ervin/acme.sh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow ip domains to create csr

Browse Source
This commit is contained in:
zhanhb 2019-08-13 04:03:16 +08:00 committed by GitHub
parent 5bdfdfefbe
commit 62e9d341b8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 28 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
acme.sh
View File

@ -1093,6 +1093,27 @@ _idn() {
fi fi
} }
_dns2ip() {
ripv4='\([0-9]\{1,3\}\.\)\{1,3\}[0-9]\{1,3\}'
# some domain has ip prefix such as 127.0.0.1.16clouds.com
ip_detect="s/DNS:\\($ripv4,\\)/IP:\\1/g;s/DNS:\\($ripv4\\)\$/IP:\\1/g"
IPV6SEG='[0-9a-fA-F]\{1,4\}'
r0="\\($IPV6SEG:\\)\\{7,7\\}$IPV6SEG"
r1="\\($IPV6SEG:\\)\\{1,7\\}:"
r2="\\($IPV6SEG:\\)\\{1,6\\}:$IPV6SEG"
r3="\\($IPV6SEG:\\)\\{1,5\\}\\(:$IPV6SEG\\)\\{1,2\\}"
r4="\\($IPV6SEG:\\)\\{1,4\\}\\(:$IPV6SEG\\)\\{1,3\\}"
r5="\\($IPV6SEG:\\)\\{1,3\\}\\(:$IPV6SEG\\)\\{1,4\\}"
r6="\\($IPV6SEG:\\)\\{1,2\\}\\(:$IPV6SEG\\)\\{1,5\\}"
r7="$IPV6SEG:\\(:$IPV6SEG\\)\\{1,6\\}"
r8=":\\(:$IPV6SEG\\)\\{1,7\\}"
r9="::"
ip_detect="$ip_detect;s/DNS:\\($r0,\\)/IP:\\1/g;s/DNS:\\($r1,\\)/IP:\\1/g;s/DNS:\\($r2,\\)/IP:\\1/g;s/DNS:\\($r3,\\)/IP:\\1/g;s/DNS:\\($r4,\\)/IP:\\1/g;s/DNS:\\($r5,\\)/IP:\\1/g;s/DNS:\\($r6,\\)/IP:\\1/g;s/DNS:\\($r7,\\)/IP:\\1/g;s/DNS:\\($r8,\\)/IP:\\1/g;s/DNS:\\($r9,\\)/IP:\\1/g"
ip_detect="$ip_detect;s/DNS:\\($r0\\)\$/IP:\\1/g;s/DNS:\\($r1\\)\$/IP:\\1/g;s/DNS:\\($r2\\)\$/IP:\\1/g;s/DNS:\\($r3\\)\$/IP:\\1/g;s/DNS:\\($r4\\)\$/IP:\\1/g;s/DNS:\\($r5\\)\$/IP:\\1/g;s/DNS:\\($r6\\)\$/IP:\\1/g;s/DNS:\\($r7\\)\$/IP:\\1/g;s/DNS:\\($r8\\)\$/IP:\\1/g;s/DNS:\\($r9\\)\$/IP:\\1/g"
sed "$ip_detect"
}
#_createcsr cn san_list keyfile csrfile conf acmeValidationv1 #_createcsr cn san_list keyfile csrfile conf acmeValidationv1
_createcsr() { _createcsr() {
_debug _createcsr _debug _createcsr
@ -1112,11 +1133,11 @@ _createcsr() {
if [ "$acmeValidationv1" ]; then if [ "$acmeValidationv1" ]; then
domainlist="$(_idn "$domainlist")" domainlist="$(_idn "$domainlist")"
printf -- "\nsubjectAltName=DNS:$domainlist" >>"$csrconf" printf -- "\nsubjectAltName=DNS:$domainlist" | _dns2ip >>"$csrconf"
elif [ -z "$domainlist" ] || [ "$domainlist" = "$NO_VALUE" ]; then elif [ -z "$domainlist" ] || [ "$domainlist" = "$NO_VALUE" ]; then
#single domain #single domain
_info "Single domain" "$domain" _info "Single domain" "$domain"
printf -- "\nsubjectAltName=DNS:$(_idn "$domain")" >>"$csrconf" printf -- "\nsubjectAltName=DNS:$(_idn "$domain")" | _dns2ip >>"$csrconf"
else else
domainlist="$(_idn "$domainlist")" domainlist="$(_idn "$domainlist")"
_debug2 domainlist "$domainlist" _debug2 domainlist "$domainlist"
@ -1125,6 +1146,7 @@ _createcsr() {
else else
alt="DNS:$(_idn "$domain"),DNS:$domainlist" alt="DNS:$(_idn "$domain"),DNS:$domainlist"
fi fi
alt="$(echo "$alt" | _dns2ip)"
#multi #multi
_info "Multi domain" "$alt" _info "Multi domain" "$alt"
printf -- "\nsubjectAltName=$alt" >>"$csrconf" printf -- "\nsubjectAltName=$alt" >>"$csrconf"
@ -1185,6 +1207,9 @@ _readSubjectAltNamesFromCSR() {
_debug _csrsubj "$_csrsubj" _debug _csrsubj "$_csrsubj"
_dnsAltnames="$(${ACME_OPENSSL_BIN:-openssl} req -noout -text -in "$_csrfile" | grep "^ *DNS:.*" | tr -d ' \n')" _dnsAltnames="$(${ACME_OPENSSL_BIN:-openssl} req -noout -text -in "$_csrfile" | grep "^ *DNS:.*" | tr -d ' \n')"
if [ -z "$_dnsAltnames" ]; then
_dnsAltnames="$(${ACME_OPENSSL_BIN:-openssl} req -noout -text -in "$_csrfile" | grep "^ *IP Address:.*" | tr -d ' \n')"
fi
_debug _dnsAltnames "$_dnsAltnames" _debug _dnsAltnames "$_dnsAltnames"
if _contains "$_dnsAltnames," "DNS:$_csrsubj,"; then if _contains "$_dnsAltnames," "DNS:$_csrsubj,"; then
@ -1199,7 +1224,7 @@ _readSubjectAltNamesFromCSR() {
_debug "AltNames doesn't contain subject" _debug "AltNames doesn't contain subject"
fi fi
echo "$_dnsAltnames" | sed "s/DNS://g" echo "$_dnsAltnames" | sed "s/DNS://g;s/IP \{0,\}Address://g"
} }
#_csrfile #_csrfile