global-functions: $CertificateAvailable: check chain by akid and skid

We can merge this when RouterOS 6.47 moves to long-term...
2024-05-14 08:04:19 +00:00 · 2020-04-03 16:39:30 +02:00 · 2020-04-03 16:39:30 +02:00 · 0c2143298d
commit 0c2143298d
parent dad525173c
1 changed files with 11 additions and 8 deletions
--- a/19
+++ b/19
@ -60,6 +60,7 @@
  :global CertificateDownload;
  :global LogPrintExit;
  :global ParseKeyValueStore;
+  :global RequiredRouterOS;

  :if ([ / system resource get free-hdd-space ] < 8388608 && \
       [ / certificate settings get crl-download ] = true && \
@ -75,19 +76,21 @@
    }
  }

-  :local CertVal;
-  :local Issuer $CommonName;
+  :if ([ $RequiredRouterOS ("\$CertificateAvailable") "6.47" ] = false) do={
+    :return true;
+  }
+
+  :local CertVal [ / certificate get [ find where common-name=$CommonName ] ];
  :do {
-    :if ([ :len [ / certificate find where common-name=$Issuer ] ] = 0) do={
+    :if ([ :len [ / certificate find where skid=($CertVal->"akid") ] ] = 0) do={
      $LogPrintExit info ("Certificate chain for \"" . $CommonName . \
-        "\" is incomplete, missing \"" . $Issuer . "\".") false;
+        "\" is incomplete, missing \"" . ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN") . "\".") false;
      :if ([ $CertificateDownload $CommonName ] = false) do={
        :return false;
      }
    }
-    :set CertVal [ / certificate get [ find where common-name=$Issuer ] ];
-    :set Issuer ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN");
-  } while=($Issuer != $CertVal->"common-name");
+    :set CertVal [ / certificate get [ find where skid=($CertVal->"akid") ] ];
+  } while=(($CertVal->"akid") != "" && ($CertVal->"akid") != ($CertVal->"skid"));
  :return true;
 }

@ -1104,7 +1107,7 @@
 }

 # check for required RouterOS version
-$RequiredRouterOS "global-functions" "6.43";
+$RequiredRouterOS "global-functions" "6.47";

 # signal we are ready
 :set GlobalFunctionsReady true;