From: Lukas Schauer <lukas@schauer.so>
Date: Sun, 8 Apr 2018 20:44:28 +0000 (+0200)
Subject: renamed ocsp hook to deploy_ocsp, exported altnames, added example hook
X-Git-Tag: v0.6.2~7
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=8ba56a8048a15b8f80eb46fd9f95e2e98147f935;p=thirdparty%2Fdehydrated.git

renamed ocsp hook to deploy_ocsp, exported altnames, added example hook
---

diff --git a/dehydrated b/dehydrated
index 01e502e..9647a34 100755
--- a/dehydrated
+++ b/dehydrated
@@ -1316,7 +1316,7 @@ command_sign_domains() {
           ocsp_log="$("${OPENSSL}" ocsp -no_nonce -issuer "${chain}" -verify_other "${chain}" -cert "${cert}" -respout "${certdir}/ocsp-${ocsp_timestamp}.der" -url "${ocsp_url}" 2>&1)" || _exiterr "Error while fetching OCSP information: ${ocsp_log}"
         fi
         ln -sf "ocsp-${ocsp_timestamp}.der" "${certdir}/ocsp.der"
-        [[ -n "${HOOK}" ]] && "${HOOK}" "ocsp_update" "${domain}" "${certdir}/ocsp.der"
+        [[ -n "${HOOK}" ]] && altnames="${domain} ${morenames}" "${HOOK}" "deploy_ocsp" "${domain}" "${certdir}/ocsp.der" "${ocsp_timestamp}"
       else
         echo " + OSCP stapling file is still valid (skipping update)"
       fi
diff --git a/docs/examples/hook.sh b/docs/examples/hook.sh
index 61bcc1b..06bf335 100755
--- a/docs/examples/hook.sh
+++ b/docs/examples/hook.sh
@@ -64,6 +64,28 @@ deploy_cert() {
     # systemctl reload nginx
 }
 
+deploy_ocsp() {
+    local DOMAIN="${1}" OCSPFILE="${2}" TIMESTAMP="${6}"
+
+    # This hook is called once for each updated ocsp stapling file that has
+    # been produced. Here you might, for instance, copy your new ocsp stapling
+    # files to service-specific locations and reload the service.
+    #
+    # Parameters:
+    # - DOMAIN
+    #   The primary domain name, i.e. the certificate common
+    #   name (CN).
+    # - OCSPFILE
+    #   The path of the ocsp stapling file
+    # - TIMESTAMP
+    #   Timestamp when the specified ocsp stapling file was created.
+
+    # Simple example: Copy file to nginx config
+    # cp "${OCSPFILE}" /etc/nginx/ssl/; chown -R nginx: /etc/nginx/ssl
+    # systemctl reload nginx
+}
+
+
 unchanged_cert() {
     local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
 
@@ -161,6 +183,6 @@ exit_hook() {
 }
 
 HANDLER="$1"; shift
-if [[ "${HANDLER}" =~ ^(deploy_challenge|clean_challenge|deploy_cert|unchanged_cert|invalid_challenge|request_failure|generate_csr|startup_hook|exit_hook)$ ]]; then
+if [[ "${HANDLER}" =~ ^(deploy_challenge|clean_challenge|deploy_cert|deploy_ocsp|unchanged_cert|invalid_challenge|request_failure|generate_csr|startup_hook|exit_hook)$ ]]; then
   "$HANDLER" "$@"
 fi