starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-05-13 02:19:48 +02:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

made ocsp refresh interval configurable

Browse Source
This commit is contained in:
Lukas Schauer
2018-05-07 03:31:43 +02:00
parent 9165cfdebf
commit 2a8af8fda7
3 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
dehydrated
View File

@@ -106,6 +106,7 @@ verify_config() {
[[ "${IP_VERSION}" = "4" || "${IP_VERSION}" = "6" ]] || _exiterr "Unknown IP version ${IP_VERSION}... cannot continue."
fi
[[ "${API}" == "auto" || "${API}" == "1" || "${API}" == "2" ]] || _exiterr "Unsupported API version defined in config: ${API}"
[[ "${OCSP_DAYS}" =~ ^[0-9]+$ ]] || _exiterr "OCSP_DAYS must be a number"
}
# Setup default config values, search for and load configuration files
@@ -145,6 +146,7 @@ load_config() {
LOCKFILE=
OCSP_MUST_STAPLE="no"
OCSP_FETCH="no"
OCSP_DAYS=5
IP_VERSION=
CHAINCACHE=
AUTO_CLEANUP="no"
@@ -1310,7 +1312,7 @@ command_sign_domains() {
if [[ ! -e "${certdir}/ocsp.der" ]]; then
update_ocsp="yes"
elif ! ("${OPENSSL}" ocsp -no_nonce -issuer "${chain}" -verify_other "${chain}" -cert "${cert}" -respin "${certdir}/ocsp.der" -status_age 432000 2>&1 | grep -q "${cert}: good"); then
elif ! ("${OPENSSL}" ocsp -no_nonce -issuer "${chain}" -verify_other "${chain}" -cert "${cert}" -respin "${certdir}/ocsp.der" -status_age $((OCSP_DAYS*24*3600)) 2>&1 | grep -q "${cert}: good"); then
update_ocsp="yes"
fi