diff options
| author |  Christian Hesse <mail@eworm.de> | 2020-01-03 10:07:55 +0100 |
|---|---|---|
| committer | Christian Hesse <mail@eworm.de> | 2020-01-03 10:07:55 +0100 |
| commit | cb1e520965ee1b56ea4ec8084be1f0431c560195 (patch) | |
| tree | 8d9746e18804e39859f4b08ff627c7f96b0e3c62 | |
| parent | afb9839073d22e560f309535cf9ea6b0a00f848c (diff) | |
global-functions: split $CertificateAvailable to $CertificateDownload
This allows to force download even if certificate is available. We need
this for a clean update path with Let's Encrypt.
| -rw-r--r-- | global-functions | 45 |
1 files changed, 28 insertions, 17 deletions
diff --git a/global-functions b/global-functions index 10eeac6..0d490df 100644 --- a/global-functions +++ b/global-functions @@ -17,6 +17,7 @@ # global functions :global UrlEncode; :global CharacterReplace; +:global CertificateDownload; :global CertificateAvailable; :global SendEMail; :global SendTelegram; @@ -79,8 +80,8 @@ :return ($Return . $String); } -# check and import required certificates -:set CertificateAvailable do={ +# download and import certificate +:set CertificateDownload do={ :local CommonName [ :tostr $1 ]; :global ScriptUpdatesBaseUrl; @@ -89,22 +90,32 @@ :global UrlEncode; :global WaitForFile; + :log info ("Downloading and importing certificate with " . \ + "CommonName " . $CommonName . "."); + :do { + :local LocalFileName ($CommonName . ".pem"); + :local UrlFileName ([ $UrlEncode $CommonName ] . ".pem"); + / tool fetch check-certificate=yes-without-crl \ + ($ScriptUpdatesBaseUrl . "certs/" . \ + $UrlFileName . $ScriptUpdatesUrlSuffix) \ + dst-path=$LocalFileName; + $WaitForFile $LocalFileName; + / certificate import file-name=$LocalFileName passphrase=""; + / file remove $LocalFileName; + } on-error={ + :log warning "Failed imprting certificate!"; + } +} + +# check and download required certificate +:set CertificateAvailable do={ + :local CommonName [ :tostr $1 ]; + + :global CertificateDownload; + :if ([ / certificate print count-only where common-name=$CommonName ] = 0) do={ - :log info ("Certificate with CommonName " . $CommonName . \ - " not available, downloading and importing."); - :do { - :local LocalFileName ($CommonName . ".pem"); - :local UrlFileName ([ $UrlEncode $CommonName ] . ".pem"); - / tool fetch check-certificate=yes-without-crl \ - ($ScriptUpdatesBaseUrl . "certs/" . \ - $UrlFileName . $ScriptUpdatesUrlSuffix) \ - dst-path=$LocalFileName; - $WaitForFile $LocalFileName; - / certificate import file-name=$LocalFileName passphrase=""; - / file remove $LocalFileName; - } on-error={ - :log warning "Failed imprting certificate!"; - } + :log info ("Certificate with CommonName " . $CommonName . " not available."); + $CertificateDownload $CommonName; } } |