|
Lines 636-658
Link Here
|
| 636 |
# implement OCSP support. |
636 |
# implement OCSP support. |
| 637 |
# |
637 |
# |
| 638 |
|
638 |
|
|
|
639 |
crl = None |
| 639 |
for uri in cert["crl"]: |
640 |
for uri in cert["crl"]: |
|
|
641 |
|
| 642 |
# for now we only support http distribution points |
| 640 |
if not uri.startswith("http"): |
643 |
if not uri.startswith("http"): |
| 641 |
continue |
644 |
continue |
| 642 |
|
645 |
|
| 643 |
crl = find_crl(uri) |
646 |
crl = find_crl(uri) |
| 644 |
if crl is None: |
647 |
if crl is not None: |
| 645 |
return (False, "Unable to retrieve CRL at %s" % uri) |
648 |
break |
| 646 |
|
649 |
|
| 647 |
if crl["serials"].has_key(cert["serial"]): |
650 |
# failed to get CRL, lets try next distribution point |
| 648 |
vprint("Certificate revoked by CRL list at %s" % uri) |
651 |
vprint("Failed to download CRL list at %s, trying next distribution point" % uri) |
| 649 |
return (False, "Certificate has been revoked by CA") |
652 |
|
|
|
653 |
# check if certificate is revoked |
| 654 |
if crl is not None and crl["serials"].has_key(cert["serial"]): |
| 655 |
vprint("Certificate revoked by CRL list at %s" % uri) |
| 656 |
return (False, "Certificate has been revoked by CA") |
| 650 |
|
657 |
|
| 651 |
# We've passed expiration/validation dates, CA verification, CRL |
|
|
| 652 |
# checks. It's OK. |
| 653 |
|
| 654 |
return (True, "Certificate OK") |
658 |
return (True, "Certificate OK") |
| 655 |
|
659 |
|
|
|
660 |
|
| 656 |
def usage(): |
661 |
def usage(): |
| 657 |
print "Usage: tl-ldap-certalias [options]" |
662 |
print "Usage: tl-ldap-certalias [options]" |
| 658 |
print "Options:" |
663 |
print "Options:" |
