diff options
| -rwxr-xr-x | dehydrated/hook.sh | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/dehydrated/hook.sh b/dehydrated/hook.sh index 48713c0..aca9abd 100755 --- a/dehydrated/hook.sh +++ b/dehydrated/hook.sh @@ -37,14 +37,25 @@ cert_fix() { esac } +# TODO: Set file changedate to OCSP expiry expiry, and skip if 48h+ away +cert_staple() { + CERTFILE="$3"; CHAINFILE="$5" + > /dev/null which -- ocsptool || return + CERTDIR=$(dirname "$CERTFILE") + set -x + ocsptool --ask --load-issuer "$CHAINFILE" --load-cert "$CERTFILE" --outfile "$CERTDIR"/ocsp.der +} + case "$ACTION" in deploy_challenge) ;; clean_challenge) ;; deploy_cert) cert_fix "$@" + #cert_staple "$@" ;; unchanged_cert) #cert_fix "$@" + #cert_staple "$@" ;; *) >&2 echo "ERROR: unsupported action \"$ACTION\"" |