From 636fa1a559ab2b51f1f10e160945d18c83a00762 Mon Sep 17 00:00:00 2001 From: Aaron Roydhouse Date: Thu, 22 Dec 2016 03:58:48 -0500 Subject: [PATCH] Test for case when challenge_altnames is empty (#321) When all names in a cert have already been validated, the challenge_altnames array will be empty, causes an error in later code. This patch adds a test to handle that case. --- dehydrated | 68 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 35 insertions(+), 33 deletions(-) diff --git a/dehydrated b/dehydrated index 5fb9df5..e0949eb 100755 --- a/dehydrated +++ b/dehydrated @@ -520,41 +520,43 @@ sign_csr() { # Respond to challenges reqstatus="valid" idx=0 - for altname in "${challenge_altnames[@]:0}"; do - challenge_token="${challenge_tokens[${idx}]}" - keyauth="${keyauths[${idx}]}" - - # Wait for hook script to deploy the challenge if used - # shellcheck disable=SC2086 - [[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" != "yes" ]] && "${HOOK}" "deploy_challenge" ${deploy_args[${idx}]} - - # Ask the acme-server to verify our challenge and wait until it is no longer pending - echo " + Responding to challenge for ${altname}..." - result="$(signed_request "${challenge_uris[${idx}]}" '{"resource": "challenge", "keyAuthorization": "'"${keyauth}"'"}' | clean_json)" - - reqstatus="$(printf '%s\n' "${result}" | get_json_string_value status)" - - while [[ "${reqstatus}" = "pending" ]]; do - sleep 1 - result="$(http_request get "${challenge_uris[${idx}]}")" + if [ ${#challenge_altnames[@]} -ne 0 ]; then + for altname in "${challenge_altnames[@]:0}"; do + challenge_token="${challenge_tokens[${idx}]}" + keyauth="${keyauths[${idx}]}" + + # Wait for hook script to deploy the challenge if used + # shellcheck disable=SC2086 + [[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" != "yes" ]] && "${HOOK}" "deploy_challenge" ${deploy_args[${idx}]} + + # Ask the acme-server to verify our challenge and wait until it is no longer pending + echo " + Responding to challenge for ${altname}..." + result="$(signed_request "${challenge_uris[${idx}]}" '{"resource": "challenge", "keyAuthorization": "'"${keyauth}"'"}' | clean_json)" + reqstatus="$(printf '%s\n' "${result}" | get_json_string_value status)" + + while [[ "${reqstatus}" = "pending" ]]; do + sleep 1 + result="$(http_request get "${challenge_uris[${idx}]}")" + reqstatus="$(printf '%s\n' "${result}" | get_json_string_value status)" + done + + [[ "${CHALLENGETYPE}" = "http-01" ]] && rm -f "${WELLKNOWN}/${challenge_token}" + + # Wait for hook script to clean the challenge if used + if [[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" != "yes" ]] && [[ -n "${challenge_token}" ]]; then + # shellcheck disable=SC2086 + "${HOOK}" "clean_challenge" ${deploy_args[${idx}]} + fi + idx=$((idx+1)) + + if [[ "${reqstatus}" = "valid" ]]; then + echo " + Challenge is valid!" + else + [[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" != "yes" ]] && "${HOOK}" "invalid_challenge" "${altname}" "${result}" + fi done - - [[ "${CHALLENGETYPE}" = "http-01" ]] && rm -f "${WELLKNOWN}/${challenge_token}" - - # Wait for hook script to clean the challenge if used - if [[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" != "yes" ]] && [[ -n "${challenge_token}" ]]; then - # shellcheck disable=SC2086 - "${HOOK}" "clean_challenge" ${deploy_args[${idx}]} - fi - idx=$((idx+1)) - - if [[ "${reqstatus}" = "valid" ]]; then - echo " + Challenge is valid!" - else - [[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" != "yes" ]] && "${HOOK}" "invalid_challenge" "${altname}" "${result}" - fi - done + fi # Wait for hook script to clean the challenges if used # shellcheck disable=SC2068 -- 2.47.2