From 1d466a368fc7dd3657c016983d6dd7d3b67ab35d Mon Sep 17 00:00:00 2001
From: Vasco <true.vasco.alves@gmail.com>
Date: Wed, 22 Apr 2026 00:24:07 +0100
Subject: [PATCH] OPENSSL !!!!!!!

---
 conf/ocsp-verify.sh | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/conf/ocsp-verify.sh b/conf/ocsp-verify.sh
index 0e382da..1ae2f1e 100755
--- a/conf/ocsp-verify.sh
+++ b/conf/ocsp-verify.sh
@@ -1,13 +1,10 @@
 #!/bin/bash
-# OpenVPN passes cert depth as $1
 depth=$1
-
-# Only check client certificate (depth 0)
 env >> /etc/openvpn/server/ocsp_env.log
 if [ "$depth" -eq 0 ]; then
     echo "Checking OCSP for serial=$tls_serial_0" >> /etc/openvpn/server/ocsp.log
     if [ -n "$tls_serial_0" ]; then
-        # OpenVPN exports tls_serial_0 as decimal, OpenSSL expects hex
+        # é preciso converter o serial para hexadecimal porque o openssl espera em hex
         hex_serial=$(printf '%x' "$tls_serial_0")
         status=$(openssl ocsp -issuer /etc/openvpn/server/ca.crt -serial "0x$hex_serial" -url http://10.60.0.1:8888 -CAfile /etc/openvpn/server/ca.crt 2>>/etc/openvpn/server/ocsp.log)
         echo "OCSP Status: $status" >> /etc/openvpn/server/ocsp.log