From 829aaeff2d0c167229f445f816c566dcfa03e38c Mon Sep 17 00:00:00 2001
From: Daniel Molkentin <dmolkentin@suse.com>
Date: Tue, 1 Dec 2020 19:51:06 +0100
Subject: [PATCH] Fix OCSP_FETCH with libressl

libressl did not pick up the implicit host header patches
of OpenSSL 1.1 even in version 3 and thus exhibits the same
behavior as OpenSSL 1.0.

Patch by Chen, Chih-Chia <pigfoot@gmail.com>

Fixes #778
---
 dehydrated | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dehydrated b/dehydrated
index de320a3..7705aec 100755
--- a/dehydrated
+++ b/dehydrated
@@ -1711,7 +1711,7 @@ command_sign_domains() {
       if [[ "${update_ocsp}" = "yes" ]]; then
         echo " + Updating OCSP stapling file"
         ocsp_timestamp="$(date +%s)"
-        if grep -qE "^(0|(1\.0))\." <<< "$(${OPENSSL} version | awk '{print $2}')"; then
+        if grep -qE "^(openssl (0|(1\.0))\.)|(libressl (1|2|3)\.)" <<< "$(${OPENSSL} version | awk '{print tolower($0)}')"; then
           ocsp_log="$("${OPENSSL}" ocsp -no_nonce -issuer "${chain}" -verify_other "${chain}" -cert "${cert}" -respout "${certdir}/ocsp-${ocsp_timestamp}.der" -url "${ocsp_url}" -header "HOST" "$(echo "${ocsp_url}" | _sed -e 's/^http(s?):\/\///' -e 's/\/.*$//g')" 2>&1)" || _exiterr "Error while fetching OCSP information: ${ocsp_log}"
         else
           ocsp_log="$("${OPENSSL}" ocsp -no_nonce -issuer "${chain}" -verify_other "${chain}" -cert "${cert}" -respout "${certdir}/ocsp-${ocsp_timestamp}.der" -url "${ocsp_url}" 2>&1)" || _exiterr "Error while fetching OCSP information: ${ocsp_log}"
-- 
2.47.3