testdata/ssl-verifier.sh
Mikaël Cluseau 4d889632f6 vendor
2018-06-17 18:32:44 +11:00

48 lines
856 B
Bash

#!/bin/bash
KEY=$1
CRT=$2
IMM=$3
if [ "`cat $KEY | grep ENCRYPTED`" ]; then
echo >&2 "Key is password-protected"
exit 1
fi
KEYMOD=`openssl rsa -noout -modulus -in $KEY`
CRTMOD=`openssl x509 -noout -modulus -in $CRT`
if [ "$KEYMOD" != "$CRTMOD" ]; then
echo >&2 "Key doesn't match the certificate"
exit 1
fi
if [ -n "$IMM" ]; then
cat $CRT $IMM > bundle.crt
if [ "`openssl verify bundle.crt`" == "$CRT: OK" ]; then
echo "Done (bundle ok)"
exit 0
fi
fi
while true; do
if [ "`openssl verify $CRT`" == "$CRT: OK" ]; then
echo "Done"
exit 0
fi
NEXT=`openssl x509 -noout -issuer_hash -in $CRT`
if [ ! -f $NEXT ]; then
echo >&2 "Could not generate trusted bundle"
exit 1
fi
cat $CRT $NEXT > tmp.crt
mv tmp.crt bundle.crt
CRT="bundle.crt"
done