From: Lukas Schauer <lukas@schauer.so>
Date: Wed, 9 Dec 2020 18:38:27 +0000 (+0100)
Subject: changed method for parsing issuer cn, fixing compatibility with some openssl versions
X-Git-Tag: v0.7.0~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fbcaac89f9545c4e32fee8c64870d5ae16393e28;p=thirdparty%2Fdehydrated.git

changed method for parsing issuer cn, fixing compatibility with some openssl versions
---

diff --git a/dehydrated b/dehydrated
index 0a43b26..5b7aa7b 100755
--- a/dehydrated
+++ b/dehydrated
@@ -928,13 +928,9 @@ extract_altnames() {
   fi
 }
 
-# Get last subject CN in certificate chain
+# Get last issuer CN in certificate chain
 get_last_cn() {
-  cn="$("${OPENSSL}" verify -CAfile <(echo "${1}") -show_chain <(echo "${1}") | tail -n 1 | _sed -e 's/.* CN ?= ?([^/,]*).*/\1/')"
-  if [ -z "${cn}" ]; then
-    _exiterr "Error while fetching CN from certificate chain"
-  fi
-  printf "${cn}"
+  <<<"${1}" _sed 'H;/-----BEGIN CERTIFICATE-----/h;$!d;x' | "${OPENSSL}" x509 -noout -issuer | head -n1 | _sed -e 's/.* CN ?= ?([^/,]*).*/\1/'
 }
 
 # Create certificate for domain(s) and outputs it FD 3