From 594aef2aab8cc14a2d87b9ce23f00429559588d6 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Mon, 1 Apr 2019 22:45:38 +0200
Subject: check-certificates: support multiple passphrases

---
 check-certificates    | 4 +++-
 global-config         | 7 +++++--
 global-config.changes | 1 +
 global-functions      | 2 +-
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/check-certificates b/check-certificates
index d463ed3..4c10a52 100644
--- a/check-certificates
+++ b/check-certificates
@@ -34,7 +34,9 @@
     }
 
     / tool fetch mode=https check-certificate=yes-without-crl url=($CertRenewUrl . $CommonName . ".pem");
-    / certificate import file-name=($CommonName . ".pem") passphrase=$CertRenewPass;
+    :foreach PassPhrase in=$CertRenewPass do={
+      / certificate import file-name=($CommonName . ".pem") passphrase=$PassPhrase;
+    }
     / file remove [ find where name=($CommonName . ".pem") ];
 
     :local CertNew [ / certificate find where common-name=$CommonName fingerprint!=$FingerPrint expires-after>3w ];
diff --git a/global-config b/global-config
index 2a75b66..b57c212 100644
--- a/global-config
+++ b/global-config
@@ -6,7 +6,7 @@
 
 # Make sure all configuration properties are up to date and this
 # value is in sync with value in script 'global-functions'!
-:global GlobalConfigVersion 2;
+:global GlobalConfigVersion 3;
 
 # This is used for DNS and backup file.
 :global Domain "example.com";
@@ -97,4 +97,7 @@
 # Use this for certificate auto-renew
 :global CertRenewUrl "";
 #:global CertRenewUrl "https://example.com/certificates/";
-:global CertRenewPass "v3ry-s3cr3t";
+:global CertRenewPass {
+  "v3ry-s3cr3t";
+  "4n0th3r-s3cr3t";
+}
diff --git a/global-config.changes b/global-config.changes
index 7c430dc..86a130f 100644
--- a/global-config.changes
+++ b/global-config.changes
@@ -5,4 +5,5 @@
 :global GlobalConfigChanges {
   1="moved variables from global-config to global-functions for independence";
   2="variable names became CamelCase to work around scripting issues";
+  3="variable for certificate renew passphrase became an array to support multiple passphrases";
 };
diff --git a/global-functions b/global-functions
index 1145200..69f2c36 100644
--- a/global-functions
+++ b/global-functions
@@ -5,7 +5,7 @@
 # global functions
 
 # expected configuration version
-:global ExpectedConfigVersion 2;
+:global ExpectedConfigVersion 3;
 
 # global variables not to be changed by user
 :global SentRouterosUpdateNotification "-";
-- 
cgit v1.2.3-54-g00ecf