summaryrefslogtreecommitdiffstats
path: root/dehydrated
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@open-infrastructure.net>2023-03-07 13:21:03 +0000
committerDaniel Baumann <daniel.baumann@open-infrastructure.net>2023-03-21 19:20:14 +0000
commitcab731a71cba0b0e088926847c25388142961ccd (patch)
tree4d46e848542522abb76c33190262fa7221f23003 /dehydrated
parentUpdating dehydrated todo. (diff)
downloadservice-tools-cab731a71cba0b0e088926847c25388142961ccd.tar.xz
service-tools-cab731a71cba0b0e088926847c25388142961ccd.zip
Adding preferred chain compatibility in deploy_cert.extra dehydrated hook.
Signed-off-by: Daniel Baumann <daniel.baumann@open-infrastructure.net>
Diffstat (limited to 'dehydrated')
-rw-r--r--dehydrated/share/hooks/.deploy_cert.extra.swpbin0 -> 12288 bytes
-rwxr-xr-xdehydrated/share/hooks/deploy_cert.extra15
2 files changed, 14 insertions, 1 deletions
diff --git a/dehydrated/share/hooks/.deploy_cert.extra.swp b/dehydrated/share/hooks/.deploy_cert.extra.swp
new file mode 100644
index 0000000..3a22538
--- /dev/null
+++ b/dehydrated/share/hooks/.deploy_cert.extra.swp
Binary files differ
diff --git a/dehydrated/share/hooks/deploy_cert.extra b/dehydrated/share/hooks/deploy_cert.extra
index 56ca2f4..cd1d3b9 100755
--- a/dehydrated/share/hooks/deploy_cert.extra
+++ b/dehydrated/share/hooks/deploy_cert.extra
@@ -25,9 +25,22 @@ echo -n " + Creating extra certificate files..."
DIRECTORY="$(dirname "${CERTFILE}")"
+if [ "$(grep -c 'BEGIN CERTIFICATE' ${FULLCHAINFILE})" -ge 3 ]
+then
+ # long chain
+ # - chain.pem: R3 | ISRG Root X1
+ # - fullchain.pem: Certificate | R3 | ISRG Root X1
+ PEMFILE="${CHAINFILE}"
+else
+ # short chain
+ # - chain.pem: R3
+ # - fullchain.pem: Certificate | R3
+ PEMFILE="${FULLCHAINFILE}"
+fi
+
# root and intermediate CA
TMPFILE="$(mktemp -p "${DIRECTORY}" -u ca.XXXXXXXXXX)"
-grep -Ev '^$' "${CHAINFILE}" | csplit -f "${TMPFILE}" -s -z - '/-----BEGIN CERTIFICATE-----/' '{*}'
+grep -Ev '^$' "${PEMFILE}" | csplit -f "${TMPFILE}" -s -z - '/-----BEGIN CERTIFICATE-----/' '{*}'
mv "${TMPFILE}00" "${DIRECTORY}/intermediate-${TIMESTAMP}.pem"
ln -sf "${DIRECTORY}/intermediate-${TIMESTAMP}.pem" "${DIRECTORY}/intermediate.pem"