From 6ae0f7f5c6f207d47a2a72a882e50b6ae76d6ba5 Mon Sep 17 00:00:00 2001
From: neil <github@byneil.com>
Date: Sun, 2 Oct 2016 23:37:37 +0800
Subject: [PATCH] support "--listen-v4" and  "--listen-v6" (#311)

https://github.com/Neilpang/acme.sh/issues/310
---
 acme.sh | 62 +++++++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 54 insertions(+), 8 deletions(-)

diff --git a/acme.sh b/acme.sh
index 90dd23e4..ca892060 100755
--- a/acme.sh
+++ b/acme.sh
@@ -1199,8 +1199,16 @@ _startserver() {
     fi
   fi
 
-  _debug "_NC" "$_NC"
   _debug Le_HTTPPort "$Le_HTTPPort"
+  _debug Le_Listen_V4 "$Le_Listen_V4"
+  _debug Le_Listen_V6 "$Le_Listen_V6"
+  if [ "$Le_Listen_V4" ] ; then
+    _NC="$_NC -4"
+  elif [ "$Le_Listen_V6" ] ; then
+    _NC="$_NC -6"
+  fi
+  _debug "_NC" "$_NC"
+
 #  while true ; do
     if [ "$DEBUG" ] ; then
       if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort ; then
@@ -1264,13 +1272,14 @@ _sleep() {
   fi
 }
 
-# _starttlsserver  san_a  san_b port content
+# _starttlsserver  san_a  san_b port content _ncaddr
 _starttlsserver() {
   _info "Starting tls server."
   san_a="$1"
   san_b="$2"
   port="$3"
   content="$4"
+  opaddr="$5"
   
   _debug san_a "$san_a"
   _debug san_b "$san_b"
@@ -1298,12 +1307,27 @@ _starttlsserver() {
     return 1
   fi
   
-  #start openssl
-  _debug "openssl s_server -cert \"$TLS_CERT\"  -key \"$TLS_KEY\" -accept $port  -tlsextdebug"
-  if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then
-    (printf "HTTP/1.1 200 OK\r\n\r\n$content" | openssl s_server -cert "$TLS_CERT"  -key "$TLS_KEY" -accept $port -tlsextdebug ) &
+  __S_OPENSSL="openssl s_server -cert $TLS_CERT  -key $TLS_KEY "
+  if [ "$opaddr" ] ; then
+    __S_OPENSSL="$__S_OPENSSL -accept $opaddr:$port"
   else
-    (printf "HTTP/1.1 200 OK\r\n\r\n$content" | openssl s_server -cert "$TLS_CERT"  -key "$TLS_KEY" -accept $port  >/dev/null 2>&1) &
+    __S_OPENSSL="$__S_OPENSSL -accept $port"
+  fi
+
+  _debug Le_Listen_V4 "$Le_Listen_V4"
+  _debug Le_Listen_V6 "$Le_Listen_V6"
+  if [ "$Le_Listen_V4" ] ; then
+    __S_OPENSSL="$__S_OPENSSL -4"
+  elif [ "$Le_Listen_V6" ] ; then
+    __S_OPENSSL="$__S_OPENSSL -6"
+  fi
+  
+  #start openssl
+  _debug "$__S_OPENSSL"
+  if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then
+    (printf "HTTP/1.1 200 OK\r\n\r\n$content" | $__S_OPENSSL  -tlsextdebug ) &
+  else
+    (printf "HTTP/1.1 200 OK\r\n\r\n$content" | $__S_OPENSSL  >/dev/null 2>&1) &
   fi
 
   serverproc="$!"
@@ -1997,6 +2021,16 @@ issue() {
   _savedomainconf "Le_RenewHook"     "$Le_RenewHook"
   _savedomainconf "Le_LocalAddress"     "$Le_LocalAddress"
   
+
+  if [ "$Le_Listen_V4" ] ; then
+    _savedomainconf "Le_Listen_V4"     "$Le_Listen_V4"
+    _cleardomainconf Le_Listen_V6
+  elif [ "$Le_Listen_V6" ] ; then
+    _savedomainconf "Le_Listen_V6"     "$Le_Listen_V6"
+    _cleardomainconf Le_Listen_V4
+  fi
+  
+  
   Le_API="$API"
   _savedomainconf "Le_API" "$Le_API"
   
@@ -3435,7 +3469,7 @@ Parameters:
   --days                            Specifies the days to renew the cert when using '--issue' command. The max value is $MAX_RENEW days.
   --httpport                        Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
   --tlsport                         Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer.
-  --local-address                   Specifies the standalone server listening address, in case you have multiple ip addresses.
+  --local-address                   Specifies the standalone/tls server listening address, in case you have multiple ip addresses.
   --listraw                         Only used for '--list' command, list the certs in raw format.
   --stopRenewOnError, -se           Only valid for '--renewall' command. Stop if one cert has error in renewal.
   --insecure                        Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
@@ -3448,6 +3482,8 @@ Parameters:
   --renew-hook                      Command to be run once for each successfully renewed certificate.
   --ocsp-must-staple, --ocsp        Generate ocsp must Staple extension.
   --auto-upgrade   [0|1]            Valid for '--upgrade' command, indicating whether to upgrade automatically in future.
+  --listen-v4                       Force standalone/tls server to listen at ipv4.
+  --listen-v6                       Force standalone/tls server to listen at ipv6.
   "
 }
 
@@ -3555,6 +3591,8 @@ _process() {
   _local_address=""
   _log_level=""
   _auto_upgrade=""
+  _listen_v4=""
+  _listen_v6=""
   while [ ${#} -gt 0 ] ; do
     case "${1}" in
     
@@ -3870,6 +3908,14 @@ _process() {
         fi
         AUTO_UPGRADE="$_auto_upgrade"
         ;;
+    --listen-v4)
+        _listen_v4="1"
+        Le_Listen_V4="$_listen_v4"
+        ;;
+    --listen-v6)
+        _listen_v6="1"
+        Le_Listen_V6="$_listen_v6"
+        ;;
         
     *)
         _err "Unknown parameter : $1"