Skip to content

Commit

Permalink
check-certificates: add workaround for broken certificates...
Browse files Browse the repository at this point in the history 
... where the issuer array is borked. Or is this a RouterOS issue?

[eworm@carpo] > $InspectVar [ $ParseKeyValueStore  [ /certificate/get ISRG-Root-X2 issuer ] ]
-type-> array
  -key-> C
    -type-> str
    -value-> US,O=Internet Security Research Group,CN=ISRG Root X2

A good certificate looks like this:

[eworm@carpo] > $InspectVar [ $ParseKeyValueStore  [ /certificate/get [ find where name~"eworm.net" ] issuer ] ]
-type-> array
  -key-> C
    -type-> str
    -value-> US
  -key-> CN
    -type-> str
    -value-> E1
  -key-> O
    -type-> str
    -value-> Let's Encrypt
  • Loading branch information
@eworm-de
eworm-de committed Dec 4, 2023
1 parent a08df7b commit 8de6995
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions check-certificates.rsc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,18 +90,20 @@
:local FormatCertChain do={
:local Cert $1;

:global EitherOr;
:global ParseKeyValueStore;

:local CertVal [ /certificate/get $Cert ];
:local Return "";

:for I from=0 to=3 do={
:set Return ($Return . [ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN");
:set Return ($Return . [ $EitherOr ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN") \
([ $ParseKeyValueStore (($CertVal->"issuer")->0) ]->"CN") ]);
:set CertVal [ /certificate/get [ find where skid=($CertVal->"akid") ] ];
:if (($CertVal->"akid") = "" || ($CertVal->"akid") = ($CertVal->"skid")) do={
:return $Return;
}
:set Return ($Return . " -> ");
:set CertVal [ /certificate/get [ find where skid=($CertVal->"akid") ] ];
}
:return ($Return . "...");
}
Expand Down

0 comments on commit 8de6995

Please sign in to comment.