#3266 closed defect (fixed)
Certificate Authority Certificates procedure fails
Reported by: | rafe | Owned by: | |
---|---|---|---|
Priority: | lowest | Milestone: | |
Component: | BOOK | Version: | SVN |
Severity: | trivial | Keywords: | Authority Certificates |
Cc: |
Description
Blfs page postlfs/cacerts.html
Using the latest CA Certificate Download from mozilla, the script /bin/remove-expired-certs.sh produces error messages. This is due to the fact that some expiry dates are now beyond Jan 19 03:14:07 2038 GMT which is the largest date that 'date (GNU coreutils) 8.12' can handle. I solved the problem for myself by parsing the date output from openssl using a 'bash' function instead of the call to 'date'. While revising the script I also removed the hard-coded path to openssl and improved the awkward defaulting of DIR.
#!/bin/bash # Begin /bin/remove-expired-certs.sh MON=(Zer Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec) DIR="${1:-/etc/ssl/certs}" certs=$( find "$DIR" -type f -name "*.pem" -o -name "*.crt" ) today=$( date +%Y%m%d ) Date(){ mon=${1:9:3}; for M in `seq 1 12`; do [ ${MON[$M]} = $mon ] && break; done [ ${#M} = 1 ] && M=0$M; [ ${#2} = 1 ] && D=0$2 || D=$2; expiry=$4$M$D } for cert in $certs; do Date $( openssl x509 -enddate -in "$cert" -noout ) [ $today -le $expiry ] && continue echo -n "${cert##*/} expired on $expiry, " rm -fv "$cert" done
Change History (3)
comment:1 by , 13 years ago
Milestone: | 6.7 → current |
---|
comment:2 by , 12 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
This was fixed with a slightly different Date script.