]> git.ipfire.org Git - thirdparty/dehydrated.git/commitdiff
changed method for parsing issuer cn, fixing compatibility with some openssl versions
authorLukas Schauer <lukas@schauer.so>
Wed, 9 Dec 2020 18:38:27 +0000 (19:38 +0100)
committerLukas Schauer <lukas@schauer.so>
Wed, 9 Dec 2020 18:38:27 +0000 (19:38 +0100)
dehydrated

index 0a43b26089556c14c6f81755439140e5e2eb6a1d..5b7aa7b1a6919ad9edb828e30478c9098e6a45e4 100755 (executable)
@@ -928,13 +928,9 @@ extract_altnames() {
   fi
 }
 
-# Get last subject CN in certificate chain
+# Get last issuer CN in certificate chain
 get_last_cn() {
-  cn="$("${OPENSSL}" verify -CAfile <(echo "${1}") -show_chain <(echo "${1}") | tail -n 1 | _sed -e 's/.* CN ?= ?([^/,]*).*/\1/')"
-  if [ -z "${cn}" ]; then
-    _exiterr "Error while fetching CN from certificate chain"
-  fi
-  printf "${cn}"
+  <<<"${1}" _sed 'H;/-----BEGIN CERTIFICATE-----/h;$!d;x' | "${OPENSSL}" x509 -noout -issuer | head -n1 | _sed -e 's/.* CN ?= ?([^/,]*).*/\1/'
 }
 
 # Create certificate for domain(s) and outputs it FD 3