aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2021-02-24 13:25:38 +0100
committerGuilhem Moulin <guilhem@fripost.org>2021-02-24 13:44:57 +0100
commitd1a862d9cb98a54e12c9fdbc405b896f3f0efcfe (patch)
tree5a292eaec4f5adf73e1f43a12d05840fe67022f9
parent539e3a8b8a2baf6746716125e99231da14a153a9 (diff)
lacme: Ignore empty values in 'chown'/'chmod'/'certificate'/'certificate-chain'.
-rw-r--r--Changelog2
-rwxr-xr-xlacme30
2 files changed, 17 insertions, 15 deletions
diff --git a/Changelog b/Changelog
index ee90be3..1682847 100644
--- a/Changelog
+++ b/Changelog
@@ -11,6 +11,8 @@ lacme (0.8.1) upstream;
error instead of retaining root priviliges.
- tests/cert-install: include tests for failing chown(2) due to unknown
user/group name.
+ - lacme: ignore empty values in settings 'chown', 'chmod', 'certificate'
+ and 'certificate-chain'.
-- Guilhem Moulin <guilhem@fripost.org> Mon, 22 Feb 2021 12:04:28 +0100
diff --git a/lacme b/lacme
index a1e6b10..66dd6f6 100755
--- a/lacme
+++ b/lacme
@@ -766,15 +766,15 @@ elsif ($COMMAND eq 'newOrder' or $COMMAND eq 'new-cert') {
print STDERR " $_ = $conf->{$_}\n" foreach grep { defined $conf->{$_} } (sort keys %$conf);
}
- my $cert = $conf->{'certificate-chain'} // $conf->{'certificate'};
- unless (defined $cert) {
+ my @certs = grep {defined $_ and $_ ne ""} @$conf{qw/certificate-chain certificate/};
+ unless (@certs) {
print STDERR "[$s] Warning: Missing 'certificate' and 'certificate-chain', skipping\n";
$rv = 1;
next;
}
# skip certificates that expire at least $conf->{'min-days'} days in the future
- if (-f $cert and defined (my $t = x509_enddate($cert))) {
+ if (-f $certs[0] and defined (my $t = x509_enddate($certs[0]))) {
my $d = $OPTS{'min-days'} // $conf->{'min-days'} // 21;
if ($d >= 0 and $t - time > $d*86400) {
my $d = POSIX::strftime('%Y-%m-%d %H:%M:%S UTC', gmtime($t));
@@ -838,26 +838,26 @@ elsif ($COMMAND eq 'newOrder' or $COMMAND eq 'new-cert') {
}
# install certificate
- if (defined $conf->{'certificate'}) {
- print STDERR "Installing X.509 certificate $conf->{'certificate'}\n";
- install_cert($conf->{'certificate'}, $x509, 1);
+ if ((my $path = $conf->{'certificate'} // "") ne "") {
+ print STDERR "Installing X.509 certificate $path\n";
+ install_cert($path, $x509, 1);
}
- if (defined $conf->{'certificate-chain'}) {
- print STDERR "Installing X.509 certificate chain $conf->{'certificate-chain'}\n";
- install_cert($conf->{'certificate-chain'}, $x509);
+ if ((my $path = $conf->{'certificate-chain'} // "") ne "") {
+ print STDERR "Installing X.509 certificate chain $path\n";
+ install_cert($path, $x509);
}
- if (defined $conf->{chown}) {
- my ($user, $group) = split /:/, $conf->{chown}, 2;
+ if ((my $own = $conf->{chown} // "") ne "") {
+ my ($user, $group) = split /:/, $own, 2;
my $uid = getpwnam($user) // die "getpwnam($user)", ($! ? ": $!" : "\n");
my $gid = getgrnam($group) // die "getgrnam($group)", ($! ? ": $!" : "\n") if defined $group;
- foreach (grep defined, @$conf{qw/certificate certificate-chain/}) {
+ foreach (@certs) {
chown($uid, $gid // -1, $_) or die "chown: $!";
}
}
- if (defined $conf->{chmod}) {
- my $mode = oct($conf->{chmod}) // die;
- foreach (grep defined, @$conf{qw/certificate certificate-chain/}) {
+ if ((my $mode = $conf->{chmod} // "") ne "") {
+ my $mode = oct($mode) // die;
+ foreach (@certs) {
chmod($mode, $_) or die "chown: $!";
}
}