From fac1e367c9a5c6c58e26dafd3ca10e891bc90a5d Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 14 Aug 2016 22:37:21 +0800 Subject: [PATCH] 2.4.1 fix bug. --- acme.sh | 118 +++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 87 insertions(+), 31 deletions(-) diff --git a/acme.sh b/acme.sh index dc62bcd2..aa3cf0fe 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=2.4.0 +VER=2.4.1 PROJECT_NAME="acme.sh" @@ -45,11 +45,6 @@ fi -_URGLY_PRINTF="" -if [ "$(printf '\x41')" != 'A' ] ; then - _URGLY_PRINTF=1 -fi - __green() { printf '\033[1;31;32m' printf -- "$1" @@ -72,26 +67,24 @@ _info() { } - _err_e() { if [ -z "$2" ] ; then __red "$1" >&2 else __red "$1='$2'" >&2 fi + printf "\n" >&2 } _err() { printf -- "[$(date)] " >&2 - _err_e "$@" - printf "\n" >&2 + _err_e "$@" return 1 } _usage() { version _err_e "$@" - printf "\n" >&2 } _debug() { @@ -213,6 +206,12 @@ _h_char_2_dec() { } + +_URGLY_PRINTF="" +if [ "$(printf '\x41')" != 'A' ] ; then + _URGLY_PRINTF=1 +fi + _h2b() { hex=$(cat) i=1 @@ -363,7 +362,7 @@ _sign() { else _err "$alg is not supported yet" return 1 - fi + fi } @@ -724,6 +723,46 @@ _calcjwk() { _debug3 HEADER "$HEADER" } + + +_mktemp() { + if _exists mktemp ; then + mktemp + fi +} + +_inithttp() { + + if [ -z "$HTTP_HEADER" ] ; then + HTTP_HEADER="$(_mktemp)" + _debug2 HTTP_HEADER "$HTTP_HEADER" + fi + + if [ -z "$CURL" ] ; then + CURL="curl -L --silent --dump-header $HTTP_HEADER " + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then + _CURL_DUMP="$(_mktemp)" + CURL="$CURL --trace-ascii $_CURL_DUMP " + fi + + if [ "$HTTPS_INSECURE" ] ; then + CURL="$CURL --insecure " + fi + fi + + if [ -z "$WGET" ] ; then + WGET="wget -q" + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then + WGET="$WGET -d " + fi + if [ "$HTTPS_INSECURE" ] ; then + WGET="$WGET --no-check-certificate " + fi + fi + +} + + # body url [needbase64] [POST|PUT] _post() { body="$1" @@ -737,8 +776,11 @@ _post() { _debug $httpmethod _debug "url" "$url" _debug2 "body" "$body" + + _inithttp + if _exists "curl" ; then - _CURL="$CURL --dump-header $HTTP_HEADER " + _CURL="$CURL" _debug "_CURL" "$_CURL" if [ "$needbase64" ] ; then response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" --data "$body" "$url" | _base64)" @@ -790,6 +832,9 @@ _get() { t="$3" _debug url $url _debug "timeout" "$t" + + _inithttp + if _exists "curl" ; then _CURL="$CURL" if [ "$t" ] ; then @@ -802,6 +847,13 @@ _get() { $_CURL --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" $url fi ret=$? + if [ "$ret" != "0" ] ; then + _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret" + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then + _err "Here is the curl dump log:" + _err "$(cat "$_CURL_DUMP")" + fi + fi elif _exists "wget" ; then _WGET="$WGET" if [ "$t" ] ; then @@ -814,6 +866,9 @@ _get() { $_WGET --user-agent="$USER_AGENT" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -O - $url fi ret=$? + if [ "$ret" != "0" ] ; then + _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret" + fi else ret=$? _err "Neither curl nor wget is found, can not do GET." @@ -822,6 +877,7 @@ _get() { return $ret } + # url payload needbase64 keyfile _send_signed_request() { url=$1 @@ -970,6 +1026,16 @@ _saveaccountconf() { fi } +#_clearaccountconf key +_clearaccountconf() { + key="$1" + if [ "$ACCOUNT_CONF_PATH" ] ; then + _sed_i "s/^$key.*$//" "$ACCOUNT_CONF_PATH" + else + _err "ACCOUNT_CONF_PATH is empty, can not clear $key" + fi +} + _startserver() { content="$1" _debug "startserver: $$" @@ -1134,22 +1200,6 @@ _initpath() { fi HTTP_HEADER="$LE_WORKING_DIR/http.header" - - WGET="wget -q" - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then - WGET="$WGET -d " - fi - - _CURL_DUMP="$LE_WORKING_DIR/curl.dump" - CURL="curl -L --silent" - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then - CURL="$CURL --trace-ascii $_CURL_DUMP " - fi - - if [ "$Le_Insecure" ] ; then - WGET="$WGET --no-check-certificate " - CURL="$CURL --insecure " - fi _DEFAULT_ACCOUNT_KEY_PATH="$LE_WORKING_DIR/account.key" if [ -z "$ACCOUNT_KEY_PATH" ] ; then @@ -1969,6 +2019,10 @@ issue() { _cleardomainconf "Le_Vlist" Le_LinkIssuer=$(grep -i '^Link' $HTTP_HEADER | head -1 | cut -d " " -f 2| cut -d ';' -f 1 | tr -d '<>' ) + if ! _contains "$Le_LinkIssuer" ":" ; then + Le_LinkIssuer="$API$Le_LinkIssuer" + fi + _savedomainconf "Le_LinkIssuer" "$Le_LinkIssuer" if [ "$Le_LinkIssuer" ] ; then @@ -1992,8 +2046,10 @@ issue() { _savedomainconf "Le_RenewalDays" "$Le_RenewalDays" fi - if [ "$Le_Insecure" ] ; then - _savedomainconf "Le_Insecure" "$Le_Insecure" + if [ "$HTTPS_INSECURE" ] ; then + _saveaccountconf HTTPS_INSECURE "$HTTPS_INSECURE" + else + _clearaccountconf "HTTPS_INSECURE" fi Le_NextRenewTime=$(_math $Le_CertCreateTime + $Le_RenewalDays \* 24 \* 60 \* 60) @@ -3017,7 +3073,7 @@ _process() { ;; --insecure) _insecure="1" - Le_Insecure="$_insecure" + HTTPS_INSECURE="1" ;; --nocron) _nocron="1"