Opened 13 years ago

Closed 12 years ago

Last modified 11 years ago

#3266 closed defect (fixed)

Certificate Authority Certificates procedure fails

Reported by: rafe Owned by: blfs-book@…
Priority: lowest Milestone:
Component: BOOK Version: SVN
Severity: trivial Keywords: Authority Certificates
Cc:

Description

Blfs page postlfs/cacerts.html

Using the latest CA Certificate Download from mozilla, the script /bin/remove-expired-certs.sh produces error messages. This is due to the fact that some expiry dates are now beyond Jan 19 03:14:07 2038 GMT which is the largest date that 'date (GNU coreutils) 8.12' can handle. I solved the problem for myself by parsing the date output from openssl using a 'bash' function instead of the call to 'date'. While revising the script I also removed the hard-coded path to openssl and improved the awkward defaulting of DIR.

#!/bin/bash
# Begin /bin/remove-expired-certs.sh

MON=(Zer Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec)
DIR="${1:-/etc/ssl/certs}"

certs=$( find "$DIR" -type f -name "*.pem" -o -name "*.crt" )
today=$( date +%Y%m%d )

Date(){
  mon=${1:9:3};
  for M in `seq 1 12`; do [ ${MON[$M]} = $mon ] && break; done
  [ ${#M} = 1 ] && M=0$M;
  [ ${#2} = 1 ] && D=0$2 || D=$2;
  expiry=$4$M$D
}

for cert in $certs; do
  Date $( openssl x509 -enddate -in "$cert" -noout )
  [ $today -le $expiry ] && continue
  echo -n "${cert##*/} expired on $expiry, "
  rm -fv "$cert"
done

Change History (3)

comment:1 by bdubbs@…, 13 years ago

Milestone: 6.7current

comment:2 by bdubbs@…, 12 years ago

Resolution: fixed
Status: newclosed

This was fixed with a slightly different Date script.

comment:3 by bdubbs@…, 11 years ago

Milestone: current

Milestone current deleted

Note: See TracTickets for help on using tickets.