Updated workaround for Let's Encrypt cross-signed intermediate

bad21db0 · Paul Cammish · ebff9fdc · bad21db0 · bad21db0 · bad21db0
Commit bad21db0 authored Dec 13, 2021 by Paul Cammish
--- a/CHANGELOG
+++ b/CHANGELOG
 CHANGELOG
 ---------
-
+2021-12-13
+  sympl-core
+    * Updated workaround for Let's Encrypt cross-signed intermediate
+    
 2021-10-03
  sympl-core
    * Workaround for Let's Encrypt cross-signed intermediate

--- a/core/debian/changelog
+++ b/core/debian/changelog
+sympl-core (9.20211213.0) stable; urgency=medium
+
+  * Updated workaround for Let's Encrypt cross-signed intermediate
+
+ -- Paul Cammish <sympl@kelduum.net>  Mon, 13 Dec 2021 10:23:00 +0000
+
 sympl-core (9.20211003.0) stable; urgency=medium

  * Workaround for Let's Encrypt cross-signed intermediate

--- a/core/sbin/sympl-ssl
+++ b/core/sbin/sympl-ssl
@@ -4,6 +4,8 @@
 # 1. in IPv6 only resolution of the LE API DNS
 # 2. with extra expired LE intermediates which sympl-ssl considers invalid

+exit_code=0
+
 # If theres no IPv4 address assigned...
 if [ $( sympl-ip -a | grep -c '\.' ) == 0 ] || [ $( getent hosts ipv4only.arpa | grep -c ':' ) != 0 ] ; then
  if [[ $@ == *'--verbose'* ]]; then echo 'Applying IPv6 only workaround...'; fi
@@ -13,14 +15,24 @@ if [ $( sympl-ip -a | grep -c '\.' ) == 0 ] || [ $( getent hosts ipv4only.arpa |
  # ... and add it to /etc/hosts
  echo -e "$ipv6\facme-v02.api.letsencrypt.org # sympl-ssl workaround" >> /etc/hosts
  # run sympl-ssl with all the parameters passed
+  # stop exiting on errors, and store the result for the end
+  set +e
  /usr/sbin/sympl-ssl.rb $@
+  exit_code="$?"
+  # re-enable exiting on errors
+  set -e
  # and then remove the line from /etc/hosts
  sed -i -n '/# sympl-ssl workaround/!p' /etc/hosts

  if [[ $@ == *'--verbose'* ]]; then echo 'Removed IPv6 only workaround'; fi
 else
  # Just run it nomally...
+  # stop exiting on errors, and store the result for the end
+  set +e
  /usr/sbin/sympl-ssl.rb $@
+  exit_code="$?"
+  # re-enable exiting on errors
+  set -e
 fi

 find /srv/*/config/ssl/sets/ \( -name 'ssl.bundle' -o -name 'ssl.combined' \) -exec grep -lx '^MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/$' {} \; | while read file ; do
@@ -28,4 +40,6 @@ find /srv/*/config/ssl/sets/ \( -name 'ssl.bundle' -o -name 'ssl.combined' \) -e
    echo -e "$input" \
    | sed 's|\tnLRbwHOoq7hHwg==\t-----END CERTIFICATE-----\t-----BEGIN CERTIFICATE-----\tMIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/\t.*\tDfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5\t-----END CERTIFICATE-----|\tnLRbwHOoq7hHwg==\t-----END CERTIFICATE-----|' \
    | tr '\t' '\n' > "$file"
-done
\ No newline at end of file
+done
+
+exit $exit_code