BBlack has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/315670

Change subject: update-ocsp: check response status
......................................................................

update-ocsp: check response status

Bug: T93927
Change-Id: I7c3b173cde3b38a4b50c6852cc6b6e4b8f6ed550
---
M modules/sslcert/files/update-ocsp
1 file changed, 5 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/70/315670/1

diff --git a/modules/sslcert/files/update-ocsp 
b/modules/sslcert/files/update-ocsp
index 6268f0b..c6138f8 100644
--- a/modules/sslcert/files/update-ocsp
+++ b/modules/sslcert/files/update-ocsp
@@ -211,6 +211,11 @@
         raise Exception("Did not find verification OK in stderr:\n%s" %
                         (ocsp_err))
 
+    # Check the response says successful rather than revoked
+    if not re.search('^\s*OCSP Response Status: successful \(0x0\)$', 
ocsp_text, re.M):
+        raise Exception("OCSP Response Status not successful:\n%s" %
+                        (ocsp_text))
+
     now_dt = datetime.datetime.utcnow()
 
     # This starts out based on min_cert, then is raised to the greater

-- 
To view, visit https://gerrit.wikimedia.org/r/315670
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I7c3b173cde3b38a4b50c6852cc6b6e4b8f6ed550
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <bbl...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to