Adds support for --ca-path option for using non-default curl/wget CA certs

This commit is contained in:
jtbr 2017-03-19 16:10:09 +01:00
parent 52cdedcba0
commit 2aa75f034f

22
acme.sh
View File

@ -1479,7 +1479,9 @@ _inithttp() {
_ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP " _ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP "
fi fi
if [ "$CA_BUNDLE" ]; then if [ "$CA_PATH" ]; then
_ACME_CURL="$_ACME_CURL --capath $CA_PATH "
elif [ "$CA_BUNDLE" ]; then
_ACME_CURL="$_ACME_CURL --cacert $CA_BUNDLE " _ACME_CURL="$_ACME_CURL --cacert $CA_BUNDLE "
fi fi
@ -1490,8 +1492,10 @@ _inithttp() {
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
_ACME_WGET="$_ACME_WGET -d " _ACME_WGET="$_ACME_WGET -d "
fi fi
if [ "$CA_BUNDLE" ]; then if [ "$CA_PATH" ]; then
_ACME_WGET="$_ACME_WGET --ca-certificate $CA_BUNDLE " _ACME_WGET="$_ACME_WGET --ca-directory=$CA_PATH "
elif [ "$CA_BUNDLE" ]; then
_ACME_WGET="$_ACME_WGET --ca-certificate=$CA_BUNDLE "
fi fi
fi fi
@ -3702,6 +3706,12 @@ issue() {
else else
_clearaccountconf "CA_BUNDLE" _clearaccountconf "CA_BUNDLE"
fi fi
if [ "$CA_PATH" ]; then
_saveaccountconf CA_PATH "$CA_PATH"
else
_clearaccountconf "CA_PATH"
fi
if [ "$HTTPS_INSECURE" ]; then if [ "$HTTPS_INSECURE" ]; then
_saveaccountconf HTTPS_INSECURE "$HTTPS_INSECURE" _saveaccountconf HTTPS_INSECURE "$HTTPS_INSECURE"
@ -4918,6 +4928,7 @@ _process() {
_stopRenewOnError="" _stopRenewOnError=""
#_insecure="" #_insecure=""
_ca_bundle="" _ca_bundle=""
_ca_path=""
_nocron="" _nocron=""
_ecc="" _ecc=""
_csr="" _csr=""
@ -5232,6 +5243,11 @@ _process() {
CA_BUNDLE="$_ca_bundle" CA_BUNDLE="$_ca_bundle"
shift shift
;; ;;
--ca-path)
_ca_path="$2"
CA_PATH="$_ca_path"
shift
;;
--nocron) --nocron)
_nocron="1" _nocron="1"
;; ;;