| |
2 |
2 |
|
| |
3 |
3 |
Automated functions for acs-admin |
| |
4 |
4 |
|
| |
5 |
5 |
@author Gustaf Neumann |
| |
6 |
6 |
@creation-date 2018-08-15 |
| |
7 |
7 |
} |
| |
8 |
8 |
|
| |
9 |
9 |
namespace eval acs_admin { |
| |
10 |
10 |
|
| |
11 |
11 |
ad_proc ::acs_admin::check_expired_certificates {} { |
| |
12 |
12 |
Check expire-dates of certificates and send warning emails to |
| |
13 |
13 |
the admin. In case HTTPS is not configured via the "nsssl" |
| |
14 |
14 |
driver, or the command line tool "openssl" is not installed, |
| |
15 |
15 |
the proc does nothing. |
| |
16 |
16 |
|
| |
17 |
17 |
@return boolean telling whether expired certificates existed |
| |
18 |
18 |
(true) or not (false) |
| |
19 |
19 |
} { |
| |
20 |
20 |
|
| |
21 |
21 |
set openssl [util::which openssl] |
| |
22 |
|
if {[info commands ns_driver] ne "" && $openssl ne ""} { |
| |
|
22 |
if {[namespace which ns_driver] ne "" && $openssl ne ""} { |
| |
23 |
23 |
# |
| |
24 |
24 |
# Get certificates to check expire dates |
| |
25 |
25 |
# |
| |
26 |
26 |
set critCertInfo {} |
| |
27 |
27 |
foreach entry [ns_driver info] { |
| |
28 |
28 |
set module [dict get $entry module] |
| |
29 |
29 |
if {[dict get $entry type] eq "nsssl"} { |
| |
30 |
30 |
set server [dict get $entry server] |
| |
31 |
31 |
if {$server ne ""} { |
| |
32 |
32 |
set certfile [ns_config ns/server/$server/module/$module certificate] |
| |
33 |
33 |
} else { |
| |
34 |
34 |
set certfile [ns_config ns/module/$module certificate] |
| |
35 |
35 |
} |
| |
36 |
36 |
if {![info exists processed($certfile)]} { |
| |
37 |
37 |
# |
| |
38 |
38 |
# Check expiration of the certificate using the |
| |
39 |
39 |
# "openssl" command line tool. |
| |
40 |
40 |
# |
| |
41 |
41 |
set notAfter [exec openssl x509 -enddate -noout -in $certfile] |
| |
42 |
42 |
regexp {notAfter=(.*)$} $notAfter . date |
