container-openvpn/bin/ovpn_listclients

55 lines
1.3 KiB
Plaintext
Raw Permalink Normal View History

2016-05-11 22:35:00 +00:00
#!/bin/bash
if [ -z "$OPENVPN" ]; then
export OPENVPN="$PWD"
fi
if ! source "$OPENVPN/ovpn_env.sh"; then
echo "Could not source $OPENVPN/ovpn_env.sh."
exit 1
fi
if [ -z "$EASYRSA_PKI" ]; then
export EASYRSA_PKI="$OPENVPN/pki"
fi
cd "$EASYRSA_PKI"
if [ -e crl.pem ]; then
cat ca.crt crl.pem > cacheck.pem
else
cat ca.crt > cacheck.pem
2016-05-11 22:35:00 +00:00
fi
echo "name,begin,end,status"
for name in issued/*.crt; do
path=$name
begin=$(openssl x509 -noout -startdate -in $path | awk -F= '{ print $2 }')
end=$(openssl x509 -noout -enddate -in $path | awk -F= '{ print $2 }')
name=${name%.crt}
name=${name#issued/}
if [ "$name" != "$OVPN_CN" ]; then
# check for revocation or expiration
command="openssl verify -crl_check -CAfile cacheck.pem $path"
result=$($command)
if [ $(echo "$result" | wc -l) == 1 ] && [ "$(echo "$result" | grep ": OK")" ]; then
status="VALID"
2016-05-11 22:35:00 +00:00
else
result=$(echo "$result" | tail -n 1 | grep error | cut -d" " -f2)
case $result in
10)
status="EXPIRED"
;;
23)
status="REVOKED"
;;
*)
status="INVALID"
esac
2016-05-11 22:35:00 +00:00
fi
echo "$name,$begin,$end,$status"
2016-05-11 22:35:00 +00:00
fi
done
# Clean
rm cacheck.pem