From 811ce6a9aa6168b4240a81abc090f17be746add3 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Tue, 1 Jun 2021 23:35:19 -0500 Subject: [PATCH] Update IKEv2 script - Check certificate status when exporting a client configuration using --exportclient --- extras/ikev2setup.sh | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/extras/ikev2setup.sh b/extras/ikev2setup.sh index 4545827..3fecd80 100755 --- a/extras/ikev2setup.sh +++ b/extras/ikev2setup.sh @@ -193,6 +193,17 @@ check_arguments() { || ! check_client_cert_exists; then exiterr "Invalid client name, or client does not exist." fi + if ! check_client_cert_status; then + printf '%s' "Error: Certificate '$client_name' " >&2 + if printf '%s' "$cert_status" | grep -q "revoked"; then + echo "has been revoked." >&2 + elif printf '%s' "$cert_status" | grep -q "expired"; then + echo "has expired." >&2 + else + echo "is invalid." >&2 + fi + exit 1 + fi fi if [ "$list_clients" = "1" ]; then check_ikev2_exists || exiterr "You must first set up IKEv2 before listing clients." @@ -206,13 +217,15 @@ check_arguments() { exiterr "Invalid client name, or client does not exist." fi if ! check_client_cert_status; then + printf '%s' "Error: Certificate '$client_name' " >&2 if printf '%s' "$cert_status" | grep -q "revoked"; then - exiterr "Certificate '$client_name' has already been revoked." + echo "has already been revoked." >&2 elif printf '%s' "$cert_status" | grep -q "expired"; then - exiterr "Certificate '$client_name' has expired." + echo "has expired." >&2 else - exiterr "Certificate '$client_name' is invalid." + echo "is invalid." >&2 fi + exit 1 fi fi if [ "$remove_ikev2" = "1" ]; then