diff options
author | Christian Hesse <mail@eworm.de> | 2018-12-20 22:21:00 +0100 |
---|---|---|
committer | Christian Hesse <mail@eworm.de> | 2018-12-20 22:21:00 +0100 |
commit | f4673928efaa46a03888063ef5fa3bc2d40eb38e (patch) | |
tree | 16f44a1a4f75e72e440a79ace1342fd95a2c2cd2 /global-functions | |
parent | abdc9b0cbdfcab17ab5d47c0afce7b8c79be931a (diff) |
global-functions: make $CertificateAvailable work on CommonName
This should prevent endless certificate switching for Let's Encrypt
cross-signed intermediate certificates.
Diffstat (limited to 'global-functions')
-rw-r--r-- | global-functions | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/global-functions b/global-functions index b3a0d33..a7beda6 100644 --- a/global-functions +++ b/global-functions @@ -34,20 +34,21 @@ # check and import required certificates :global CertificateAvailable do={ - :local fprint [ :tostr $1 ]; + :local commonname [ :tostr $1 ]; + :local filename ([ :tostr $2 ] . ".pem"); :global "script-updates-baseurl"; :global "script-updates-urlsuffix"; - :if ([ / certificate print count-only where fingerprint=$fprint ] = 0) do={ - :log info ("Certificate with fingerprint " . $fprint . \ + :if ([ / certificate print count-only where common-name=$commonname ] = 0) do={ + :log info ("Certificate with CommonName " . $commonname . \ " not available, downloading and importing."); :do { / tool fetch check-certificate=yes-without-crl \ ($"script-updates-baseurl" . "certs/" . \ - $fprint . ".pem" . $"script-updates-urlsuffix") \ - dst-path=($fprint . ".pem"); - / certificate import file-name=($fprint . ".pem") passphrase=""; + $filename . $"script-updates-urlsuffix") \ + dst-path=$filename; + / certificate import file-name=$filename passphrase=""; } on-error={ :log warning "Failed imprting certificate!"; } @@ -80,7 +81,7 @@ } :if ([ :len $"telegram-tokenid" ] > 0 && [ :len $"telegram-chatid" ] > 0) do={ - $CertificateAvailable "973a41276ffd01e027a2aad49e34c37846d3e976ff6a620b6712e33832041aa6"; + $CertificateAvailable "Go Daddy Secure Certificate Authority - G2" "godaddy"; :do { / tool fetch check-certificate=yes-without-crl keep-result=no http-method=post \ ("https://api.telegram.org/bot" . $"telegram-tokenid" . "/sendMessage") \ |