#! /usr/bin/tclsh8.5 ### -*-tcl-*- ### ### Revoke a certificate request ### ### (c) 2011 Mark Wooding ### ###----- Licensing notice --------------------------------------------------- ### ### This program is free software; you can redistribute it and/or modify ### it under the terms of the GNU General Public License as published by ### the Free Software Foundation; either version 2 of the License, or ### (at your option) any later version. ### ### This program is distributed in the hope that it will be useful, ### but WITHOUT ANY WARRANTY; without even the implied warranty of ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ### GNU General Public License for more details. ### ### You should have received a copy of the GNU General Public License ### along with this program; if not, write to the Free Software Foundation, ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ## Find the common utilities. source [file join [file dirname $argv0] "../lib/func.tcl"] ## Open the database sqlite3 db "$CERTROOT/state/ca.db" db nullvalue nil cd "$CERTROOT" ## Get the list of requests. if {[llength $argv] != 1} { puts stderr "usage: $QUIS REQID" exit 1 } lassign $argv reqid ## Set the request state. Don't try to revoke the certificates: they'll ## expire soon enough, and there isn't really anything wrong with them ## anyway. (If there were anything wrong, the request would have been ## revoked.) db transaction { set del {} foreach req [request-match $reqid "st = 'active'"] { lassign [db eval { SELECT st, tag FROM request WHERE id = $req; }] \ reqst tag if {[string equal $reqst active]} { lappend del "req/active/$tag" } foreach {cert certst} [db eval { SELECT seq, st FROM certificate WHERE req = $req AND st = 'active'; }] { db eval { UPDATE certificate SET st = 'withdrawn' WHERE seq = $cert; } lappend del "cert/active/$tag" } db eval { UPDATE request SET st = 'withdrawn' WHERE id = $req; } } } foreach f $del { file delete -force "$CERTROOT/$f" }