Commit graph

65 commits

Author SHA1 Message Date
Christian Hesse
49737af6d1 extend magic pattern with "by RouterOS"
This matches the string included in export.
2020-09-18 11:00:27 +02:00
Christian Hesse
d434a2f2d7 check-certificates: do not notify with missing validity period 2020-09-06 22:31:55 +02:00
Christian Hesse
cabafc7853 check-certificates: better check for non-empty value 2020-09-01 23:40:03 +02:00
Christian Hesse
ff5cdc3019 [ ... print count-only ...] -> [ :len [ ... find ... ] ]
Using 'print count-only' always prints a number to terminal, even if the
value is evaluated in a condition or assigned to a variable. This can be
quite annoying. Behavior will not chance (SUP-25503), so replacing the
code...
2020-08-26 09:29:52 +02:00
Christian Hesse
b68b997c1e check-certificates: wait to be fully connected 2020-08-21 23:13:47 +02:00
Christian Hesse
eaffb1dbd2 check-certificates: fix usage of function 2020-08-21 23:09:39 +02:00
Christian Hesse
3e1746f43e check-certificates: add symbol in notification 2020-07-17 11:52:54 +02:00
Christian Hesse
6dfd8ed41a check-certificates: use $IfThenElse 2020-07-16 21:18:12 +02:00
Christian Hesse
71ad56aacc explicitly name the license
Copyright (C) 2013-2020 Christian Hesse <mail@eworm.de>

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

https://www.gnu.org/licenses/#GPL
https://www.gnu.org/licenses/gpl.html
https://www.gnu.org/licenses/gpl.md
2020-06-19 22:17:42 +02:00
Christian Hesse
85f9c5d62e check-certificates: exclude issued certificates on SCEP server 2020-04-24 14:38:29 +02:00
Christian Hesse
1e12c0e159 check-certificates: always use parenthesis 2020-04-24 13:49:50 +02:00
Christian Hesse
8f03a856e1 check-certificates: add missing blank 2020-04-24 12:19:14 +02:00
Christian Hesse
151630b674 check-certificates: warn about missing chain 2020-04-03 14:36:32 +02:00
Christian Hesse
c1c8d46dc0 check-certificates: check and download certificate chain 2020-04-03 14:12:09 +02:00
Christian Hesse
e962fe9189 add doc/check-certificates.md 2020-03-27 22:12:49 +01:00
Christian Hesse
1282a91f04 check-certificates: exclude certificates issued by SCEP 2020-03-20 22:03:31 +01:00
Christian Hesse
08bb73b6fc check-certificates: use $LogPrintExit for debug 2020-03-05 09:01:11 +01:00
Christian Hesse
001e7eeb39 global-functions: sort alphabetically 2020-02-28 15:26:26 +01:00
Christian Hesse
ceaa83b83e global-functions: merge $LogAnd{Error,Put} to $LogPrintExit ...
... and fix logging.

Logging with severity from variable (:log $severity ...) is not
possible, this is considered a syntax error. Also the 'workaround' with
parsing code failed with missing message in log.

The reliable code is a lot longer, so merge the two functions to save a
lot of duplicate code.
2020-02-26 14:19:54 +01:00
Christian Hesse
3cd9b9ead5 check-certificates: use $LogAndPut 2020-02-26 12:55:38 +01:00
Christian Hesse
b70a460f43 check-certificates: use $LogAndError 2020-02-26 12:54:13 +01:00
Christian Hesse
3ebf68a08c global-functions: $LogAndError: add severity 2020-02-26 12:09:19 +01:00
Christian Hesse
801608eeaf check-certificates: use $LogAndError 2020-02-26 11:51:49 +01:00
Christian Hesse
2a80fd6dbe check-certificates: check for synced time 2020-02-24 11:14:49 +01:00
Christian Hesse
23fe30c4e1 check-certificates: rename all certificates by their common names 2020-02-06 18:18:56 +01:00
Christian Hesse
afb9839073 update copyright for 2020 2020-01-01 17:00:39 +01:00
Christian Hesse
9d5c566b1c check-certificates: make renew notification silent 2019-11-11 20:47:11 +01:00
Christian Hesse
70798de8f0 check-certificates: fix renewing certificate in place 2019-07-31 21:04:06 +02:00
Christian Hesse
beb2e70097 check-certificates: use $ParseKeyValueStore 2019-07-18 13:50:01 +02:00
Christian Hesse
cf3cd89398 check-certificates: get certificate values into array 2019-05-21 13:24:43 +02:00
Christian Hesse
b7592f6b18 check-certificates: do not try to renew locally issued certificates 2019-05-02 11:59:43 +02:00
Christian Hesse
360d30bf2a check-certificates: give issuer info on locally issued certificates
Certificates issued locally do not have an 'issuer' property, but a
'ca' one. Looks like either of both is filled, so just concatenate.
2019-05-02 11:16:28 +02:00
Christian Hesse
7f96e5c966 global-functions: add $WaitForFile, wait for file on fetch
The fetch command is asynchronous, the file is not guaranteed to be
available when command terminates.

I opened an issue at Mikrotik support (Ticket#2019041722004999),
their answer:

> You should perform a check in a loop.
> :delay until file exist
>
> That can happen also with any configuration not just files.

So add a function to wait for a file with given name.

I have not seen this with other configuration, though.
2019-04-30 16:52:53 +02:00
Christian Hesse
5273efda21 check-certificates: make sure fingerprint is a string
This makes sure the condition below works for certificate templates,
which do not have a fingerprint.
2019-04-11 22:22:05 +02:00
Christian Hesse
20d7020fe3 check-certificates: do not send notification for templates 2019-04-11 10:19:46 +02:00
Christian Hesse
ea94b7598e check-certificates: always return a string in $GetIssuerCN 2019-04-11 09:57:20 +02:00
Christian Hesse
58c25c8cca check-certificates: add url encoding for certificate download 2019-04-10 14:47:20 +02:00
Christian Hesse
e562825bd9 check-certificates: try to fetch PEM and P12 file 2019-04-10 14:29:24 +02:00
Christian Hesse
5beebbe8e8 check-certificates: use full path...
... to make sure syntax does not break if package is not installed.
2019-04-10 14:29:24 +02:00
Christian Hesse
c0b73d6e92 check-certificates: just change certificates, no loop 2019-04-10 13:59:38 +02:00
Christian Hesse
b93d4d40bc drop deprecated mode= for fetch 2019-04-09 18:01:44 +02:00
Christian Hesse
b35c0b8a6f always write warnings and errors to log 2019-04-03 21:30:43 +02:00
Christian Hesse
594aef2aab check-certificates: support multiple passphrases 2019-04-01 22:45:38 +02:00
Christian Hesse
de602cba4f check-certificates: show remaining time 2019-03-28 13:32:08 +01:00
Christian Hesse
04b7b1f3b5 check-certificates: update certificates for ipsec identities 2019-03-25 16:49:26 +01:00
Christian Hesse
a66713d093 check-certificates: split loop for certificate renew and warning
This allows to have differnt time values.
2019-03-06 13:49:12 +01:00
Christian Hesse
afeab858d4 check-certificates: strip prefix from issuer CN 2019-01-12 00:47:53 +01:00
Christian Hesse
e62fbd2489 check-certificates: properly handle expired certificates 2019-01-12 00:04:53 +01:00
Christian Hesse
4ab9f9e7c8 check-certificates: move conditions to loop 2019-01-09 22:26:32 +01:00
Christian Hesse
df7cb1b88b check-certificates: shorten key for detailed infos 2019-01-09 17:38:55 +01:00