plantroon
/
acme.sh
mirror of https://github.com/plantroon/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix https://github.com/Neilpang/acme.sh/issues/288 

add --ocsp-must-staple, --ocsp
This commit is contained in:
neil 2016-09-15 10:41:47 +08:00
parent 7b16442656
commit 0c9546ccb0
1 changed files with 39 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
acme.sh
View File

@ -1,6 +1,6 @@
#!/usr/bin/env sh #!/usr/bin/env sh
VER=2.5.0 VER=2.5.1
PROJECT_NAME="acme.sh" PROJECT_NAME="acme.sh"
@ -163,11 +163,11 @@ _hasfield() {
for f in $(echo "$_str" | tr ',' ' ') ; do for f in $(echo "$_str" | tr ',' ' ') ; do
if [ "$f" = "$_field" ] ; then if [ "$f" = "$_field" ] ; then
_debug "'$_str' contains '$_field'" _debug2 "'$_str' contains '$_field'"
return 0 #contains ok return 0 #contains ok
fi fi
done done
_debug "'$_str' does not contain '$_field'" _debug2 "'$_str' does not contain '$_field'"
return 1 #not contains return 1 #not contains
} }
@ -440,16 +440,20 @@ _createcsr() {
_debug _createcsr _debug _createcsr
domain="$1" domain="$1"
domainlist="$2" domainlist="$2"
key="$3" csrkey="$3"
csr="$4" csr="$4"
csrconf="$5" csrconf="$5"
_debug2 domain "$domain" _debug2 domain "$domain"
_debug2 domainlist "$domainlist" _debug2 domainlist "$domainlist"
_debug2 csrkey "$csrkey"
_debug2 csr "$csr"
_debug2 csrconf "$csrconf"
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\n\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment" > "$csrconf"
if [ -z "$domainlist" ] || [ "$domainlist" = "no" ]; then if [ -z "$domainlist" ] || [ "$domainlist" = "no" ]; then
#single domain #single domain
_info "Single domain" "$domain" _info "Single domain" "$domain"
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\n" > "$csrconf"
openssl req -new -sha256 -key "$key" -subj "/CN=$domain" -config "$csrconf" -out "$csr"
else else
if _contains "$domainlist" "," ; then if _contains "$domainlist" "," ; then
alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")" alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")"
@ -458,9 +462,13 @@ _createcsr() {
fi fi
#multi #multi
_info "Multi domain" "$alt" _info "Multi domain" "$alt"
printf -- "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment\nsubjectAltName=$alt" > "$csrconf" printf -- "\nsubjectAltName=$alt" >> "$csrconf"
openssl req -new -sha256 -key "$key" -subj "/CN=$domain" -config "$csrconf" -out "$csr"
fi fi
if [ "$Le_OCSP_Stable" ] ; then
_savedomainconf Le_OCSP_Stable "$Le_OCSP_Stable"
printf -- "\nbasicConstraints = CA:FALSE\n1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05" >> "$csrconf"
fi
openssl req -new -sha256 -key "$csrkey" -subj "/CN=$domain" -config "$csrconf" -out "$csr"
} }
#_signcsr key csr conf cert #_signcsr key csr conf cert
@ -1066,56 +1074,56 @@ _setopt() {
#_savedomainconf key value #_savedomainconf key value
#save to domain.conf #save to domain.conf
_savedomainconf() { _savedomainconf() {
key="$1" _sdkey="$1"
value="$2" _sdvalue="$2"
if [ "$DOMAIN_CONF" ] ; then if [ "$DOMAIN_CONF" ] ; then
_setopt "$DOMAIN_CONF" "$key" "=" "\"$value\"" _setopt "$DOMAIN_CONF" "$_sdkey" "=" "\"$_sdvalue\""
else else
_err "DOMAIN_CONF is empty, can not save $key=$value" _err "DOMAIN_CONF is empty, can not save $_sdkey=$_sdvalue"
fi fi
} }
#_cleardomainconf key #_cleardomainconf key
_cleardomainconf() { _cleardomainconf() {
key="$1" _sdkey="$1"
if [ "$DOMAIN_CONF" ] ; then if [ "$DOMAIN_CONF" ] ; then
_sed_i "s/^$key.*$//" "$DOMAIN_CONF" _sed_i "s/^$_sdkey.*$//" "$DOMAIN_CONF"
else else
_err "DOMAIN_CONF is empty, can not save $key=$value" _err "DOMAIN_CONF is empty, can not save $_sdkey=$value"
fi fi
} }
#_readdomainconf key #_readdomainconf key
_readdomainconf() { _readdomainconf() {
key="$1" _sdkey="$1"
if [ "$DOMAIN_CONF" ] ; then if [ "$DOMAIN_CONF" ] ; then
( (
eval $(grep "^$key *=" "$DOMAIN_CONF") eval $(grep "^$_sdkey *=" "$DOMAIN_CONF")
eval "printf \"%s\" \"\$$key\"" eval "printf \"%s\" \"\$$_sdkey\""
) )
else else
_err "DOMAIN_CONF is empty, can not read $key" _err "DOMAIN_CONF is empty, can not read $_sdkey"
fi fi
} }
#_saveaccountconf key value #_saveaccountconf key value
_saveaccountconf() { _saveaccountconf() {
key="$1" _sckey="$1"
value="$2" _scvalue="$2"
if [ "$ACCOUNT_CONF_PATH" ] ; then if [ "$ACCOUNT_CONF_PATH" ] ; then
_setopt "$ACCOUNT_CONF_PATH" "$key" "=" "\"$value\"" _setopt "$ACCOUNT_CONF_PATH" "$_sckey" "=" "\"$_scvalue\""
else else
_err "ACCOUNT_CONF_PATH is empty, can not save $key=$value" _err "ACCOUNT_CONF_PATH is empty, can not save $_sckey=$_scvalue"
fi fi
} }
#_clearaccountconf key #_clearaccountconf key
_clearaccountconf() { _clearaccountconf() {
key="$1" _scvalue="$1"
if [ "$ACCOUNT_CONF_PATH" ] ; then if [ "$ACCOUNT_CONF_PATH" ] ; then
_sed_i "s/^$key.*$//" "$ACCOUNT_CONF_PATH" _sed_i "s/^$_scvalue.*$//" "$ACCOUNT_CONF_PATH"
else else
_err "ACCOUNT_CONF_PATH is empty, can not clear $key" _err "ACCOUNT_CONF_PATH is empty, can not clear $_scvalue"
fi fi
} }
@ -1357,7 +1365,7 @@ _initpath() {
fi fi
if [ -z "$DOMAIN_SSL_CONF" ] ; then if [ -z "$DOMAIN_SSL_CONF" ] ; then
DOMAIN_SSL_CONF="$DOMAIN_PATH/$domain.ssl.conf" DOMAIN_SSL_CONF="$DOMAIN_PATH/$domain.csr.conf"
fi fi
if [ -z "$CSR_PATH" ] ; then if [ -z "$CSR_PATH" ] ; then
@ -3079,6 +3087,7 @@ Parameters:
--pre-hook Command to be run before obtaining any certificates. --pre-hook Command to be run before obtaining any certificates.
--post-hook Command to be run after attempting to obtain/renew certificates. No matter the obain/renew is success or failed. --post-hook Command to be run after attempting to obtain/renew certificates. No matter the obain/renew is success or failed.
--renew-hook Command to be run once for each successfully renewed certificate. --renew-hook Command to be run once for each successfully renewed certificate.
--ocsp-must-staple, --ocsp Generate ocsp must Staple extension.
" "
} }
@ -3431,6 +3440,9 @@ _process() {
_renew_hook="$2" _renew_hook="$2"
shift shift
;; ;;
--ocsp-must-staple|--ocsp)
Le_OCSP_Stable="1"
;;
*) *)
_err "Unknown parameter : $1" _err "Unknown parameter : $1"
return 1 return 1