#!/bin/sh

set -e

CRL_PATH='/var/local/ssl/crls/'
CA_CERT='/etc/ssl/certs/cacert.org.pem'
RSYNC_LOCATION='crl.cacert.org::crl'

rsync -aqz "$RSYNC_LOCATION" "$CRL_PATH"

for crl in "$CRL_PATH"*.crl
do
	if openssl crl -noout -inform DER -in "$crl" -CAfile "$CA_CERT" 2>/dev/null
	then
		openssl crl -inform DER -in "$crl" -out "$crl".pem
	else
		echo "Error: Could not validate the CRL at $crl" >&2
	fi
done


c_rehash "$CRL_PATH" > /dev/null

service apache2 reload > /dev/null

exit 0