mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-11-10 00:11:45 +00:00
Add option for a custom ca-bundle file. (#274)
* Add option for a custom ca-bundle file. * Renamed option cacert to ca-bundle. * Save CA_BUNDLE path in configuration file. * Store absolule path to ca-bundle file
This commit is contained in:
parent
36246ad9ac
commit
78009539d1
20
acme.sh
20
acme.sh
@ -743,6 +743,10 @@ _inithttp() {
|
|||||||
CURL="$CURL --trace-ascii $_CURL_DUMP "
|
CURL="$CURL --trace-ascii $_CURL_DUMP "
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "$CA_BUNDLE" ] ; then
|
||||||
|
CURL="$CURL --cacert $CA_BUNDLE "
|
||||||
|
fi
|
||||||
|
|
||||||
if [ "$HTTPS_INSECURE" ] ; then
|
if [ "$HTTPS_INSECURE" ] ; then
|
||||||
CURL="$CURL --insecure "
|
CURL="$CURL --insecure "
|
||||||
fi
|
fi
|
||||||
@ -753,6 +757,9 @@ _inithttp() {
|
|||||||
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then
|
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then
|
||||||
WGET="$WGET -d "
|
WGET="$WGET -d "
|
||||||
fi
|
fi
|
||||||
|
if [ "$CA_BUNDLE" ] ; then
|
||||||
|
WGET="$WGET --ca-certificate $CA_BUNDLE "
|
||||||
|
fi
|
||||||
if [ "$HTTPS_INSECURE" ] ; then
|
if [ "$HTTPS_INSECURE" ] ; then
|
||||||
WGET="$WGET --no-check-certificate "
|
WGET="$WGET --no-check-certificate "
|
||||||
fi
|
fi
|
||||||
@ -2058,6 +2065,12 @@ issue() {
|
|||||||
_savedomainconf "Le_RenewalDays" "$Le_RenewalDays"
|
_savedomainconf "Le_RenewalDays" "$Le_RenewalDays"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "$CA_BUNDLE" ] ; then
|
||||||
|
_saveaccountconf CA_BUNDLE "$CA_BUNDLE"
|
||||||
|
else
|
||||||
|
_clearaccountconf "CA_BUNDLE"
|
||||||
|
fi
|
||||||
|
|
||||||
if [ "$HTTPS_INSECURE" ] ; then
|
if [ "$HTTPS_INSECURE" ] ; then
|
||||||
_saveaccountconf HTTPS_INSECURE "$HTTPS_INSECURE"
|
_saveaccountconf HTTPS_INSECURE "$HTTPS_INSECURE"
|
||||||
else
|
else
|
||||||
@ -2772,6 +2785,7 @@ Parameters:
|
|||||||
--listraw Only used for '--list' command, list the certs in raw format.
|
--listraw Only used for '--list' command, list the certs in raw format.
|
||||||
--stopRenewOnError, -se Only valid for '--renewall' command. Stop if one cert has error in renewal.
|
--stopRenewOnError, -se Only valid for '--renewall' command. Stop if one cert has error in renewal.
|
||||||
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
|
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
|
||||||
|
--ca-bundle Specifices the path to the CA certificate bundle to verify api server's certificate.
|
||||||
--nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically.
|
--nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically.
|
||||||
--ecc Specifies to use the ECC cert. Valid for '--installcert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
|
--ecc Specifies to use the ECC cert. Valid for '--installcert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
|
||||||
"
|
"
|
||||||
@ -2846,6 +2860,7 @@ _process() {
|
|||||||
_listraw=""
|
_listraw=""
|
||||||
_stopRenewOnError=""
|
_stopRenewOnError=""
|
||||||
_insecure=""
|
_insecure=""
|
||||||
|
_ca_bundle=""
|
||||||
_nocron=""
|
_nocron=""
|
||||||
_ecc=""
|
_ecc=""
|
||||||
while [ ${#} -gt 0 ] ; do
|
while [ ${#} -gt 0 ] ; do
|
||||||
@ -3088,6 +3103,11 @@ _process() {
|
|||||||
_insecure="1"
|
_insecure="1"
|
||||||
HTTPS_INSECURE="1"
|
HTTPS_INSECURE="1"
|
||||||
;;
|
;;
|
||||||
|
--ca-bundle)
|
||||||
|
_ca_bundle=$(readlink -f $2)
|
||||||
|
CA_BUNDLE="$_ca_bundle"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
--nocron)
|
--nocron)
|
||||||
_nocron="1"
|
_nocron="1"
|
||||||
;;
|
;;
|
||||||
|
Loading…
Reference in New Issue
Block a user