Browse Source

merge with branch le

pull/326/head
Philippe Kueck 8 years ago
parent
commit
d0d516c536
No known key found for this signature in database GPG Key ID: E10E57D62DB57A3B
  1. 108
      acme.sh

108
acme.sh

@ -1,6 +1,6 @@
#!/usr/bin/env sh #!/usr/bin/env sh
VER=2.6.0
VER=2.6.1
PROJECT_NAME="acme.sh" PROJECT_NAME="acme.sh"
@ -482,6 +482,45 @@ _createkey() {
fi fi
} }
#domain
_is_idn() {
_is_idn_d="$1"
_debug2 _is_idn_d "$_is_idn_d"
_idn_temp=$(printf "%s" "$_is_idn_d" | tr -d "[0-9a-zA-Z.,-]")
_debug2 _idn_temp "$_idn_temp"
[ "$_idn_temp" ]
}
#aa.com
#aa.com,bb.com,cc.com
_idn() {
__idn_d="$1"
if ! _is_idn "$__idn_d" ; then
printf "%s" "$__idn_d"
return 0
fi
if _exists idn ; then
if _contains "$__idn_d" ',' ; then
_i_first="1"
for f in $(echo "$__idn_d" | tr ',' ' ') ; do
[ -z "$f" ] && continue
if [ -z "$_i_first" ] ; then
printf "%s" ","
else
_i_first=""
fi
idn "$f" | tr -d "\r\n"
done
else
idn "$__idn_d" | tr -d "\r\n"
fi
else
_err "Please install idn to process IDN names."
fi
}
#_createcsr cn san_list keyfile csrfile conf #_createcsr cn san_list keyfile csrfile conf
_createcsr() { _createcsr() {
_debug _createcsr _debug _createcsr
@ -502,6 +541,8 @@ _createcsr() {
#single domain #single domain
_info "Single domain" "$domain" _info "Single domain" "$domain"
else else
domainlist="$(_idn $domainlist)"
_debug2 domainlist "$domainlist"
if _contains "$domainlist" "," ; then if _contains "$domainlist" "," ; then
alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")" alt="DNS:$(echo $domainlist | sed "s/,/,DNS:/g")"
else else
@ -515,7 +556,10 @@ _createcsr() {
_savedomainconf Le_OCSP_Stable "$Le_OCSP_Stable" _savedomainconf Le_OCSP_Stable "$Le_OCSP_Stable"
printf -- "\nbasicConstraints = CA:FALSE\n1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05" >> "$csrconf" printf -- "\nbasicConstraints = CA:FALSE\n1.3.6.1.5.5.7.1.24=DER:30:03:02:01:05" >> "$csrconf"
fi fi
openssl req -new -sha256 -key "$csrkey" -subj "/CN=$domain" -config "$csrconf" -out "$csr"
_csr_cn="$(_idn "$domain")"
_debug2 _csr_cn "$_csr_cn"
openssl req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr"
} }
#_signcsr key csr conf cert #_signcsr key csr conf cert
@ -939,13 +983,13 @@ _post() {
elif _exists "wget" ; then elif _exists "wget" ; then
_debug "WGET" "$WGET" _debug "WGET" "$WGET"
if [ "$needbase64" ] ; then if [ "$needbase64" ] ; then
if [ "$httpmethod"="POST" ] ; then
if [ "$httpmethod" = "POST" ] ; then
response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)"
else else
response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)" response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER" | _base64)"
fi fi
else else
if [ "$httpmethod"="POST" ] ; then
if [ "$httpmethod" = "POST" ] ; then
response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER")" response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$url" 2>"$HTTP_HEADER")"
else else
response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER")" response="$($WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$url" 2>"$HTTP_HEADER")"
@ -1231,14 +1275,29 @@ _startserver() {
_debug "_NC" "$_NC" _debug "_NC" "$_NC"
#for centos ncat
if _contains "$nchelp" "nmap.org" ; then
_debug "Using ncat: nmap.org"
if [ "$DEBUG" ] ; then
if printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort ; then
return
fi
else
if printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort > /dev/null 2>&1; then
return
fi
fi
_err "ncat listen error."
fi
# while true ; do # while true ; do
if [ "$DEBUG" ] ; then if [ "$DEBUG" ] ; then
if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort ; then
printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort ;
if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort ; then
printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort ;
fi fi
else else
if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort > /dev/null 2>&1; then
printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort > /dev/null 2>&1
if ! printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC -p $Le_HTTPPort > /dev/null 2>&1; then
printf "HTTP/1.1 200 OK\r\n\r\n$content" | $_NC $Le_HTTPPort > /dev/null 2>&1
fi fi
fi fi
if [ "$?" != "0" ] ; then if [ "$?" != "0" ] ; then
@ -2180,7 +2239,7 @@ issue() {
_info "Getting new-authz for domain" $d _info "Getting new-authz for domain" $d
if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$d\"}}" ; then
if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$d")\"}}" ; then
_err "Can not get domain token." _err "Can not get domain token."
_clearup _clearup
_on_issue_err _on_issue_err
@ -3070,7 +3129,7 @@ _deactivate() {
do do
_info "Deactivate: $_d_domain" _info "Deactivate: $_d_domain"
_d_i="$(_math $_d_i + 1)" _d_i="$(_math $_d_i + 1)"
if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$_d_domain\"}}" ; then
if ! _send_signed_request "$API/acme/new-authz" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$_d_domain")\"}}" ; then
_err "Can not get domain token." _err "Can not get domain token."
return 1 return 1
fi fi
@ -3315,6 +3374,7 @@ _installalias() {
_profile="$(_detect_profile)" _profile="$(_detect_profile)"
if [ "$_profile" ] ; then if [ "$_profile" ] ; then
_debug "Found profile: $_profile" _debug "Found profile: $_profile"
_info "Installing alias to '$_profile'"
_setopt "$_profile" ". \"$_envfile\"" _setopt "$_profile" ". \"$_envfile\""
_info "OK, Close and reopen your terminal to start using $PROJECT_NAME" _info "OK, Close and reopen your terminal to start using $PROJECT_NAME"
else else
@ -3326,6 +3386,7 @@ _installalias() {
_cshfile="$LE_WORKING_DIR/$PROJECT_ENTRY.csh" _cshfile="$LE_WORKING_DIR/$PROJECT_ENTRY.csh"
_csh_profile="$HOME/.cshrc" _csh_profile="$HOME/.cshrc"
if [ -f "$_csh_profile" ] ; then if [ -f "$_csh_profile" ] ; then
_info "Installing alias to '$_csh_profile'"
_setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\"" _setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\""
_setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\"" _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\""
_setopt "$_csh_profile" "source \"$_cshfile\"" _setopt "$_csh_profile" "source \"$_cshfile\""
@ -3334,6 +3395,7 @@ _installalias() {
#for tcsh #for tcsh
_tcsh_profile="$HOME/.tcshrc" _tcsh_profile="$HOME/.tcshrc"
if [ -f "$_tcsh_profile" ] ; then if [ -f "$_tcsh_profile" ] ; then
_info "Installing alias to '$_tcsh_profile'"
_setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\"" _setopt "$_cshfile" "setenv LE_WORKING_DIR" " " "\"$LE_WORKING_DIR\""
_setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\"" _setopt "$_cshfile" "alias $PROJECT_ENTRY" " " "\"$LE_WORKING_DIR/$PROJECT_ENTRY\""
_setopt "$_tcsh_profile" "source \"$_cshfile\"" _setopt "$_tcsh_profile" "source \"$_cshfile\""
@ -3449,24 +3511,34 @@ _uninstall() {
fi fi
_initpath _initpath
_uninstallalias
rm -f $LE_WORKING_DIR/$PROJECT_ENTRY
_info "The keys and certs are in $LE_WORKING_DIR, you can remove them by yourself."
}
_uninstallalias() {
_initpath
_profile="$(_detect_profile)" _profile="$(_detect_profile)"
if [ "$_profile" ] ; then if [ "$_profile" ] ; then
sed -i "|/$LE_WORKING_DIR/$PROJECT_NAME\.env/d" "$_profile"
_info "Uninstalling alias from: '$_profile'"
sed -i "\|/$LE_WORKING_DIR/$PROJECT_NAME\.env|d" "$_profile"
fi fi
_csh_profile="$HOME/.cshrc" _csh_profile="$HOME/.cshrc"
if [ -f "$_csh_profile" ] ; then if [ -f "$_csh_profile" ] ; then
sed -i "|/$LE_WORKING_DIR/$PROJECT_NAME\.csh/d" "$_csh_profile"
_info "Uninstalling alias from: '$_csh_profile'"
sed -i "\|/$LE_WORKING_DIR/$PROJECT_NAME\.csh|d" "$_csh_profile"
fi fi
_tcsh_profile="$HOME/.tcshrc" _tcsh_profile="$HOME/.tcshrc"
if [ -f "$_tcsh_profile" ] ; then if [ -f "$_tcsh_profile" ] ; then
sed -i "|/$LE_WORKING_DIR/$PROJECT_NAME\.csh/d" "$_tcsh_profile"
_info "Uninstalling alias from: '$_csh_profile'"
sed -i "\|/$LE_WORKING_DIR/$PROJECT_NAME\.csh|d" "$_tcsh_profile"
fi fi
rm -f $LE_WORKING_DIR/$PROJECT_ENTRY
_info "The keys and certs are in $LE_WORKING_DIR, you can remove them by yourself."
} }
cron() { cron() {
@ -3770,6 +3842,10 @@ _process() {
_err "'$_dvalue' is not a valid domain for parameter '$1'" _err "'$_dvalue' is not a valid domain for parameter '$1'"
return 1 return 1
fi fi
if _is_idn "$_dvalue" && ! _exists idn ; then
_err "It seems that $_dvalue is an IDN( Internationalized Domain Names), please install 'idn' command first."
return 1
fi
if [ -z "$_domain" ] ; then if [ -z "$_domain" ] ; then
_domain="$_dvalue" _domain="$_dvalue"

Loading…
Cancel
Save