Per-certificate config fixes

author Michel Lespinasse <michel@lespinasse.org>

Tue, 2 Feb 2021 03:42:09 +0000 (19:42 -0800)

committer Lukas Schauer <lukas@schauer.dev>

Thu, 18 Feb 2021 15:51:14 +0000 (16:51 +0100)
author Michel Lespinasse <michel@lespinasse.org>
Tue, 2 Feb 2021 03:42:09 +0000 (19:42 -0800)
committer Lukas Schauer <lukas@schauer.dev>
Thu, 18 Feb 2021 15:51:14 +0000 (16:51 +0100)
diff --git a/dehydrated b/dehydrated

index aadec4e4b3556f6ef644c5b48520aba4533b696d..cf654c814592b424ce975d08721c965a948bd7f4 100755 (executable)
--- a/dehydrated
+++ b/dehydrated
@@ -254,7 +254,10 @@ check_dependencies() {
  store_configvars() {
    __KEY_ALGO="${KEY_ALGO}"
    __OCSP_MUST_STAPLE="${OCSP_MUST_STAPLE}"
+  __OCSP_FETCH="${OCSP_FETCH}"
+  __OCSP_DAYS="${OCSP_DAYS}"
    __PRIVATE_KEY_RENEW="${PRIVATE_KEY_RENEW}"
+  __PRIVATE_KEY_ROLLOVER="${PRIVATE_KEY_ROLLOVER}"
    __KEYSIZE="${KEYSIZE}"
    __CHALLENGETYPE="${CHALLENGETYPE}"
    __HOOK="${HOOK}"
@@ -269,7 +272,10 @@ store_configvars() {
  reset_configvars() {
    KEY_ALGO="${__KEY_ALGO}"
    OCSP_MUST_STAPLE="${__OCSP_MUST_STAPLE}"
+  OCSP_FETCH="${__OCSP_FETCH}"
+  OCSP_DAYS="${__OCSP_DAYS}"
    PRIVATE_KEY_RENEW="${__PRIVATE_KEY_RENEW}"
+  PRIVATE_KEY_ROLLOVER="${__PRIVATE_KEY_ROLLOVER}"
    KEYSIZE="${__KEYSIZE}"
    CHALLENGETYPE="${__CHALLENGETYPE}"
    HOOK="${__HOOK}"
@@ -1622,6 +1628,8 @@ command_sign_domains() {
        ); do
          config_var="$(echo "${cfgline:1}" | cut -d'=' -f1)"
          config_value="$(echo "${cfgline:1}" | cut -d'=' -f2- | tr -d "'")"
+       # All settings that are allowed here should also be stored and
+       # restored in store_configvars() and reset_configvars()
          case "${config_var}" in
            KEY_ALGO|OCSP_MUST_STAPLE|OCSP_FETCH|OCSP_DAYS|PRIVATE_KEY_RENEW|PRIVATE_KEY_ROLLOVER|KEYSIZE|CHALLENGETYPE|HOOK|PREFERRED_CHAIN|WELLKNOWN|HOOK_CHAIN|OPENSSL_CNF|RENEW_DAYS)
              echo "   + ${config_var} = ${config_value}"
diff --git a/docs/per-certificate-config.md b/docs/per-certificate-config.md

index 9c3176a6b092cf3d8d7046446498c01024c533c6..3dd34dc011b718d917463796c825cc83e330a0f2 100644 (file)
--- a/docs/per-certificate-config.md
+++ b/docs/per-certificate-config.md
@@ -11,6 +11,8 @@ Currently supported options:
  - KEY_ALGO
  - KEYSIZE
  - OCSP_MUST_STAPLE
+- OCSP_FETCH
+- OCSP_DAYS
  - CHALLENGETYPE
  - HOOK
  - HOOK_CHAIN
author	Michel Lespinasse <michel@lespinasse.org>
	Tue, 2 Feb 2021 03:42:09 +0000 (19:42 -0800)
committer	Lukas Schauer <lukas@schauer.dev>
	Thu, 18 Feb 2021 15:51:14 +0000 (16:51 +0100)
dehydrated		patch \| blob \| blame \| history
docs/per-certificate-config.md		patch \| blob \| blame \| history