starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-03-28 03:51:06 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

rewritten command_revoke method (shortened + changed output to look less like one of those weird openssl error messages)

Browse Source
This commit is contained in:
Lukas Schauer
2016-01-08 19:28:19 +01:00
parent 92a822e0b8
commit 3dcfa8b48e
2 changed files with 9 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
letsencrypt.sh
View File

@@ -440,6 +440,8 @@ command_sign_domains() {
command_revoke() {
init_system
[[ -n "${CA_REVOKE_CERT}" ]] || _exiterr "Certificate authority doesn't allow certificate revocation."
cert="${1}"
if [[ -L "${cert}" ]]; then
# follow symlink and use real certificate name (so we move the real file and not the symlink at the end)
@@ -451,21 +453,16 @@ command_revoke() {
cert="$(dirname "${cert}")/${link_target}"
fi
fi
if [[ ! -f "${cert}" ]]; then
echo "ERROR: Could not find certificate ${cert}"
exit 1
fi
[[ -f "${cert}" ]] || _exiterr "Could not find certificate ${cert}"
echo "Revoking ${cert}"
if [[ -z "${CA_REVOKE_CERT}" ]]; then
echo " + ERROR: Certificate authority doesn't allow certificate revocation." >&2
exit 1
fi
cert64="$(openssl x509 -in "${cert}" -inform PEM -outform DER | urlbase64)"
response="$(signed_request "${CA_REVOKE_CERT}" '{"resource": "revoke-cert", "certificate": "'"${cert64}"'"}')"
# if there is a problem with our revoke request http_request (via signed_request) will report this and "exit 1" out
# if there is a problem with our revoke request _request (via signed_request) will report this and "exit 1" out
# so if we are here, it is safe to assume the request was successful
echo " + SUCCESS"
echo " + renaming certificate to ${cert}-revoked"
echo " + Done."
echo " + Renaming certificate to ${cert}-revoked"
mv -f "${cert}" "${cert}-revoked"
}

2
test.sh
View File

@@ -185,7 +185,7 @@ _TEST "Revoking certificate..."
./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog || _FAIL "Script execution failed"
REAL_CERT="$(readlink -n "certs/${TMP_URL}/cert.pem")"
_CHECK_LOG "Revoking certs/${TMP_URL}/${REAL_CERT}"
_CHECK_LOG "SUCCESS"
_CHECK_LOG "Done."
_CHECK_FILE "certs/${TMP_URL}/${REAL_CERT}-revoked"
_CHECK_ERRORLOG