From c3f3200ed3ba7552d65446b03dd59234d10ef3b3 Mon Sep 17 00:00:00 2001 From: "Kyle J. McKay" Date: Wed, 3 Mar 2021 17:20:05 -0700 Subject: [PATCH] install.sh: accomodate newer OpenSSL breakage Older versions of OpenSSL (and all versions of LibreSSL) output the result of `openssl x509 -noout -subject` like so: subject= /CN=localhost On the other hand, newer OpenSSL versions have determined to break parsers that expect that output by changing it to look like so: subject=CN = localhost Add suitable munging (very ugly) so that either output will end up providing the string we're looking for (the first version with the leading "subject= " stripped off). With this change, the certificate and certificate chain stops being regenerated on every install even when it's unnecessary. It's harmless to do so (other than a minor waste of CPU time) since the generation is deterministic and always produces the same output when given the same input (which is the case here). There may be some (bizarre) option to make the more recent versions of OpenSSL output in the older format, but then that option would likely not work with the older versions and a different kind of ugliness would ensue attempting to determine whether or not to pass the option to avoid breakage that way. The ugliness being used here does not depend on passing any magic and unreliable options to the `openssl` command to avoid such issues. Signed-off-by: Kyle J. McKay --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index effcc3e..1177059 100755 --- a/install.sh +++ b/install.sh @@ -1104,7 +1104,7 @@ if [ -n "$cfg_httpspushurl" ]; then if [ -e "$cfg_certsdir/girocco_www_crt.pem" ]; then wwwcertcn="$( "$openssl" x509 -in "$cfg_certsdir/girocco_www_crt.pem" -noout -subject | - sed -e 's,[^/]*,,' + tr '\t' ' ' | sed -e 's/^ *subject=//;s/^ *//;s/ *$//;s,^/,,;s,^,/,;s/ *= */=/g;' )" fi wwwcertdns= -- 2.11.4.GIT