LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   file-5.05 breaking certwatch on current (http://www.linuxquestions.org/questions/slackware-14/file-5-05-breaking-certwatch-on-current-861832/)

ulyx 02-10-2011 08:48 AM

file-5.05 breaking certwatch on current
 
Hello,

since slackware-current updates on feb 02, i found the certwatch cronjob failing with

unable to load certificate
3210:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1315:
3210:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:379:Type=X509
date: invalid date `+%s'

on two machines running current. Digging a bit deeper I found that the instruction in certwatch
Code:

if [ $? -eq 0 -o "$(file "$certfile" | grep ASCII)" == "" ]; then
    inform=DER
fi

leads to the wrong file input format (DER instead of PEM) and the error message above. Changing the certwatch instruction to

Code:

if [ $? -eq 0 -o "$(file "$certfile" | grep PEM)" == "" ]; then
    inform=DER
fi

makes the script working again. I also mailed this to Jan Rafaj (the certwatch author).

regards - uli

ulyx 02-10-2011 12:37 PM

Hello everyone,

Jan Rafaj answered with a simple patch (needless to say the preferred solution) for certwatch, covering file-5.05 and older versions:

Code:

diff --git a/certwatch b/certwatch
index ac8d834..8fef150 100755
--- a/certwatch
+++ b/certwatch
@@ -93,7 +93,7 @@ find $CERTDIR -type f -maxdepth 1 | while read certfile ; do
    continue
  fi
  echo "$certfile" | grep -q -i '\.der$'
-  if [ $? -eq 0 -o "$(file "$certfile" | grep ASCII)" == "" ]; then
+  if [ $? -eq 0 -o "$(file "$certfile" | egrep '(ASCII|PEM)')" == "" ]; then
    inform=DER
  fi
  # We wont use '-checkend' since it is not properly documented (as of

Jan has sent it cc: to volkerdi. Thanks to Jan!

regards - uli


All times are GMT -5. The time now is 05:50 PM.