Add function cert_staple (unused for now: too noisy and aggressive).

author: Jonas Smedegaard <dr@jones.dk> 2017-02-07 04:50:38 +0100
committer: Jonas Smedegaard <dr@jones.dk> 2017-02-07 04:50:38 +0100
commit: a207a2a41ba72ececc18d7f3f959360257152e24 (patch)
tree: 01298af77076aabcb730dbdf559cd60674273655
parent: 938d946687ac32ca0bd01027553096da5cea5f1e (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/dehydrated/hook.sh b/dehydrated/hook.sh
index 48713c0..aca9abd 100755
--- a/dehydrated/hook.sh
+++ b/dehydrated/hook.sh
@@ -37,14 +37,25 @@ cert_fix() {
 	esac
 }
 
+# TODO: Set file changedate to OCSP expiry expiry, and skip if 48h+ away
+cert_staple() {
+	CERTFILE="$3"; CHAINFILE="$5"
+	> /dev/null which -- ocsptool || return
+	CERTDIR=$(dirname "$CERTFILE")
+	set -x
+	ocsptool --ask --load-issuer "$CHAINFILE" --load-cert "$CERTFILE" --outfile "$CERTDIR"/ocsp.der
+}
+
 case "$ACTION" in
   deploy_challenge) ;;
   clean_challenge) ;;
   deploy_cert)
 	cert_fix "$@"
+	#cert_staple "$@"
 	;;
   unchanged_cert)
 	#cert_fix "$@"
+	#cert_staple "$@"
 	;;
   *)
 	>&2 echo "ERROR: unsupported action \"$ACTION\""
author	Jonas Smedegaard <dr@jones.dk>	2017-02-07 04:50:38 +0100
committer	Jonas Smedegaard <dr@jones.dk>	2017-02-07 04:50:38 +0100
commit	a207a2a41ba72ececc18d7f3f959360257152e24 (patch)
tree	01298af77076aabcb730dbdf559cd60674273655
parent	938d946687ac32ca0bd01027553096da5cea5f1e (diff)