mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-25 14:41:40 +00:00
Update cert suffix for bundles .ocsp generation
This commit is contained in:
parent
733b4e0a34
commit
7d19d784df
@ -118,15 +118,16 @@ haproxy_deploy() {
|
|||||||
Le_Keylength=""
|
Le_Keylength=""
|
||||||
fi
|
fi
|
||||||
if _isEccKey "${Le_Keylength}"; then
|
if _isEccKey "${Le_Keylength}"; then
|
||||||
_info "ECC key type so set suffix to .ecc"
|
_info "ECC key type detected"
|
||||||
_suffix=".ecc"
|
_suffix=".ecdsa"
|
||||||
else
|
else
|
||||||
_info "RSA key type so set suffix to .rsa"
|
_info "RSA key type detected"
|
||||||
_suffix=".rsa"
|
_suffix=".rsa"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
_suffix=""
|
_suffix=""
|
||||||
fi
|
fi
|
||||||
|
_debug _suffix "${_suffix}"
|
||||||
|
|
||||||
# Set variables for later
|
# Set variables for later
|
||||||
_pem="${Le_Deploy_haproxy_pem_path}/${Le_Deploy_haproxy_pem_name}${_suffix}"
|
_pem="${Le_Deploy_haproxy_pem_path}/${Le_Deploy_haproxy_pem_name}${_suffix}"
|
||||||
@ -215,7 +216,8 @@ haproxy_deploy() {
|
|||||||
-respout "${_ocsp}" \
|
-respout "${_ocsp}" \
|
||||||
-verify_other "${_issuer}" \
|
-verify_other "${_issuer}" \
|
||||||
-no_nonce \
|
-no_nonce \
|
||||||
-CAfile "${_issuer}"
|
-CAfile "${_issuer}" | \
|
||||||
|
grep -q "${_pem}: good"
|
||||||
_ret=$?
|
_ret=$?
|
||||||
else
|
else
|
||||||
# Issuer is not a root CA so no "-CAfile" option
|
# Issuer is not a root CA so no "-CAfile" option
|
||||||
@ -226,7 +228,8 @@ haproxy_deploy() {
|
|||||||
-header Host "${_ocsp_host}" \
|
-header Host "${_ocsp_host}" \
|
||||||
-respout "${_ocsp}" \
|
-respout "${_ocsp}" \
|
||||||
-verify_other "${_issuer}" \
|
-verify_other "${_issuer}" \
|
||||||
-no_nonce
|
-no_nonce | \
|
||||||
|
grep -q "${_pem}: good"
|
||||||
_ret=$?
|
_ret=$?
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
@ -238,10 +241,9 @@ haproxy_deploy() {
|
|||||||
_err "OCSP update requested but no OCSP URL was found in certificate"
|
_err "OCSP update requested but no OCSP URL was found in certificate"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check return code of openssl command
|
# Non fatal: Check return code of openssl command
|
||||||
if [ "${_ret}" != "0" ]; then
|
if [ "${_ret}" != "0" ]; then
|
||||||
_err "Updating OCSP stapling failed with return code ${_ret}"
|
_err "Updating OCSP stapling failed with return code ${_ret}"
|
||||||
return ${_ret}
|
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
# An OCSP file was already present but certificate did not have OCSP extension
|
# An OCSP file was already present but certificate did not have OCSP extension
|
||||||
|
Loading…
Reference in New Issue
Block a user