From cb1e520965ee1b56ea4ec8084be1f0431c560195 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 3 Jan 2020 10:07:55 +0100 Subject: global-functions: split $CertificateAvailable to $CertificateDownload This allows to force download even if certificate is available. We need this for a clean update path with Let's Encrypt. --- global-functions | 45 ++++++++++++++++++++++++++++----------------- 1 file changed, 28 insertions(+), 17 deletions(-) diff --git a/global-functions b/global-functions index 10eeac6..0d490df 100644 --- a/global-functions +++ b/global-functions @@ -17,6 +17,7 @@ # global functions :global UrlEncode; :global CharacterReplace; +:global CertificateDownload; :global CertificateAvailable; :global SendEMail; :global SendTelegram; @@ -79,8 +80,8 @@ :return ($Return . $String); } -# check and import required certificates -:set CertificateAvailable do={ +# download and import certificate +:set CertificateDownload do={ :local CommonName [ :tostr $1 ]; :global ScriptUpdatesBaseUrl; @@ -89,22 +90,32 @@ :global UrlEncode; :global WaitForFile; + :log info ("Downloading and importing certificate with " . \ + "CommonName " . $CommonName . "."); + :do { + :local LocalFileName ($CommonName . ".pem"); + :local UrlFileName ([ $UrlEncode $CommonName ] . ".pem"); + / tool fetch check-certificate=yes-without-crl \ + ($ScriptUpdatesBaseUrl . "certs/" . \ + $UrlFileName . $ScriptUpdatesUrlSuffix) \ + dst-path=$LocalFileName; + $WaitForFile $LocalFileName; + / certificate import file-name=$LocalFileName passphrase=""; + / file remove $LocalFileName; + } on-error={ + :log warning "Failed imprting certificate!"; + } +} + +# check and download required certificate +:set CertificateAvailable do={ + :local CommonName [ :tostr $1 ]; + + :global CertificateDownload; + :if ([ / certificate print count-only where common-name=$CommonName ] = 0) do={ - :log info ("Certificate with CommonName " . $CommonName . \ - " not available, downloading and importing."); - :do { - :local LocalFileName ($CommonName . ".pem"); - :local UrlFileName ([ $UrlEncode $CommonName ] . ".pem"); - / tool fetch check-certificate=yes-without-crl \ - ($ScriptUpdatesBaseUrl . "certs/" . \ - $UrlFileName . $ScriptUpdatesUrlSuffix) \ - dst-path=$LocalFileName; - $WaitForFile $LocalFileName; - / certificate import file-name=$LocalFileName passphrase=""; - / file remove $LocalFileName; - } on-error={ - :log warning "Failed imprting certificate!"; - } + :log info ("Certificate with CommonName " . $CommonName . " not available."); + $CertificateDownload $CommonName; } } -- cgit v1.2.3-70-g09d2