From 91cccc0c234e4decf0a19595fa19a6f306788032 Mon Sep 17 00:00:00 2001
From: 27o <27o@users.noreply.github.com>
Date: Mon, 12 Apr 2021 08:47:22 +0200
Subject: [PATCH] ensure newline before new section in openssl.cnf

openssl.cnf may not end with a newline. The section [SAN] will then not be found as it is added to the last line of openssl.cnf.
---
 dehydrated | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dehydrated b/dehydrated
index dae4049..d61807e 100755
--- a/dehydrated
+++ b/dehydrated
@@ -1291,7 +1291,7 @@ generate_alpn_certificate() {
   echo " + Generating ALPN certificate and key for ${1}..."
   tmp_openssl_cnf="$(_mktemp)"
   cat "${OPENSSL_CNF}" > "${tmp_openssl_cnf}"
-  printf "[SAN]\nsubjectAltName=DNS:%s\n" "${altname}" >> "${tmp_openssl_cnf}"
+  printf "\n[SAN]\nsubjectAltName=DNS:%s\n" "${altname}" >> "${tmp_openssl_cnf}"
   printf "1.3.6.1.5.5.7.1.31=critical,DER:04:20:${acmevalidation}\n" >> "${tmp_openssl_cnf}"
   SUBJ="/CN=${altname}/"
   [[ "${OSTYPE:0:5}" = "MINGW" ]] && SUBJ="/${SUBJ}"
@@ -1365,7 +1365,7 @@ sign_domain() {
     local tmp_openssl_cnf
     tmp_openssl_cnf="$(_mktemp)"
     cat "${OPENSSL_CNF}" > "${tmp_openssl_cnf}"
-    printf "[SAN]\nsubjectAltName=%s" "${SAN}" >> "${tmp_openssl_cnf}"
+    printf "\n[SAN]\nsubjectAltName=%s" "${SAN}" >> "${tmp_openssl_cnf}"
     if [ "${OCSP_MUST_STAPLE}" = "yes" ]; then
       printf "\n1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05" >> "${tmp_openssl_cnf}"
     fi
-- 
2.47.3