From a207a2a41ba72ececc18d7f3f959360257152e24 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Tue, 7 Feb 2017 04:50:38 +0100
Subject: Add function cert_staple (unused for now: too noisy and aggressive).

---
 dehydrated/hook.sh | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'dehydrated')

diff --git a/dehydrated/hook.sh b/dehydrated/hook.sh
index 48713c0..aca9abd 100755
--- a/dehydrated/hook.sh
+++ b/dehydrated/hook.sh
@@ -37,14 +37,25 @@ cert_fix() {
 	esac
 }
 
+# TODO: Set file changedate to OCSP expiry expiry, and skip if 48h+ away
+cert_staple() {
+	CERTFILE="$3"; CHAINFILE="$5"
+	> /dev/null which -- ocsptool || return
+	CERTDIR=$(dirname "$CERTFILE")
+	set -x
+	ocsptool --ask --load-issuer "$CHAINFILE" --load-cert "$CERTFILE" --outfile "$CERTDIR"/ocsp.der
+}
+
 case "$ACTION" in
   deploy_challenge) ;;
   clean_challenge) ;;
   deploy_cert)
 	cert_fix "$@"
+	#cert_staple "$@"
 	;;
   unchanged_cert)
 	#cert_fix "$@"
+	#cert_staple "$@"
 	;;
   *)
 	>&2 echo "ERROR: unsupported action \"$ACTION\""
-- 
cgit v1.2.3