rpms/crypto-utils/devel certwatch.cron,1.4,1.5
Elio Maldonado (emaldonado)
fedora-extras-commits at redhat.com
Thu May 1 01:16:10 UTC 2008
Author: emaldonado
Update of /cvs/extras/rpms/crypto-utils/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2636
Modified Files:
certwatch.cron
Log Message:
Use nss library for cryptography (#346731)
Index: certwatch.cron
===================================================================
RCS file: /cvs/extras/rpms/crypto-utils/devel/certwatch.cron,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- certwatch.cron 26 Apr 2005 12:39:15 -0000 1.4
+++ certwatch.cron 1 May 2008 01:15:32 -0000 1.5
@@ -6,6 +6,47 @@
# CERTWATCH_OPTS variable; see the man page for details.
#
+# For certificates in pem files
+watch_files_certs()
+{
+ test -x /etc/httpd/modules/mod_ssl.so || return 0
+ test -r /etc/httpd/conf/httpd.conf || return 0
+
+ set -o pipefail # pick up exit code of httpd not sort
+
+ certs=`${httpd} ${OPTIONS} -t -DDUMP_CERTS 2>/dev/null | /bin/sort -u`
+ RETVAL=$?
+ test $RETVAL -eq 0 || return
+
+ for c in $certs; do
+ # Check whether a warning message is needed, then issue one if so.
+ /usr/bin/certwatch $CERTWATCH_OPTS -q "$c" &&
+ /usr/bin/certwatch $CERTWATCH_OPTS "$c" | /usr/sbin/sendmail -oem -oi -t 2>/dev/null
+ done
+}
+
+# For certificates in the database
+watch_database_certs()
+{
+ test -x /usr/bin/certutil || return 0
+ test -x /usr/lib/httpd/modules/libmodnss.so || return 0
+ test -r /etc/httpd/conf.d/nss.conf || return 0
+
+ # find path to mod_nss' database
+ database=`/usr/bin/gawk '/^NSSCertificateDatabase/ { print $2 }' /etc/httpd/conf.d/nss.conf`
+
+ set -o pipefail # pick up exit code of certutil not gawk
+ nicknames=`certutil -L -d $database | /usr/bin/gawk '{ print $1 }'`
+ RETVAL=$?
+ test $RETVAL -eq 0 || return 0
+
+ for n in $nicknames; do
+ # Check whether a warning message is needed, then issue one if so.
+ /usr/bin/certwatch $CERTWATCH_OPTS -q -d "$database" "$n" &&
+ /usr/bin/certwatch $CERTWATCH_OPTS -d "$database" "$n" | /usr/sbin/sendmail -oem -oi -t 2>/dev/null
+ done
+}
+
[ -r /etc/sysconfig/httpd ] && . /etc/sysconfig/httpd
# Use configured httpd binary
@@ -15,19 +56,8 @@
test -z "${NOCERTWATCH}" || exit 0
test -x ${httpd} || exit 0
test -x /usr/bin/certwatch || exit 0
-test -r /etc/httpd/conf/httpd.conf || exit 0
test -x /usr/sbin/sendmail || exit 0
-test -x /etc/httpd/modules/mod_ssl.so || exit 0
test -x /bin/sort || exit 0
-set -o pipefail # pick up exit code of httpd not sort
-
-certs=`${httpd} ${OPTIONS} -t -DDUMP_CERTS 2>/dev/null | /bin/sort -u`
-RETVAL=$?
-test $RETVAL -eq 0 || exit 0
-
-for c in $certs; do
- # Check whether a warning message is needed, then issue one if so.
- /usr/bin/certwatch $CERTWATCH_OPTS -q "$c" &&
- /usr/bin/certwatch $CERTWATCH_OPTS "$c" | /usr/sbin/sendmail -oem -oi -t 2>/dev/null
-done
+watch_files_certs
+watch_database_certs
More information about the fedora-extras-commits
mailing list