Show error if chain is configured for a CA which doesn't offer alternate chains (fixes #845)

2026-05-06 07:03:28 +02:00 · 2021-10-31 20:06:09 +01:00
parent 5733863b93
commit 7ac25358ef
1 changed files with 3 additions and 0 deletions
--- a/3
+++ b/3
@@ -1198,6 +1198,9 @@ sign_csr() {
    crt="$(signed_request "${certificate}" "" 4>"${resheaders}")"

    if [ -n "${PREFERRED_CHAIN:-}" ]; then
+      if ! (grep -Ei '^link:' "${resheaders}" | grep -q -Ei 'rel="alternate"'); then
+        _exiterr "Preferred chain defined but CA doesn't offer chain selection."
+      fi
      foundaltchain=0
      altcn="$(get_last_cn "${crt}")"
      altoptions="${altcn}"