Skip to content

Commit

Permalink
Make certificate check less noisy by only saying anything about certi…
Browse files Browse the repository at this point in the history 
…ficates that have either errors or warnings associated with them.
  • Loading branch information
@iay
iay committed Dec 1, 2008
1 parent 2592b96 commit 8f7d05e
Showing 1 changed file with 30 additions and 12 deletions.
42 changes: 30 additions & 12 deletions build/check_embedded.pl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,31 @@
close KEYS;
print "Blacklists loaded.\n";

sub error {
my($s) = @_;
push(@olines, ' *** ' . $s . ' ***');
$printme = 1;
}

sub warning {
my ($s) = @_;
push(@olines, ' ' . $s);
$printme = 1;
}

sub comment {
my($s) = @_;
push(@olines, ' (' . $s . ')');
}

while (<>) {

#
# Handle Entity/KeyName header line.
#
if (/^Entity:/) {
@olines = ();
$printme = 0;
@args = split;
$entity = $args[1];
$keyname = $args[3];
Expand Down Expand Up @@ -96,20 +114,20 @@
$pubSize = $1;
# print " Public key size: $pubSize\n";
if ($pubSize < 1024) {
push(@olines, " *** PUBLIC KEY TOO SHORT ***");
error(@olines, 'PUBLIC KEY TOO SHORT');
}
}
if (/Not After : (.*)$/) {
$notAfter = $1;
$days = (str2time($notAfter)-time())/86400.0;
if ($days < 0) {
push(@olines, " *** EXPIRED ***");
error("EXPIRED");
} elsif ($days < 30) {
$days = int($days);
push(@olines, " *** expires in $days days");
error("expires in $days days");
} elsif ($days < 90) {
$days = int($days);
push(@olines, " expires in $days days");
warning("expires in $days days");
}
}

Expand All @@ -126,11 +144,11 @@
# print " fpr: $fpr\n";
if ($pubSize == 1024) {
if (defined($rsa1024{$fpr})) {
push(@olines, " *** WEAK DEBIAN KEY ***");
error("WEAK DEBIAN KEY");
}
} elsif ($pubSize == 2048) {
if (defined($rsa2048{$fpr})) {
push(@olines, " *** WEAK DEBIAN KEY ***");
error("WEAK DEBIAN KEY");
}
}
}
Expand All @@ -143,7 +161,7 @@
# Check KeyName if one has been supplied.
#
if ($hasKeyName && $keyname ne $subjectCN) {
push(@olines, " *** KeyName mismatch: $keyname != $subjectCN");
error("KeyName mismatch: $keyname != $subjectCN");
}

#
Expand Down Expand Up @@ -177,7 +195,7 @@
# Irrespective of what went wrong, client and server results should match.
#
if ($clientOK != $serverOK) {
push(@olines, " *** client/server purpose result mismatch: $clientOK != $serverOK");
error("client/server purpose result mismatch: $clientOK != $serverOK");
}

#
Expand All @@ -195,10 +213,10 @@
if (!$hasKeyName) {
if ($error eq 'self signed certificate') {
$error = '';
push(@olines, " (self signed certificate)");
comment("self signed certificate");
} elsif ($error eq 'unable to get local issuer certificate') {
$error = '';
push(@olines, " (unknown issuer: $issuerCN)");
comment("unknown issuer: $issuerCN");
}
}

Expand All @@ -211,7 +229,7 @@
}

if ($error ne '') {
push(@olines, " *** $error");
error($error);
}

#
Expand All @@ -223,7 +241,7 @@
#
# Print any interesting things related to this certificate.
#
if (@olines > 1) {
if ($printme) {
foreach $oline (@olines) {
print $oline, "\n";
}
Expand Down

0 comments on commit 8f7d05e

Please sign in to comment.