From 2aa75f034ff1730bc576737b28b8002c7100129b Mon Sep 17 00:00:00 2001 From: jtbr Date: Sun, 19 Mar 2017 16:10:09 +0100 Subject: [PATCH 1/2] Adds support for --ca-path option for using non-default curl/wget CA certs --- acme.sh | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/acme.sh b/acme.sh index 671b0d3..68a3799 100755 --- a/acme.sh +++ b/acme.sh @@ -1479,7 +1479,9 @@ _inithttp() { _ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP " fi - if [ "$CA_BUNDLE" ]; then + if [ "$CA_PATH" ]; then + _ACME_CURL="$_ACME_CURL --capath $CA_PATH " + elif [ "$CA_BUNDLE" ]; then _ACME_CURL="$_ACME_CURL --cacert $CA_BUNDLE " fi @@ -1490,8 +1492,10 @@ _inithttp() { if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _ACME_WGET="$_ACME_WGET -d " fi - if [ "$CA_BUNDLE" ]; then - _ACME_WGET="$_ACME_WGET --ca-certificate $CA_BUNDLE " + if [ "$CA_PATH" ]; then + _ACME_WGET="$_ACME_WGET --ca-directory=$CA_PATH " + elif [ "$CA_BUNDLE" ]; then + _ACME_WGET="$_ACME_WGET --ca-certificate=$CA_BUNDLE " fi fi @@ -3702,6 +3706,12 @@ issue() { else _clearaccountconf "CA_BUNDLE" fi + + if [ "$CA_PATH" ]; then + _saveaccountconf CA_PATH "$CA_PATH" + else + _clearaccountconf "CA_PATH" + fi if [ "$HTTPS_INSECURE" ]; then _saveaccountconf HTTPS_INSECURE "$HTTPS_INSECURE" @@ -4918,6 +4928,7 @@ _process() { _stopRenewOnError="" #_insecure="" _ca_bundle="" + _ca_path="" _nocron="" _ecc="" _csr="" @@ -5232,6 +5243,11 @@ _process() { CA_BUNDLE="$_ca_bundle" shift ;; + --ca-path) + _ca_path="$2" + CA_PATH="$_ca_path" + shift + ;; --nocron) _nocron="1" ;; From 4bdab73dd51f9bad4c823ab199b5c85ff0808fe4 Mon Sep 17 00:00:00 2001 From: jtbr Date: Mon, 20 Mar 2017 18:53:08 +0100 Subject: [PATCH 2/2] formatting --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 68a3799..67b52cf 100755 --- a/acme.sh +++ b/acme.sh @@ -3706,7 +3706,7 @@ issue() { else _clearaccountconf "CA_BUNDLE" fi - + if [ "$CA_PATH" ]; then _saveaccountconf CA_PATH "$CA_PATH" else