lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-19 11:04:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

OpenVPN / CRL - trap validateSignature() exceptions to syslog

Browse Source
This commit is contained in:
Ad Schellevis 2022-09-01 16:46:21 +02:00
parent 08e39cb0df
commit 3b39e2d1f6
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/etc/inc/certs.inc
View File

@ -677,8 +677,13 @@ function crl_update(&$crl)
$x509_crl->loadCRL($x509_crl->saveCRL($x509_crl->signCRL($ca_cert, $x509_crl)));
/* Now validate the CRL to see if everything went well */
if (!$x509_crl->validateSignature(false)) {
syslog(LOG_ERR, 'Cert revocation error: CRL signature invalid');
try {
if (!$x509_crl->validateSignature(false)) {
syslog(LOG_ERR, 'Cert revocation error: CRL signature invalid');
return false;
}
} catch (Exception $e) {
syslog(LOG_ERR, 'Cert revocation error: CRL signature invalid ' . $e);
return false;
}