mirror of
https://github.com/dehydrated-io/dehydrated.git
synced 2026-07-13 08:32:46 +02:00
rewritten command_revoke method (shortened + changed output to look less like one of those weird openssl error messages)
This commit is contained in:
+8
-11
@@ -440,6 +440,8 @@ command_sign_domains() {
|
|||||||
command_revoke() {
|
command_revoke() {
|
||||||
init_system
|
init_system
|
||||||
|
|
||||||
|
[[ -n "${CA_REVOKE_CERT}" ]] || _exiterr "Certificate authority doesn't allow certificate revocation."
|
||||||
|
|
||||||
cert="${1}"
|
cert="${1}"
|
||||||
if [[ -L "${cert}" ]]; then
|
if [[ -L "${cert}" ]]; then
|
||||||
# follow symlink and use real certificate name (so we move the real file and not the symlink at the end)
|
# follow symlink and use real certificate name (so we move the real file and not the symlink at the end)
|
||||||
@@ -451,21 +453,16 @@ command_revoke() {
|
|||||||
cert="$(dirname "${cert}")/${link_target}"
|
cert="$(dirname "${cert}")/${link_target}"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
if [[ ! -f "${cert}" ]]; then
|
[[ -f "${cert}" ]] || _exiterr "Could not find certificate ${cert}"
|
||||||
echo "ERROR: Could not find certificate ${cert}"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "Revoking ${cert}"
|
echo "Revoking ${cert}"
|
||||||
if [[ -z "${CA_REVOKE_CERT}" ]]; then
|
|
||||||
echo " + ERROR: Certificate authority doesn't allow certificate revocation." >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
cert64="$(openssl x509 -in "${cert}" -inform PEM -outform DER | urlbase64)"
|
cert64="$(openssl x509 -in "${cert}" -inform PEM -outform DER | urlbase64)"
|
||||||
response="$(signed_request "${CA_REVOKE_CERT}" '{"resource": "revoke-cert", "certificate": "'"${cert64}"'"}')"
|
response="$(signed_request "${CA_REVOKE_CERT}" '{"resource": "revoke-cert", "certificate": "'"${cert64}"'"}')"
|
||||||
# if there is a problem with our revoke request http_request (via signed_request) will report this and "exit 1" out
|
# if there is a problem with our revoke request _request (via signed_request) will report this and "exit 1" out
|
||||||
# so if we are here, it is safe to assume the request was successful
|
# so if we are here, it is safe to assume the request was successful
|
||||||
echo " + SUCCESS"
|
echo " + Done."
|
||||||
echo " + renaming certificate to ${cert}-revoked"
|
echo " + Renaming certificate to ${cert}-revoked"
|
||||||
mv -f "${cert}" "${cert}-revoked"
|
mv -f "${cert}" "${cert}-revoked"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -185,7 +185,7 @@ _TEST "Revoking certificate..."
|
|||||||
./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog || _FAIL "Script execution failed"
|
./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog || _FAIL "Script execution failed"
|
||||||
REAL_CERT="$(readlink -n "certs/${TMP_URL}/cert.pem")"
|
REAL_CERT="$(readlink -n "certs/${TMP_URL}/cert.pem")"
|
||||||
_CHECK_LOG "Revoking certs/${TMP_URL}/${REAL_CERT}"
|
_CHECK_LOG "Revoking certs/${TMP_URL}/${REAL_CERT}"
|
||||||
_CHECK_LOG "SUCCESS"
|
_CHECK_LOG "Done."
|
||||||
_CHECK_FILE "certs/${TMP_URL}/${REAL_CERT}-revoked"
|
_CHECK_FILE "certs/${TMP_URL}/${REAL_CERT}-revoked"
|
||||||
_CHECK_ERRORLOG
|
_CHECK_ERRORLOG
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user