starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-04-23 00:38:30 +02:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

use temporary file for DER->PEM conversion (fixes #279)

Browse Source
This commit is contained in:
Lukas Schauer
2016-09-17 13:02:48 +02:00
parent 0c1e958d19
commit 7eca8aec5a
1 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
dehydrated
View File

@@ -621,9 +621,13 @@ sign_domain() {
# Create fullchain.pem # Create fullchain.pem
echo " + Creating fullchain.pem..." echo " + Creating fullchain.pem..."
cat "${crt_path}" > "${CERTDIR}/${domain}/fullchain-${timestamp}.pem" cat "${crt_path}" > "${CERTDIR}/${domain}/fullchain-${timestamp}.pem"
http_request get "$(openssl x509 -in "${CERTDIR}/${domain}/cert-${timestamp}.pem" -noout -text | grep 'CA Issuers - URI:' | cut -d':' -f2-)" > "${CERTDIR}/${domain}/chain-${timestamp}.pem" tmpchain="$(_mktemp)"
if ! grep -q "BEGIN CERTIFICATE" "${CERTDIR}/${domain}/chain-${timestamp}.pem"; then http_request get "$(openssl x509 -in "${CERTDIR}/${domain}/cert-${timestamp}.pem" -noout -text | grep 'CA Issuers - URI:' | cut -d':' -f2-)" > "${tmpchain}"
openssl x509 -in "${CERTDIR}/${domain}/chain-${timestamp}.pem" -inform DER -out "${CERTDIR}/${domain}/chain-${timestamp}.pem" -outform PEM if grep -q "BEGIN CERTIFICATE" "${tmpchain}"; then
mv "${tmpchain}" "${CERTDIR}/${domain}/chain-${timestamp}.pem"
else
openssl x509 -in "${tmpchain}" -inform DER -out "${CERTDIR}/${domain}/chain-${timestamp}.pem" -outform PEM
rm "${tmpchain}"
fi fi
cat "${CERTDIR}/${domain}/chain-${timestamp}.pem" >> "${CERTDIR}/${domain}/fullchain-${timestamp}.pem" cat "${CERTDIR}/${domain}/chain-${timestamp}.pem" >> "${CERTDIR}/${domain}/fullchain-${timestamp}.pem"
@@ -797,10 +801,13 @@ command_sign_csr() {
if [ -n "${PARAM_FULL_CHAIN:-}" ]; then if [ -n "${PARAM_FULL_CHAIN:-}" ]; then
# get and convert ca cert # get and convert ca cert
chainfile="$(_mktemp)" chainfile="$(_mktemp)"
http_request get "$(openssl x509 -in "${certfile}" -noout -text | grep 'CA Issuers - URI:' | cut -d':' -f2-)" > "${chainfile}" tmpchain="$(_mktemp)"
http_request get "$(openssl x509 -in "${certfile}" -noout -text | grep 'CA Issuers - URI:' | cut -d':' -f2-)" > "${tmpchain}"
if ! grep -q "BEGIN CERTIFICATE" "${chainfile}"; then if grep -q "BEGIN CERTIFICATE" "${tmpchain}"; then
openssl x509 -inform DER -in "${chainfile}" -outform PEM -out "${chainfile}" mv "${tmpchain}" "${chainfile}"
else
openssl x509 -in "${tmpchain}" -inform DER -out "${chainfile}" -outform PEM
rm "${tmpchain}"
fi fi
echo "# CHAIN #" >&3 echo "# CHAIN #" >&3