diff options
| author |   florian <florian@openbsd.org> | 2017-01-21 08:54:26 +0000 |
|---|---|---|
| committer | florian <florian@openbsd.org> | 2017-01-21 08:54:26 +0000 |
| commit | 62492c74b37699a86b6a85e958c42ad554f30687 (patch) | |
| tree | b58e0f83a02713504d03a3c2849ec32e9fda2d8d /usr.sbin/acme-client/main.c | |
| parent | Add Allwinner A64 devices to OpenBSD/arm64. This means we can run (diff) | |
| download | wireguard-openbsd-62492c74b37699a86b6a85e958c42ad554f30687.tar.xz wireguard-openbsd-62492c74b37699a86b6a85e958c42ad554f30687.zip | |
Split certificate file from config file into certdir and certfile.
This way we can still chroot to certdir but the the certificate file
is not fixed to "cert.pem".
Writing of chain.pem and fullchain.pem is currently broken with this.
OK benno
Diffstat (limited to 'usr.sbin/acme-client/main.c')
| -rw-r--r-- | usr.sbin/acme-client/main.c | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/usr.sbin/acme-client/main.c b/usr.sbin/acme-client/main.c index b831f7085d1..b67aea8cf0a 100644 --- a/usr.sbin/acme-client/main.c +++ b/usr.sbin/acme-client/main.c @@ -1,4 +1,4 @@ -/* $Id: main.c,v 1.23 2017/01/21 08:52:30 florian Exp $ */ +/* $Id: main.c,v 1.24 2017/01/21 08:54:26 florian Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -19,6 +19,7 @@ #include <ctype.h> #include <err.h> +#include <libgen.h> #include <stdarg.h> #include <stdio.h> #include <stdlib.h> @@ -35,8 +36,8 @@ int main(int argc, char *argv[]) { const char **alts = NULL; - char *certdir = NULL, *acctkey = NULL, *chngdir = NULL; - char *auth = NULL, *agreement = NULL; + char *certdir = NULL, *certfile = NULL, *acctkey = NULL; + char *chngdir = NULL, *auth = NULL, *agreement = NULL; char *conffile = CONF_FILE; int key_fds[2], acct_fds[2], chng_fds[2], cert_fds[2]; int file_fds[2], dns_fds[2], rvk_fds[2]; @@ -105,7 +106,17 @@ main(int argc, char *argv[]) * specified them on the command-line. */ - certdir = domain->cert; + if ((certdir = dirname(domain->cert)) != NULL) { + if ((certdir = strdup(certdir)) == NULL) + err(EXIT_FAILURE, "strdup"); + } else + err(EXIT_FAILURE, "dirname"); + + if ((certfile = basename(domain->cert)) != NULL) { + if ((certfile = strdup(certfile)) == NULL) + err(EXIT_FAILURE, "strdup"); + } else + err(EXIT_FAILURE, "basename"); if ((auth = domain->auth) == NULL) { /* use the first authority from the config as default XXX */ @@ -325,7 +336,7 @@ main(int argc, char *argv[]) free(alts); close(dns_fds[0]); close(rvk_fds[0]); - c = fileproc(file_fds[1], certdir); + c = fileproc(file_fds[1], certdir, certfile, NULL, NULL); /* * This is different from the other processes in that it * can return 2 if the certificates were updated. @@ -357,7 +368,7 @@ main(int argc, char *argv[]) if (0 == pids[COMP_REVOKE]) { proccomp = COMP_REVOKE; - c = revokeproc(rvk_fds[0], certdir, force, revocate, + c = revokeproc(rvk_fds[0], certdir, certfile, force, revocate, (const char *const *)alts, altsz); free(alts); exit(c ? EXIT_SUCCESS : EXIT_FAILURE); |