ocsp fetching should now also work with older openssl versions

diff --git a/dehydrated b/dehydrated
index 7b8bd6d176e1b6a61b1602d9b5defc29776f35b6..9fede9d250920790cfe81775bcf3ec6fbbd0e166 100755 (executable)
--- a/dehydrated
+++ b/dehydrated
@@ -1045,7 +1045,11 @@ command_sign_domains() {
       if [[ "${update_ocsp}" = "yes" ]]; then
         echo " + Updating OCSP stapling file"
         ocsp_timestamp="$(date +%s)"
-        "${OPENSSL}" ocsp -no_nonce -issuer "${chain}" -verify_other "${chain}" -cert "${cert}" -respout "${CERTDIR}/${domain}/ocsp-${ocsp_timestamp}.der" -url "${ocsp_url}" -header "HOST=$(echo "${ocsp_url}" | _sed 's/^http(s?):\/\///')" > /dev/null 2>&1
+        if grep -qE "^(0|(1\.0))\." <<< "$(${OPENSSL} version | awk '{print $2}')"; then
+          "${OPENSSL}" ocsp -no_nonce -issuer "${chain}" -verify_other "${chain}" -cert "${cert}" -respout "${CERTDIR}/${domain}/ocsp-${ocsp_timestamp}.der" -url "${ocsp_url}" -header "HOST" "$(echo "${ocsp_url}" | _sed 's/^http(s?):\/\///')" > /dev/null 2>&1
+        else
+          "${OPENSSL}" ocsp -no_nonce -issuer "${chain}" -verify_other "${chain}" -cert "${cert}" -respout "${CERTDIR}/${domain}/ocsp-${ocsp_timestamp}.der" -url "${ocsp_url}" > /dev/null 2>&1
+        fi
         ln -sf "${CERTDIR}/${domain}/ocsp-${ocsp_timestamp}.der" "${CERTDIR}/${domain}/ocsp.der"
       fi
     fi