diff options
Diffstat (limited to 'lacme')
-rwxr-xr-x | lacme | 18 |
1 files changed, 11 insertions, 7 deletions
@@ -784,13 +784,17 @@ elsif ($COMMAND eq 'newOrder' or $COMMAND eq 'new-cert') { next; }; - # verify certificate validity against the CA - $conf->{CAfile} //= '@@datadir@@/lacme/ca-certificates.crt'; - if ($conf->{CAfile} ne '' and spawn({in => $x509}, 'openssl', 'verify', '-CAfile', $conf->{CAfile}, - qw/-purpose sslserver -x509_strict/)) { - print STDERR "[$s] Error: Received invalid X.509 certificate from ACME server!\n"; - $rv = 1; - next; + # verify certificate validity against the CA bundle + if ((my $CAfile = $conf->{CAfile} // '@@datadir@@/lacme/ca-certificates.crt') ne '') { + my %args = (in => $x509); + $args{out} = \*STDERR if $OPTS{debug}; + my @options = ('-trusted', $CAfile, '-purpose', 'sslserver', '-x509_strict'); + push @options, '-show_chain' if $OPTS{debug}; + if (spawn(\%args, 'openssl', 'verify', @options)) { + print STDERR "[$s] Error: Received invalid X.509 certificate from ACME server!\n"; + $rv = 1; + next; + } } # install certificate |