Show error if chain is configured for a CA which doesn't offer alternate chains ...

author Lukas Schauer <lukas@schauer.dev>

Sun, 31 Oct 2021 19:06:09 +0000 (20:06 +0100)

committer Lukas Schauer <lukas@schauer.dev>

Sun, 31 Oct 2021 19:06:50 +0000 (20:06 +0100)
author Lukas Schauer <lukas@schauer.dev>
Sun, 31 Oct 2021 19:06:09 +0000 (20:06 +0100)
committer Lukas Schauer <lukas@schauer.dev>
Sun, 31 Oct 2021 19:06:50 +0000 (20:06 +0100)
diff --git a/dehydrated b/dehydrated

index c5b7e43f2c3c35aeaee6b570bb40fc71401d6150..cfcdae88c064e4c7ada8eee3c2e56633fe7b2921 100755 (executable)
--- a/dehydrated
+++ b/dehydrated
@@ -1198,6 +1198,9 @@ sign_csr() {
      crt="$(signed_request "${certificate}" "" 4>"${resheaders}")"
  
      if [ -n "${PREFERRED_CHAIN:-}" ]; then
+      if ! (grep -Ei '^link:' "${resheaders}" | grep -q -Ei 'rel="alternate"'); then
+        _exiterr "Preferred chain defined but CA doesn't offer chain selection."
+      fi
        foundaltchain=0
        altcn="$(get_last_cn "${crt}")"
        altoptions="${altcn}"
author	Lukas Schauer <lukas@schauer.dev>
	Sun, 31 Oct 2021 19:06:09 +0000 (20:06 +0100)
committer	Lukas Schauer <lukas@schauer.dev>
	Sun, 31 Oct 2021 19:06:50 +0000 (20:06 +0100)