tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[CRYP-7902] certificate validation changed

This commit is contained in:
Michael Boelen 2017-08-18 14:14:28 +02:00
parent f60db7d950
commit 4a673aebc7
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
include/tests_crypto
View File

@ -54,11 +54,12 @@
COUNT_DIR=$((COUNT_DIR + 1))
LogText "Test: checking certificate ${FILE}"
# Check certificate where 'end date' has been expired
EXIT_CODE=$(${OPENSSLBINARY} x509 -noout -checkend 0 -in ${FILE} -enddate 2> /dev/null ; echo $?)
FIND=$(${OPENSSLBINARY} x509 -noout -checkend 0 -in ${FILE} -enddate 2> /dev/null)
EXIT_CODE=$?
CERT_CN=$(${OPENSSLBINARY} x509 -noout -subject -in ${FILE} 2> /dev/null | ${SEDBINARY} -e 's/^subject.*CN=\([a-zA-Z0-9\.\-\*]*\).*$/\1/')
CERT_NOTAFTER=$(${OPENSSLBINARY} x509 -noout -enddate -in ${FILE} 2> /dev/null | ${AWKBINARY} -F= '{if ($1=="notAfter") { print $2 }}')
Report "certificate[]=${FILE}|${EXIT_CODE}|cn:${CERT_CN};notafter:${CERT_NOTAFTER};|"
if [ "${EXIT_CODE}" = "0" ]; then
if [ ${EXIT_CODE} -eq 0 ]; then
LogText "Result: certificate ${FILE} seems to be correct and still valid"
else
FOUNDPROBLEM=1