mirror.MikroTik/eworm.routeros-scripts
1
0
Fork 0
mirror of https://git.eworm.de/cgit/routeros-scripts synced 2025-06-21 09:25:42 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

global-functions: $CertificateAvailable: fetch by CommonName

Browse source 
Now that we have a proper $UrlEncode function... Fetch certificates
by CommonName.

Also remove the PEM after import.
This commit is contained in:
Christian Hesse 2019-04-30 16:11:47 +02:00
parent 7f96e5c966
commit 42834e9de1
7 changed files with 15 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -43,7 +43,7 @@ download the certificates. If you intend to download the scripts from a
different location (for example from github.com) install the corresponding different location (for example from github.com) install the corresponding
certificate chain. certificate chain.
[admin@MikroTik] > / tool fetch "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/certs/letsencrypt.pem" dst-path="letsencrypt.pem" [admin@MikroTik] > / tool fetch "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/certs/Let%27s%20Encrypt%20Authority%20X3.pem" dst-path="letsencrypt.pem"
status: finished status: finished
downloaded: 3KiBC-z pause] downloaded: 3KiBC-z pause]
total: 3KiB total: 3KiB

0
certs/godaddy.pem → certs/Go Daddy Secure Certificate Authority - G2.pem
View file

0
certs/letsencrypt.pem → certs/Let's Encrypt Authority X3.pem
View file

0
certs/starfield.pem → certs/Starfield Secure Certificate Authority - G2.pem
View file

19
global-functions
View file

@ -63,23 +63,26 @@
# check and import required certificates # check and import required certificates
:global CertificateAvailable do={ :global CertificateAvailable do={
:local CommonName [ :tostr $1 ]; :local CommonName [ :tostr $1 ];
:local FileName ([ :tostr $2 ] . ".pem");
:global ScriptUpdatesBaseUrl; :global ScriptUpdatesBaseUrl;
:global ScriptUpdatesUrlSuffix; :global ScriptUpdatesUrlSuffix;
:global UrlEncode;
:global WaitForFile; :global WaitForFile;
:if ([ / certificate print count-only where common-name=$CommonName ] = 0) do={ :if ([ / certificate print count-only where common-name=$CommonName ] = 0) do={
:log info ("Certificate with CommonName " . $CommonName . \ :log info ("Certificate with CommonName " . $CommonName . \
" not available, downloading and importing."); " not available, downloading and importing.");
:do { :do {
:local LocalFileName ($CommonName . ".pem");
:local UrlFileName ([ $UrlEncode $CommonName ] . ".pem");
/ tool fetch check-certificate=yes-without-crl \ / tool fetch check-certificate=yes-without-crl \
($ScriptUpdatesBaseUrl . "certs/" . \ ($ScriptUpdatesBaseUrl . "certs/" . \
$FileName . $ScriptUpdatesUrlSuffix) \ $UrlFileName . $ScriptUpdatesUrlSuffix) \
dst-path=$FileName; dst-path=$LocalFileName;
$WaitForFile $FileName; $WaitForFile $LocalFileName;
/ certificate import file-name=$FileName passphrase=""; / certificate import file-name=$LocalFileName passphrase="";
/ file remove $LocalFileName;
} on-error={ } on-error={
:log warning "Failed imprting certificate!"; :log warning "Failed imprting certificate!";
} }
@ -112,7 +115,7 @@
} }
:if ([ :len $TelegramTokenId ] > 0 && [ :len $TelegramChatId ] > 0) do={ :if ([ :len $TelegramTokenId ] > 0 && [ :len $TelegramChatId ] > 0) do={
$CertificateAvailable "Go Daddy Secure Certificate Authority - G2" "godaddy"; $CertificateAvailable "Go Daddy Secure Certificate Authority - G2";
:do { :do {
/ tool fetch check-certificate=yes-without-crl keep-result=no http-method=post \ / tool fetch check-certificate=yes-without-crl keep-result=no http-method=post \
("https://api.telegram.org/bot" . $TelegramTokenId . "/sendMessage") \ ("https://api.telegram.org/bot" . $TelegramTokenId . "/sendMessage") \
@ -132,7 +135,7 @@
:do { :do {
:local Vendor; :local Vendor;
$CertificateAvailable "Let's Encrypt Authority X3" "letsencrypt"; $CertificateAvailable "Let's Encrypt Authority X3";
:set Vendor ([ / tool fetch check-certificate=yes-without-crl \ :set Vendor ([ / tool fetch check-certificate=yes-without-crl \
("https://api.macvendors.com/" . [ :pick $Mac 0 8 ]) output=user as-value ]->"data"); ("https://api.macvendors.com/" . [ :pick $Mac 0 8 ]) output=user as-value ]->"data");
:return $Vendor; :return $Vendor;
@ -178,7 +181,7 @@
:local PkgFile ($PkgName . "-" . $PkgVer . "-" . $PkgArch . ".npk"); :local PkgFile ($PkgName . "-" . $PkgVer . "-" . $PkgArch . ".npk");
:local PkgDest [ $CleanFilePath ($PkgDir . "/" . $PkgFile) ]; :local PkgDest [ $CleanFilePath ($PkgDir . "/" . $PkgFile) ];
$CertificateAvailable "Let's Encrypt Authority X3" "letsencrypt"; $CertificateAvailable "Let's Encrypt Authority X3";
:do { :do {
/ tool fetch check-certificate=yes-without-crl \ / tool fetch check-certificate=yes-without-crl \
("https://upgrade.mikrotik.com/routeros/" . $PkgVer . "/" . $PkgFile) \ ("https://upgrade.mikrotik.com/routeros/" . $PkgVer . "/" . $PkgFile) \

3
initial-commands
View file

@ -3,7 +3,7 @@
# Copyright (c) 2018-2019 Christian Hesse <mail@eworm.de> # Copyright (c) 2018-2019 Christian Hesse <mail@eworm.de>
{ {
/ tool fetch "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/certs/letsencrypt.pem" dst-path="letsencrypt.pem"; / tool fetch "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/certs/Let%27s%20Encrypt%20Authority%20X3.pem" dst-path="letsencrypt.pem";
:delay 1s; :delay 1s;
/ certificate { / certificate {
import file-name=letsencrypt.pem passphrase=""; import file-name=letsencrypt.pem passphrase="";
@ -14,6 +14,7 @@
:if ([ / certificate print count-only where fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" or fingerprint="731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568" or fingerprint="0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739" ] != 3) do={ :if ([ / certificate print count-only where fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" or fingerprint="731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568" or fingerprint="0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739" ] != 3) do={
:error "Anything is wrong with your certificates!"; :error "Anything is wrong with your certificates!";
} }
/ file remove "letsencrypt.pem";
:foreach Script in={ "global-config"; "global-functions"; "script-updates" } do={ :foreach Script in={ "global-config"; "global-functions"; "script-updates" } do={
/ system script add name=$Script source=([ / tool fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit.cgi/routeros-scripts/plain/" . $Script) output=user as-value]->"data"); / system script add name=$Script source=([ / tool fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit.cgi/routeros-scripts/plain/" . $Script) output=user as-value]->"data");
} }

2
update-tunnelbroker
View file

@ -27,7 +27,7 @@
:local Pass [ :pick ($Comment->2) 5 99 ]; :local Pass [ :pick ($Comment->2) 5 99 ];
:local Id [ :pick ($Comment->3) 3 99 ]; :local Id [ :pick ($Comment->3) 3 99 ];
$CertificateAvailable "Starfield Secure Certificate Authority - G2" "starfield"; $CertificateAvailable "Starfield Secure Certificate Authority - G2";
:log info ("Local address changed, sending UPDATE to tunnelbroker! New address: " . $PublicAddress); :log info ("Local address changed, sending UPDATE to tunnelbroker! New address: " . $PublicAddress);
/ tool fetch check-certificate=yes-without-crl \ / tool fetch check-certificate=yes-without-crl \
("https://ipv4.tunnelbroker.net/nic/update\?hostname=" . $Id) \ ("https://ipv4.tunnelbroker.net/nic/update\?hostname=" . $Id) \