#! /bin/sh
# @(#)(CAcert) $Id: check-ocspd,v 1.4 2015/08/11 10:59:35 wytze Exp $
# check-ocspd - script to check whether ocspd is still responsive
#		and restart it if no response is received

SERVICE=ocspd					# service name for systemd
ADDR=127.0.0.1:2560				# address to check
CACERT=/usr/local/etc/ocspd/certs/ca-class1.crt	# root certificate
PIDFILE=/usr/local/etc/ocspd/ocspd.pid		# pid file

TAG=`basename $0`

syslog_error()
{
        logger -t ${TAG} -p daemon.err $1
}

syslog_notice()
{
        logger -t ${TAG} -p daemon.notice $1
}


PROG=`basename $0`

if [ -f ${PIDFILE} ]
then
	if timeout -k 30 30 openssl ocsp -issuer ${CACERT} -serial 1 \
		-CAfile ${CACERT} -host ${ADDR} >/dev/null 2>&1
	then
		exit 0
	else
		syslog_error "${SERVICE} is not responsive, restarting"
		systemctl restart ${SERVICE}
	fi
else
	syslog_notice "${PIDFILE} missing for ${SERVICE}"
fi