diff options
| author | Florian Obser <florian@cvs.openbsd.org> | 2017-01-21 12:54:11 +0000 |
|---|---|---|
| committer | Florian Obser <florian@cvs.openbsd.org> | 2017-01-21 12:54:11 +0000 |
| commit | ffa01e4a6e1750f723a7a81c1b58787f5520355e (patch) | |
| tree | 8c0f6551904a693f26ec552f44cdaef872c92664 | |
| parent | 18006fa55bc7ead217b9587dd3c30acef7575b8f (diff) | |
it is ok to only specify a full chain certificate
OK benno
| -rw-r--r-- | usr.sbin/acme-client/fileproc.c | 20 | ||||
| -rw-r--r-- | usr.sbin/acme-client/main.c | 41 |
2 files changed, 37 insertions, 24 deletions
diff --git a/usr.sbin/acme-client/fileproc.c b/usr.sbin/acme-client/fileproc.c index 918ca4a6f8d..50de206f0b4 100644 --- a/usr.sbin/acme-client/fileproc.c +++ b/usr.sbin/acme-client/fileproc.c @@ -1,4 +1,4 @@ -/* $Id: fileproc.c,v 1.9 2017/01/21 08:54:26 florian Exp $ */ +/* $Id: fileproc.c,v 1.10 2017/01/21 12:54:10 florian Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -151,10 +151,11 @@ fileproc(int certsock, const char *certdir, const char *certfile, const char * Once downloaded, dump it into CHAIN_BAK. */ - if (asprintf(&certfile_bak, "%s~", certfile) == -1) { - warn("asprintf"); - goto out; - } + if (certfile) + if (asprintf(&certfile_bak, "%s~", certfile) == -1) { + warn("asprintf"); + goto out; + } if (chainfile) if (asprintf(&chainfile_bak, "%s~", chainfile) == -1) { @@ -187,10 +188,13 @@ fileproc(int certsock, const char *certdir, const char *certfile, const char if (NULL == (csr = readbuf(certsock, COMM_CSR, &csz))) goto out; - if (!serialise(certfile_bak, certfile, csr, csz, NULL, 0)) - goto out; - dodbg("%s/%s: created", certdir, certfile); + if (certfile) { + if (!serialise(certfile_bak, certfile, csr, csz, NULL, 0)) + goto out; + + dodbg("%s/%s: created", certdir, certfile); + } /* * Finally, create the full-chain file. diff --git a/usr.sbin/acme-client/main.c b/usr.sbin/acme-client/main.c index 35c47d4a487..8350d80a6d7 100644 --- a/usr.sbin/acme-client/main.c +++ b/usr.sbin/acme-client/main.c @@ -1,4 +1,4 @@ -/* $Id: main.c,v 1.26 2017/01/21 09:00:29 benno Exp $ */ +/* $Id: main.c,v 1.27 2017/01/21 12:54:10 florian Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -103,22 +103,29 @@ main(int argc, char *argv[]) if (getuid() != 0) errx(EXIT_FAILURE, "must be run as root"); - /* - * Now we allocate our directories and file paths IFF we haven't - * specified them on the command-line. - */ + if (domain->cert != NULL) { + if ((certdir = dirname(domain->cert)) != NULL) { + if ((certdir = strdup(certdir)) == NULL) + err(EXIT_FAILURE, "strdup"); + } else + err(EXIT_FAILURE, "dirname"); + } else { + /* the parser enforces that at least cert or fullchain is set */ + if ((certdir = dirname(domain->fullchain)) != NULL) { + if ((certdir = strdup(certdir)) == NULL) + err(EXIT_FAILURE, "strdup"); + } else + err(EXIT_FAILURE, "dirname"); - if ((certdir = dirname(domain->cert)) != NULL) { - if ((certdir = strdup(certdir)) == NULL) - err(EXIT_FAILURE, "strdup"); - } else - err(EXIT_FAILURE, "dirname"); + } - if ((certfile = basename(domain->cert)) != NULL) { - if ((certfile = strdup(certfile)) == NULL) - err(EXIT_FAILURE, "strdup"); - } else - err(EXIT_FAILURE, "basename"); + if (domain->cert != NULL) { + if ((certfile = basename(domain->cert)) != NULL) { + if ((certfile = strdup(certfile)) == NULL) + err(EXIT_FAILURE, "strdup"); + } else + err(EXIT_FAILURE, "basename"); + } if(domain->chain != NULL) { if ((chainfile = strstr(domain->chain, certdir)) != NULL) @@ -391,7 +398,9 @@ main(int argc, char *argv[]) if (0 == pids[COMP_REVOKE]) { proccomp = COMP_REVOKE; - c = revokeproc(rvk_fds[0], certdir, certfile, force, revocate, + c = revokeproc(rvk_fds[0], certdir, + certfile != NULL ? certfile : fullchainfile, + force, revocate, (const char *const *)alts, altsz); free(alts); exit(c ? EXIT_SUCCESS : EXIT_FAILURE); |