rpms/crypto-utils/devel certwatch.cron,1.4,1.5

[Elio Maldonado (emaldonado)]

Author: emaldonado

Update of /cvs/extras/rpms/crypto-utils/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2636

Modified Files:
	certwatch.cron 
Log Message:
Use nss library for cryptography (#346731)


Index: certwatch.cron
===================================================================
RCS file: /cvs/extras/rpms/crypto-utils/devel/certwatch.cron,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- certwatch.cron	26 Apr 2005 12:39:15 -0000	1.4
+++ certwatch.cron	1 May 2008 01:15:32 -0000	1.5
@@ -6,6 +6,47 @@
 # CERTWATCH_OPTS variable; see the man page for details.
 # 
 
+# For certificates in pem files
+watch_files_certs() 
+{
+	test -x /etc/httpd/modules/mod_ssl.so || return 0
+	test -r /etc/httpd/conf/httpd.conf    || return 0
+
+    set -o pipefail # pick up exit code of httpd not sort
+
+    certs=`${httpd} ${OPTIONS} -t -DDUMP_CERTS 2>/dev/null | /bin/sort -u`
+    RETVAL=$?
+    test $RETVAL -eq 0 || return
+
+    for c in $certs; do
+      # Check whether a warning message is needed, then issue one if so.
+      /usr/bin/certwatch $CERTWATCH_OPTS -q "$c" && 
+        /usr/bin/certwatch $CERTWATCH_OPTS "$c" | /usr/sbin/sendmail -oem -oi -t 2>/dev/null
+    done
+}
+
+# For certificates in the database
+watch_database_certs() 
+{
+    test -x /usr/bin/certutil || return 0
+    test -x /usr/lib/httpd/modules/libmodnss.so || return 0
+    test -r /etc/httpd/conf.d/nss.conf || return 0
+        
+    # find path to mod_nss' database
+    database=`/usr/bin/gawk '/^NSSCertificateDatabase/ { print $2 }' /etc/httpd/conf.d/nss.conf`
+
+    set -o pipefail # pick up exit code of certutil not gawk
+    nicknames=`certutil -L -d $database | /usr/bin/gawk '{ print $1 }'`
+    RETVAL=$?
+    test $RETVAL -eq 0 || return 0
+    
+    for n in $nicknames; do
+        # Check whether a warning message is needed, then issue one if so.
+        /usr/bin/certwatch $CERTWATCH_OPTS -q -d "$database" "$n" && 
+          /usr/bin/certwatch $CERTWATCH_OPTS -d "$database" "$n" | /usr/sbin/sendmail -oem -oi -t 2>/dev/null
+    done
+}
+
 [ -r /etc/sysconfig/httpd ] && . /etc/sysconfig/httpd
 
 # Use configured httpd binary
@@ -15,19 +56,8 @@
 test -z "${NOCERTWATCH}" || exit 0
 test -x ${httpd} || exit 0
 test -x /usr/bin/certwatch || exit 0
-test -r /etc/httpd/conf/httpd.conf || exit 0
 test -x /usr/sbin/sendmail || exit 0
-test -x /etc/httpd/modules/mod_ssl.so || exit 0
 test -x /bin/sort || exit 0
 
-set -o pipefail # pick up exit code of httpd not sort
-
-certs=`${httpd} ${OPTIONS} -t -DDUMP_CERTS 2>/dev/null | /bin/sort -u`
-RETVAL=$?
-test $RETVAL -eq 0 || exit 0
-
-for c in $certs; do
-  # Check whether a warning message is needed, then issue one if so.
-  /usr/bin/certwatch $CERTWATCH_OPTS -q "$c" && 
-    /usr/bin/certwatch $CERTWATCH_OPTS "$c" | /usr/sbin/sendmail -oem -oi -t 2>/dev/null
-done
+watch_files_certs
+watch_database_certs