mirror.MikroTik/eworm.routeros-scripts
1
0
Fork 0
mirror of https://git.eworm.de/cgit/routeros-scripts synced 2025-07-16 04:54:28 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

global-functions: split $CertificateAvailable to $CertificateDownload

Browse source 
This allows to force download even if certificate is available. We need
this for a clean update path with Let's Encrypt.
This commit is contained in:
Christian Hesse 2020-01-03 10:07:55 +01:00
parent afb9839073
commit cb1e520965
1 changed files with 28 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

45
global-functions
View file

@ -17,6 +17,7 @@
# global functions
:global UrlEncode;
:global CharacterReplace;
:global CertificateDownload;
:global CertificateAvailable;
:global SendEMail;
:global SendTelegram;
@ -79,8 +80,8 @@
:return ($Return . $String);
}
# check and import required certificates
:set CertificateAvailable do={
# download and import certificate
:set CertificateDownload do={
:local CommonName [ :tostr $1 ];
:global ScriptUpdatesBaseUrl;
@ -89,22 +90,32 @@
:global UrlEncode;
:global WaitForFile;
:log info ("Downloading and importing certificate with " . \
"CommonName " . $CommonName . ".");
:do {
:local LocalFileName ($CommonName . ".pem");
:local UrlFileName ([ $UrlEncode $CommonName ] . ".pem");
/ tool fetch check-certificate=yes-without-crl \
($ScriptUpdatesBaseUrl . "certs/" . \
$UrlFileName . $ScriptUpdatesUrlSuffix) \
dst-path=$LocalFileName;
$WaitForFile $LocalFileName;
/ certificate import file-name=$LocalFileName passphrase="";
/ file remove $LocalFileName;
} on-error={
:log warning "Failed imprting certificate!";
}
}
# check and download required certificate
:set CertificateAvailable do={
:local CommonName [ :tostr $1 ];
:global CertificateDownload;
:if ([ / certificate print count-only where common-name=$CommonName ] = 0) do={
:log info ("Certificate with CommonName " . $CommonName . \
" not available, downloading and importing.");
:do {
:local LocalFileName ($CommonName . ".pem");
:local UrlFileName ([ $UrlEncode $CommonName ] . ".pem");
/ tool fetch check-certificate=yes-without-crl \
($ScriptUpdatesBaseUrl . "certs/" . \
$UrlFileName . $ScriptUpdatesUrlSuffix) \
dst-path=$LocalFileName;
$WaitForFile $LocalFileName;
/ certificate import file-name=$LocalFileName passphrase="";
/ file remove $LocalFileName;
} on-error={
:log warning "Failed imprting certificate!";
}
:log info ("Certificate with CommonName " . $CommonName . " not available.");
$CertificateDownload $CommonName;
}
}