RCS file: /home/software/ocspd/etc/RCS/update-crls,v Working file: /home/software/ocspd/etc/update-crls head: 1.11 branch: locks: strict access list: symbolic names: keyword substitution: kv total revisions: 11; selected revisions: 11 description: update-crls - script to be run from cron at regular intervals ---------------------------- revision 1.11 date: 2015/08/29 08:04:04; author: wytze; state: Exp; lines: +2 -1 Add missing chdir (necessary after the previous checkin!). ---------------------------- revision 1.10 date: 2015/08/26 14:31:21; author: wytze; state: Exp; lines: +7 -6 Slightly revised update strategy, fixing minor issue and reducing the number of ../ references. ---------------------------- revision 1.9 date: 2015/08/24 09:26:24; author: wytze; state: Exp; lines: +18 -9 Add check for possible failure when converting crl from DER to PEM format; in case of some error, save a copy of the failing crl in /tmp, log the event and don't update the daemon. ---------------------------- revision 1.8 date: 2015/08/12 09:55:09; author: wytze; state: Exp; lines: +8 -3 Signalling of ocspd should be done at most once per execution of the script. ---------------------------- revision 1.7 date: 2015/08/10 13:43:34; author: wytze; state: Exp; lines: +2 -2 Ensure that only the oldest running ocspd is signalled. ---------------------------- revision 1.6 date: 2015/08/10 13:13:19; author: wytze; state: Exp; lines: +3 -1 Add command to send termination signal to ocspd when one or more CRLs are actually changed. Eventually the signal should be replaced by HUP to force the OCSP daemon to reload the changed CRLs itself without a restart, but this is currently not a reliable method. ---------------------------- revision 1.5 date: 2014/02/05 16:36:21; author: wytze; state: Exp; lines: +3 -3 Use rsync instead of wget for more efficient retrieval of updated crls. ---------------------------- revision 1.4 date: 2012/12/16 16:40:09; author: wytze; state: Exp; lines: +2 -2 Update location to obtain the crls from: .../CRL/... rather than .../crl/... ---------------------------- revision 1.3 date: 2011/05/17 16:13:47; author: wytze; state: Exp; lines: +10 -5 Restructure the script to ensure that the installation of an updated crl occurs as an atomic operation for both the .crl and .pem formats. While the ocspd server only uses the .pem format, an http-based crl server running on the same machine can now use the .crl format reliably too, without risking serving an incomplete file in the middle of retrieval. ---------------------------- revision 1.2 date: 2011/04/29 09:02:28; author: wytze; state: Exp; lines: +4 -1 Add code to record changes in syslog. ---------------------------- revision 1.1 date: 2011/04/28 15:46:03; author: wytze; state: Exp; Initial revision =============================================================================