Add option for a custom ca-bundle file. (#274)

* Add option for a custom ca-bundle file.

* Renamed option cacert to ca-bundle.

* Save CA_BUNDLE path in configuration file.

* Store absolule path to ca-bundle file
pull/276/head
Patrick Sodré 8 years ago committed by neil
parent 36246ad9ac
commit 78009539d1

@ -743,6 +743,10 @@ _inithttp() {
CURL="$CURL --trace-ascii $_CURL_DUMP " CURL="$CURL --trace-ascii $_CURL_DUMP "
fi fi
if [ "$CA_BUNDLE" ] ; then
CURL="$CURL --cacert $CA_BUNDLE "
fi
if [ "$HTTPS_INSECURE" ] ; then if [ "$HTTPS_INSECURE" ] ; then
CURL="$CURL --insecure " CURL="$CURL --insecure "
fi fi
@ -753,6 +757,9 @@ _inithttp() {
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then
WGET="$WGET -d " WGET="$WGET -d "
fi fi
if [ "$CA_BUNDLE" ] ; then
WGET="$WGET --ca-certificate $CA_BUNDLE "
fi
if [ "$HTTPS_INSECURE" ] ; then if [ "$HTTPS_INSECURE" ] ; then
WGET="$WGET --no-check-certificate " WGET="$WGET --no-check-certificate "
fi fi
@ -2058,6 +2065,12 @@ issue() {
_savedomainconf "Le_RenewalDays" "$Le_RenewalDays" _savedomainconf "Le_RenewalDays" "$Le_RenewalDays"
fi fi
if [ "$CA_BUNDLE" ] ; then
_saveaccountconf CA_BUNDLE "$CA_BUNDLE"
else
_clearaccountconf "CA_BUNDLE"
fi
if [ "$HTTPS_INSECURE" ] ; then if [ "$HTTPS_INSECURE" ] ; then
_saveaccountconf HTTPS_INSECURE "$HTTPS_INSECURE" _saveaccountconf HTTPS_INSECURE "$HTTPS_INSECURE"
else else
@ -2772,6 +2785,7 @@ Parameters:
--listraw Only used for '--list' command, list the certs in raw format. --listraw Only used for '--list' command, list the certs in raw format.
--stopRenewOnError, -se Only valid for '--renewall' command. Stop if one cert has error in renewal. --stopRenewOnError, -se Only valid for '--renewall' command. Stop if one cert has error in renewal.
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted. --insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
--ca-bundle Specifices the path to the CA certificate bundle to verify api server's certificate.
--nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically. --nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically.
--ecc Specifies to use the ECC cert. Valid for '--installcert', '--renew', '--revoke', '--toPkcs' and '--createCSR' --ecc Specifies to use the ECC cert. Valid for '--installcert', '--renew', '--revoke', '--toPkcs' and '--createCSR'
" "
@ -2846,6 +2860,7 @@ _process() {
_listraw="" _listraw=""
_stopRenewOnError="" _stopRenewOnError=""
_insecure="" _insecure=""
_ca_bundle=""
_nocron="" _nocron=""
_ecc="" _ecc=""
while [ ${#} -gt 0 ] ; do while [ ${#} -gt 0 ] ; do
@ -3088,6 +3103,11 @@ _process() {
_insecure="1" _insecure="1"
HTTPS_INSECURE="1" HTTPS_INSECURE="1"
;; ;;
--ca-bundle)
_ca_bundle=$(readlink -f $2)
CA_BUNDLE="$_ca_bundle"
shift
;;
--nocron) --nocron)
_nocron="1" _nocron="1"
;; ;;

Loading…
Cancel
Save