From: Markus Germeier <markus@germeier.com>
Date: Wed, 16 Dec 2015 18:30:20 +0000 (+0100)
Subject: revoke: follow symlink, exit with error on non-existing certificate file
X-Git-Tag: v0.1.0~98
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c70180364b75fca01a3a299b17c5b6f67dccd26c;p=thirdparty%2Fdehydrated.git

revoke: follow symlink, exit with error on non-existing certificate file
---

diff --git a/letsencrypt.sh b/letsencrypt.sh
index d0aa6a0..3960ef7 100755
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -481,8 +481,21 @@ command_sign_domains() {
 # Description: Revoke specified certificate
 command_revoke() {
   cert="${1}"
+  if [[ -L "${cert}" ]]; then
+    # follow symlink and use real certificate name (so we move the real file and not the symlink at the end)
+    local link_target="$(readlink -n "${cert}")"
+    if [[ "${link_target}" =~ "/" ]]; then
+      cert="${link_target}"
+    else
+      cert="$(dirname "${cert}")/${link_target}"
+    fi
+  fi
+  if [[ ! -f "${cert}" ]]; then
+    echo "ERROR: Could not find certificate ${cert}"
+    exit 1
+  fi
   echo "Revoking ${cert}"
-  if [ -z "${CA_REVOKE_CERT}" ]; then
+  if [[ -z "${CA_REVOKE_CERT}" ]]; then
     echo " + ERROR: Certificate authority doesn't allow certificate revocation." >&2
     exit 1
   fi
diff --git a/test.sh b/test.sh
index 16017cf..c40a75f 100755
--- a/test.sh
+++ b/test.sh
@@ -182,9 +182,10 @@ _CHECK_ERRORLOG
 # Revoke certificate using certificate key
 _TEST "Revoking certificate..."
 ./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog || _FAIL "Script execution failed"
-_CHECK_LOG "Revoking certs/${TMP_URL}/cert.pem"
+REAL_CERT="$(readlink -n "certs/${TMP_URL}/cert.pem")"
+_CHECK_LOG "Revoking certs/${TMP_URL}/${REAL_CERT}"
 _CHECK_LOG "SUCCESS"
-_CHECK_FILE "certs/${TMP_URL}/cert.pem-revoked"
+_CHECK_FILE "certs/${TMP_URL}/${REAL_CERT}-revoked"
 _CHECK_ERRORLOG
 
 # All done