#!/bin/sh
#
# local daily cron script to prefetch OCSP data for apache2 mod_gnutls

set -eu

# collect OCSP responses here
CACHEDIR=/var/cache/apache2/ocsp

command -v ocsptool > /dev/null || exit 0

mkdir -p "$CACHEDIR"
chown www-data: "$CACHEDIR"

runuser -u www-data -- \
	find /etc/ssl/shared -name '*.chain.pem' -exec \
		sh -c 'stem=$(basename --suffix=.chain.pem '"'{}'"') && ocsptool --ask --no-nonce --load-chain '"'{}'"' --outfile "'"$CACHEDIR"'/$stem.der" > /dev/null 2>&1' ';'