This commit is contained in:
neil 2020-12-13 15:10:42 +08:00
parent 7d249b6d3b
commit 6ae8d10132

58
acme.sh
View File

@ -59,6 +59,9 @@ VTYPE_HTTP="http-01"
VTYPE_DNS="dns-01" VTYPE_DNS="dns-01"
VTYPE_ALPN="tls-alpn-01" VTYPE_ALPN="tls-alpn-01"
ID_TYPE_DNS="dns"
ID_TYPE_IP="ip"
LOCAL_ANY_ADDRESS="0.0.0.0" LOCAL_ANY_ADDRESS="0.0.0.0"
DEFAULT_RENEW=60 DEFAULT_RENEW=60
@ -1222,19 +1225,26 @@ _createcsr() {
if [ "$acmeValidationv1" ]; then if [ "$acmeValidationv1" ]; then
domainlist="$(_idn "$domainlist")" domainlist="$(_idn "$domainlist")"
printf -- "\nsubjectAltName=DNS:$domainlist" >>"$csrconf" _debug2 domainlist "$domainlist"
for dl in $(echo "$domainlist" | tr "," ' '); do
if [ "$alt" ]; then
alt="$alt,$(_getIdType "$dl" | _upper_case):$dl"
else
alt="$(_getIdType "$dl" | _upper_case):$dl"
fi
done
printf -- "\nsubjectAltName=$alt" >>"$csrconf"
elif [ -z "$domainlist" ] || [ "$domainlist" = "$NO_VALUE" ]; then elif [ -z "$domainlist" ] || [ "$domainlist" = "$NO_VALUE" ]; then
#single domain #single domain
_info "Single domain" "$domain" _info "Single domain" "$domain"
printf -- "\nsubjectAltName=DNS:$(_idn "$domain")" >>"$csrconf" printf -- "\nsubjectAltName=$(_getIdType "$domain" | _upper_case):$(_idn "$domain")" >>"$csrconf"
else else
domainlist="$(_idn "$domainlist")" domainlist="$(_idn "$domainlist")"
_debug2 domainlist "$domainlist" _debug2 domainlist "$domainlist"
if _contains "$domainlist" ","; then alt="$(_getIdType "$domain" | _upper_case):$domain"
alt="DNS:$(_idn "$domain"),DNS:$(echo "$domainlist" | sed "s/,,/,/g" | sed "s/,/,DNS:/g")" for dl in $(echo "$domainlist" | tr "," ' '); do
else alt="$alt,$(_getIdType "$dl" | _upper_case):$dl"
alt="DNS:$(_idn "$domain"),DNS:$domainlist" done
fi
#multi #multi
_info "Multi domain" "$alt" _info "Multi domain" "$alt"
printf -- "\nsubjectAltName=$alt" >>"$csrconf" printf -- "\nsubjectAltName=$alt" >>"$csrconf"
@ -4174,6 +4184,36 @@ _match_issuer() {
_contains "$_rootissuer" "$_missuer" _contains "$_rootissuer" "$_missuer"
} }
#ip
_isIPv4() {
for seg in $(echo "$1" | tr '.' ' '); do
if [ $seg -ge 0 ] 2>/dev/null && [ $seg -le 255 ] 2>/dev/null; then
continue
fi
return 1
done
return 0
}
#ip6
_isIPv6() {
_contains "$1" ":"
}
#ip
_isIP() {
_isIPv4 "$1" || _isIPv6 "$1"
}
#identifier
_getIdType() {
if _isIP "$1"; then
echo "$ID_TYPE_IP";
else
echo "$ID_TYPE_DNS";
fi
}
#webroot, domain domainlist keylength #webroot, domain domainlist keylength
issue() { issue() {
if [ -z "$2" ]; then if [ -z "$2" ]; then
@ -4330,7 +4370,7 @@ issue() {
dvsep=',' dvsep=','
if [ -z "$vlist" ]; then if [ -z "$vlist" ]; then
#make new order request #make new order request
_identifiers="{\"type\":\"dns\",\"value\":\"$(_idn "$_main_domain")\"}" _identifiers="{\"type\":\"$(_getIdType "$_main_domain")\",\"value\":\"$(_idn "$_main_domain")\"}"
_w_index=1 _w_index=1
while true; do while true; do
d="$(echo "$_alt_domains," | cut -d , -f "$_w_index")" d="$(echo "$_alt_domains," | cut -d , -f "$_w_index")"
@ -4339,7 +4379,7 @@ issue() {
if [ -z "$d" ]; then if [ -z "$d" ]; then
break break
fi fi
_identifiers="$_identifiers,{\"type\":\"dns\",\"value\":\"$(_idn "$d")\"}" _identifiers="$_identifiers,{\"type\":\"$(_getIdType "$d")\",\"value\":\"$(_idn "$d")\"}"
done done
_debug2 _identifiers "$_identifiers" _debug2 _identifiers "$_identifiers"
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then