summarylogtreecommitdiffstats
path: root/csync2-rm-ssl-cert
diff options
context:
space:
mode:
Diffstat (limited to 'csync2-rm-ssl-cert')
-rwxr-xr-xcsync2-rm-ssl-cert46
1 files changed, 46 insertions, 0 deletions
diff --git a/csync2-rm-ssl-cert b/csync2-rm-ssl-cert
new file mode 100755
index 00000000000..06a3809a595
--- /dev/null
+++ b/csync2-rm-ssl-cert
@@ -0,0 +1,46 @@
+#!/bin/bash
+
+if [ $# -eq 0 -o "$1" = "-h" ]; then
+ cat <<END
+
+Remove a peer's SSL certificate from csync2's local database. Use this after
+replacing a peer node (or regenerating its SSL certificate).
+
+Usage: $0 [-h] <hostname>
+
+Options:
+ -h Display this usage information
+
+END
+ exit 0
+fi
+
+DBFILE=/var/lib/csync2/$(hostname).db3
+if [ ! -f "$DBFILE" ]; then
+ echo "Local csync2 database ($DBFILE) not found."
+ exit 1
+fi
+
+# Strip double and single quotes from hostname so they can't interfere with the SQL
+PEERNAME=$(echo $1 | sed -e "s/['\"]//g")
+
+certcount()
+{
+ echo "SELECT COUNT(peername) FROM x509_cert WHERE peername='$1';" | sqlite3 $DBFILE
+}
+
+if [ $(certcount "$PEERNAME") -eq 0 ]; then
+ echo "Certificate for '$PEERNAME' not in local database."
+ exit 0
+fi
+
+echo "DELETE FROM x509_cert WHERE peername='$PEERNAME';" | sqlite3 $DBFILE
+
+if [ $(certcount "$PEERNAME") -ne 0 ]; then
+ echo "Error removing certificate for '$PEERNAME' from local database."
+ exit 1
+fi
+
+echo "Certificate for '$PEERNAME' removed from local database."
+
+