sign-request: force connection to ip of ssh client

author: Erich Eckner <git@eckner.net> 2020-03-12 13:35:30 +0100
committer: Erich Eckner <git@eckner.net> 2020-03-12 13:35:30 +0100
commit: 02fb80a2c0f6b924c2781d352ab3a943eecdc8a8 (patch)
tree: 36094bcd70f9ed3e6813d2f916eea34479ea866b
parent: caa13059da3a3bfaa2968c5991afeee43a4876d9 (diff)
download: simple-pki-02fb80a2c0f6b924c2781d352ab3a943eecdc8a8.tar.xz
1 files changed, 7 insertions, 1 deletions
diff --git a/sign-request.in b/sign-request.in
index 191bbea..56f041e 100755
--- a/sign-request.in
+++ b/sign-request.in
@@ -28,7 +28,13 @@ trap 'rm -rf --one-file-system "${tmp_dir}"' EXIT
 
 while read -r csr; do
   csr_local="${tmp_dir}/${csr##*/}"
-  curl --connect-timeout 10 -Ss --insecure "${csr}" -o "${csr_local}"
+  host="${csr#*://}"
+  host="${host%%/*}"
+  curl -Ss \
+    --resolve "${host}:443:${SSH_CLIENT%% *}" \
+    --resolve "${host}:80:${SSH_CLIENT%% *}" \
+    --connect-timeout 10 \
+    --insecure "${csr}" -o "${csr_local}"
   if ! content=$(
     openssl req -text -noout -verify -in "${csr_local}" 2>/dev/null
   ); then
author	Erich Eckner <git@eckner.net>	2020-03-12 13:35:30 +0100
committer	Erich Eckner <git@eckner.net>	2020-03-12 13:35:30 +0100
commit	02fb80a2c0f6b924c2781d352ab3a943eecdc8a8 (patch)
tree	36094bcd70f9ed3e6813d2f916eea34479ea866b
parent	caa13059da3a3bfaa2968c5991afeee43a4876d9 (diff)
download	simple-pki-02fb80a2c0f6b924c2781d352ab3a943eecdc8a8.tar.xz