From: Lukas Schauer <lukas@schauer.so>
Date: Tue, 15 Sep 2020 15:27:24 +0000 (+0200)
Subject: tmpfix: log error if acmev1 validation is denied + fix unbound variable
X-Git-Tag: v0.7.0~26
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b3abc41dbe20f9a54b3154f2b8294b66f4dad857;p=thirdparty%2Fdehydrated.git

tmpfix: log error if acmev1 validation is denied + fix unbound variable
---

diff --git a/dehydrated b/dehydrated
index 14c0b20..dbbebbb 100755
--- a/dehydrated
+++ b/dehydrated
@@ -523,6 +523,7 @@ init_system() {
     CA_NEW_AUTHZ="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value new-authz)" &&
     CA_NEW_REG="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value new-reg)" &&
     CA_TERMS="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value terms-of-service)" &&
+    CA_REQUIRES_EAB="false" &&
     CA_REVOKE_CERT="$(printf "%s" "${CA_DIRECTORY}" | get_json_string_value revoke-cert)" ||
     _exiterr "Problem retrieving ACME/CA-URLs, check if your configured CA points to the directory entrypoint."
     # Since reg URI is missing from directory we will assume it is the same as CA_NEW_REG without the new part
@@ -1001,6 +1002,9 @@ sign_csr() {
     if [[ ${API} -eq 2 ]]; then
       challenge_uris[${idx}]="$(echo "${challenge}" | get_json_string_value url)"
     else
+      if [[ "$(echo "${challenge}" | get_json_string_value type)" = "urn:acme:error:unauthorized" ]]; then
+        _exiterr "Challenge unauthorized: $(echo "${challenge}" | get_json_string_value detail)"
+      fi
       challenge_uris[${idx}]="$(echo "${challenge}" | get_json_dict_value validationRecord | get_json_string_value uri)"
     fi