starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-05-17 12:26:55 +02:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

don't walk certificate chain for ACMEv2 (certificate contains chain by default)

Browse Source
This commit is contained in:
Lukas Schauer
2018-03-14 18:50:28 +01:00
parent b93eac3893
commit 2533931cf1
2 changed files with 22 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG
+1 -1
View File
@@ -3,7 +3,7 @@ This file contains a log of major changes in dehydrated
## [x.x.x] - xxxx-xx-xx ## [x.x.x] - xxxx-xx-xx
## Changed ## Changed
- ?? - Don't walk certificate chain for ACMEv2 (certificate contains chain by default)
## Added ## Added
- ?? - ??
dehydrated
+21 -12
View File
@@ -990,20 +990,29 @@ sign_domain() {
# Create fullchain.pem # Create fullchain.pem
echo " + Creating fullchain.pem..." echo " + Creating fullchain.pem..."
cat "${crt_path}" > "${certdir}/fullchain-${timestamp}.pem" if [[ ${API} -eq 1 ]]; then
local issuer_hash cat "${crt_path}" > "${certdir}/fullchain-${timestamp}.pem"
issuer_hash="$(get_issuer_hash "${crt_path}")" local issuer_hash
if [ -e "${CHAINCACHE}/${issuer_hash}.chain" ]; then issuer_hash="$(get_issuer_hash "${crt_path}")"
echo " + Using cached chain!" if [ -e "${CHAINCACHE}/${issuer_hash}.chain" ]; then
cat "${CHAINCACHE}/${issuer_hash}.chain" > "${certdir}/chain-${timestamp}.pem" echo " + Using cached chain!"
cat "${CHAINCACHE}/${issuer_hash}.chain" > "${certdir}/chain-${timestamp}.pem"
else
echo " + Walking chain..."
local issuer_cert_uri
issuer_cert_uri="$(get_issuer_cert_uri "${crt_path}" || echo "unknown")"
(walk_chain "${crt_path}" > "${certdir}/chain-${timestamp}.pem") || _exiterr "Walking chain has failed, your certificate has been created and can be found at ${crt_path}, the corresponding private key at ${privkey}. If you want you can manually continue on creating and linking all necessary files. If this error occurs again you should manually generate the certificate chain and place it under ${CHAINCACHE}/${issuer_hash}.chain (see ${issuer_cert_uri})"
cat "${certdir}/chain-${timestamp}.pem" > "${CHAINCACHE}/${issuer_hash}.chain"
fi
cat "${certdir}/chain-${timestamp}.pem" >> "${certdir}/fullchain-${timestamp}.pem"
else else
echo " + Walking chain..." tmpcert="$(_mktemp)"
local issuer_cert_uri tmpchain="$(_mktemp)"
issuer_cert_uri="$(get_issuer_cert_uri "${crt_path}" || echo "unknown")" awk '{print >out}; /----END CERTIFICATE-----/{out=tmpchain}' out="${tmpcert}" tmpchain="${tmpchain}" "${certdir}/cert-${timestamp}.pem"
(walk_chain "${crt_path}" > "${certdir}/chain-${timestamp}.pem") || _exiterr "Walking chain has failed, your certificate has been created and can be found at ${crt_path}, the corresponding private key at ${privkey}. If you want you can manually continue on creating and linking all necessary files. If this error occurs again you should manually generate the certificate chain and place it under ${CHAINCACHE}/${issuer_hash}.chain (see ${issuer_cert_uri})" mv "${certdir}/cert-${timestamp}.pem" "${certdir}/fullchain-${timestamp}.pem"
cat "${certdir}/chain-${timestamp}.pem" > "${CHAINCACHE}/${issuer_hash}.chain" mv "${tmpcert}" "${certdir}/cert-${timestamp}.pem"
mv "${tmpchain}" "${certdir}/chain-${timestamp}.pem"
fi fi
cat "${certdir}/chain-${timestamp}.pem" >> "${certdir}/fullchain-${timestamp}.pem"
# Update symlinks # Update symlinks
[[ "${privkey}" = "privkey.pem" ]] || ln -sf "privkey-${timestamp}.pem" "${certdir}/privkey.pem" [[ "${privkey}" = "privkey.pem" ]] || ln -sf "privkey-${timestamp}.pem" "${certdir}/privkey.pem"