diff options
author | mboelen <michael@cisofy.com> | 2014-09-09 16:49:37 +0400 |
---|---|---|
committer | mboelen <michael@cisofy.com> | 2014-09-09 16:49:37 +0400 |
commit | dd2ea3efaf5a91b97840383b578ad8ddffbd76a8 (patch) | |
tree | 705fee4e70ef4920598f76ab238332e791f33372 /include/tests_crypto | |
parent | 3beae44e9268920f73f742365bfb26be5e5f63be (diff) |
Made adjustments to run in non-privileged scans
Diffstat (limited to 'include/tests_crypto')
-rw-r--r-- | include/tests_crypto | 44 |
1 files changed, 27 insertions, 17 deletions
diff --git a/include/tests_crypto b/include/tests_crypto index af73fd6c..719617a0 100644 --- a/include/tests_crypto +++ b/include/tests_crypto @@ -32,23 +32,33 @@ sSSL_PATHS=`grep "^ssl:certificates:" ${PROFILE} | cut -d ':' -f3` for I in ${sSSL_PATHS}; do if [ -d ${I} ]; then - logtext "Result: found directory ${I}" - # Search for CRT files - sFINDCRTS=`find ${I} -name "*.crt" -type f -print 2> /dev/null` - for J in ${sFINDCRTS}; do - logtext "Test: checking certificate ${J}" - # Check certificate where 'end date' has been expired - FIND=`${OPENSSLBINARY} x509 -noout -checkend 0 -in ${J} -enddate > /dev/null ; echo $?` - if [ "${FIND}" = "0" ]; then - logtext "Result: certificate ${J} seems to be correct and still valid" - report "valid_certificate[]=${J}|unknown entity|" - else - FOUNDPROBLEM=1 - logtext "Result: certificate ${J} has been expired" - report "expired_certificate[]=${J}" - #YYY Dump more information to log file - fi - done + FileIsReadable ${I} + if [ ${CANREAD} -eq 1 ]; then + logtext "Result: found directory ${I}" + # Search for CRT files + sFINDCRTS=`find ${I} -name "*.crt" -type f -print 2> /dev/null` + for J in ${sFINDCRTS}; do + FileIsReadable ${J} + if [ ${CANREAD} -eq 1 ]; then + logtext "Test: checking certificate ${J}" + # Check certificate where 'end date' has been expired + FIND=`${OPENSSLBINARY} x509 -noout -checkend 0 -in ${J} -enddate > /dev/null ; echo $?` + if [ "${FIND}" = "0" ]; then + logtext "Result: certificate ${J} seems to be correct and still valid" + report "valid_certificate[]=${J}|unknown entity|" + else + FOUNDPROBLEM=1 + logtext "Result: certificate ${J} has been expired" + report "expired_certificate[]=${J}" + #YYY Dump more information to log file + fi + else + logtext "Warning: can not read file ${J}" + fi + done + else + logtext "Warning: No read access to path ${I}" + fi else logtext "Result: SSL path ${I} does not exist" fi |