starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-05-17 04:17:00 +02:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Don't assume order status to be valid

Browse Source 
Per https://tools.ietf.org/html/rfc8555#section-7.1.3

> status (required, string):  The status of this order.  Possible values are
> "pending", "ready", "processing", "valid", and "invalid".  See Section 7.1.6.
This commit is contained in:
Rogdham
2020-04-01 09:03:20 +02:00
committed by Lukas Schauer
parent c8333f5a56
commit 58bd926e30
1 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
dehydrated
View File

@@ -699,7 +699,8 @@ sign_csr() {
challenge_identifiers="[${challenge_identifiers%, }]" challenge_identifiers="[${challenge_identifiers%, }]"
echo " + Requesting new certificate order from CA..." echo " + Requesting new certificate order from CA..."
result="$(signed_request "${CA_NEW_ORDER}" '{"identifiers": '"${challenge_identifiers}"'}')" order_location="$(signed_request "${CA_NEW_ORDER}" '{"identifiers": '"${challenge_identifiers}"'}' 4>&1 | grep -i ^Location: | awk '{print $2}' | tr -d '\r\n')"
result="$(signed_request "${order_location}" "" | clean_json)"
order_authorizations="$(echo ${result} | get_json_array_value authorizations)" order_authorizations="$(echo ${result} | get_json_array_value authorizations)"
finalize="$(echo "${result}" | get_json_string_value finalize)" finalize="$(echo "${result}" | get_json_string_value finalize)"
@@ -867,8 +868,27 @@ sign_csr() {
crt64="$(signed_request "${CA_NEW_CERT}" '{"resource": "new-cert", "csr": "'"${csr64}"'"}' | "${OPENSSL}" base64 -e)" crt64="$(signed_request "${CA_NEW_CERT}" '{"resource": "new-cert", "csr": "'"${csr64}"'"}' | "${OPENSSL}" base64 -e)"
crt="$( printf -- '-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n' "${crt64}" )" crt="$( printf -- '-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n' "${crt64}" )"
else else
result="$(signed_request "${finalize}" '{"csr": "'"${csr64}"'"}' | clean_json | get_json_string_value certificate)" result="$(signed_request "${finalize}" '{"csr": "'"${csr64}"'"}' | clean_json)"
crt="$(signed_request "${result}" "")" while :
do
status="$(echo "${result}" | get_json_string_value status)"
echo " > Order is ${status}..."
case "${status}"
in
"processing" | "pending")
sleep 2;
;;
"valid")
break;
;;
*)
_exiterr "Order in status ${status}"
;;
esac
result="$(signed_request "${order_location}" "" | clean_json)"
done
certificate="$(echo "${result}" | get_json_string_value certificate)"
crt="$(signed_request "${certificate}" "")"
fi fi
# Try to load the certificate to detect corruption # Try to load the certificate to detect corruption