From 7ac25358efa183254d856054a69d88262cb2a033 Mon Sep 17 00:00:00 2001
From: Lukas Schauer <lukas@schauer.dev>
Date: Sun, 31 Oct 2021 20:06:09 +0100
Subject: [PATCH] Show error if chain is configured for a CA which doesn't
 offer alternate chains (fixes #845)

---
 dehydrated | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/dehydrated b/dehydrated
index c5b7e43..cfcdae8 100755
--- a/dehydrated
+++ b/dehydrated
@@ -1198,6 +1198,9 @@ sign_csr() {
     crt="$(signed_request "${certificate}" "" 4>"${resheaders}")"
 
     if [ -n "${PREFERRED_CHAIN:-}" ]; then
+      if ! (grep -Ei '^link:' "${resheaders}" | grep -q -Ei 'rel="alternate"'); then
+        _exiterr "Preferred chain defined but CA doesn't offer chain selection."
+      fi
       foundaltchain=0
       altcn="$(get_last_cn "${crt}")"
       altoptions="${altcn}"
-- 
2.47.3