Add automatic SSL reverification, closes #123
This commit is contained in:
parent
2ce7fcaed7
commit
4bcc4f7703
|
@ -50,6 +50,12 @@
|
|||
</xsl:if>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:key
|
||||
name="ssl-hosts"
|
||||
match="//itsb:link[@verify-ssl = 'false' or @verify-ssl = '0'] | //itsb:url[@verify-ssl = 'false' or @verify-ssl = '0']"
|
||||
use="substring-before(substring-after(text(), 'https://'), '/')"
|
||||
/>
|
||||
|
||||
<xsl:template match="/">
|
||||
<xsl:text><![CDATA[#!/bin/bash
|
||||
set -o pipefail
|
||||
|
@ -81,6 +87,16 @@ if ! command -v json2xml >/dev/null 2>&1; then
|
|||
fi
|
||||
|
||||
]]></xsl:text>
|
||||
<xsl:apply-templates
|
||||
select="//itsb:link[@verify-ssl = 'false' or @verify-ssl = '0'][generate-id() = generate-id(key('ssl-hosts', substring-before(substring-after(text(), 'https://'), '/'))[1])]"
|
||||
mode="check"
|
||||
/>
|
||||
<xsl:apply-templates
|
||||
select="//itsb:url[@verify-ssl = 'false' or @verify-ssl = '0'][generate-id() = generate-id(key('ssl-hosts', substring-before(substring-after(text(), 'https://'), '/'))[1])]"
|
||||
mode="check"
|
||||
/>
|
||||
<xsl:text>
|
||||
</xsl:text>
|
||||
<xsl:apply-templates select="//itsb:feed[not(itsb:link)]" />
|
||||
</xsl:template>
|
||||
|
||||
|
@ -255,6 +271,30 @@ fi
|
|||
</xsl:text>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="itsb:link[@verify-ssl = 'false' or @verify-ssl = '0'] | itsb:url[@verify-ssl = 'false' or @verify-ssl = '0']" mode="check">
|
||||
<xsl:variable name="url_host" select="substring-before(substring-after(text(), 'https://'), '/')" />
|
||||
<xsl:variable name="connect">
|
||||
<xsl:text>'</xsl:text>
|
||||
<xsl:call-template name="escape">
|
||||
<xsl:with-param name="text" select="$url_host" />
|
||||
</xsl:call-template>
|
||||
<xsl:if test="not(contains($url_host, ':'))">
|
||||
<xsl:text>:443</xsl:text>
|
||||
</xsl:if>
|
||||
<xsl:text>'</xsl:text>
|
||||
</xsl:variable>
|
||||
|
||||
<xsl:text>log Checking SSL certificate for </xsl:text>
|
||||
<xsl:value-of select="$connect" />
|
||||
<xsl:text>
|
||||
openssl s_client -quiet -no_ign_eof -verify_return_error -connect </xsl:text>
|
||||
<xsl:value-of select="$connect" />
|
||||
<xsl:text><![CDATA[ </dev/null >/dev/null 2>/dev/null && echo SSL verification is disabled for ]]></xsl:text>
|
||||
<xsl:value-of select="$connect" />
|
||||
<xsl:text>, but it was successful. Consider re-enabling it.
|
||||
</xsl:text>
|
||||
</xsl:template>
|
||||
|
||||
<xsl:template match="*">
|
||||
<xsl:message terminate="yes">
|
||||
<xsl:text>Unmatched element</xsl:text>
|
||||
|
|
Loading…
Reference in New Issue