Cleanup, add CRL check

svn path=/myrpki/verify-bpki.sh; revision=2823

1 files changed, 15 insertions, 5 deletions

diff --git a/myrpki/verify-bpki.sh b/myrpki/verify-bpki.sh
index 77d50200..9bcf42e6 100755
--- a/myrpki/verify-bpki.sh
+++ b/myrpki/verify-bpki.sh
@@ -20,13 +20,23 @@
 
 exec 2>&1
 
-# Check that CRLs verify properly
-find bpki.* -name '*.crl' | sed 's=^\(.*\)/\(.*\)$=echo -n "&: "; openssl crl -CAfile \1/ca.cer -noout -in &=' | sh
+for bpki in bpki.*
+do
+  crls=$(find $bpki -name '*.crl')
 
-# Check that issued certs verify properly
-find bpki.* -name '*.cer' ! -name 'ca.cer' ! -name '*.cacert.cer' | sed 's=^\(.*\)/.*$=openssl verify -CAfile \1/ca.cer &=' | sh
+  # Check that CRLs verify properly
+  for crl in $crls
+  do
+    echo -n "$crl: "
+    openssl crl -CAfile $bpki/ca.cer -noout -in $crl
+  done
 
-# Attempt to check that cross-certified certs verify properly
+  # Check that issued certificates verify properly
+  cat $bpki/ca.cer $crls | openssl verify -crl_check -CAfile /dev/stdin $(find $bpki -name '*.cer' ! -name 'ca.cer' ! -name '*.cacert.cer')
+
+done
+
+# Check that cross-certified BSC certificates verify properly
 if test -d bpki.myirbe
 then
     cat bpki.myirbe/xcert.*.cer | openssl verify -verbose -CAfile bpki.myirbe/ca.cer -untrusted /dev/stdin bpki.myrpki/bsc.*.cer