sign-request.in: check SANs via http if csr was not retrieved via https

author: Erich Eckner <git@eckner.net> 2019-09-03 11:00:14 +0200
committer: Erich Eckner <git@eckner.net> 2019-09-03 11:00:14 +0200
commit: d31cb82fb532098a8a8ea4acfb13a09b55b6c452 (patch)
tree: 518d102fdab3cded8155344e3908705974f086d1
parent: 6ef9ed3ba2e187b0a4efd1fd8f2ee922ab01c777 (diff)
download: simple-pki-d31cb82fb532098a8a8ea4acfb13a09b55b6c452.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/sign-request.in b/sign-request.in
index 3de4e56..52b481e 100755
--- a/sign-request.in
+++ b/sign-request.in
@@ -78,7 +78,7 @@ while read -r csr; do
   ok_sans=$(
     printf '%s\n' "${cn}" "${sans}" \
     | while read -r san; do
-      if ! curl --connect-timeout 10 -Ss --insecure 'https://'"${san}/${csr#*//*/}" \
+      if ! curl --connect-timeout 10 -Ss --insecure "${csr%%://*}"'://'"${san}/${csr#*//*/}" \
         | diff -q - "${csr_local}"; then
         >&2 printf 'invalid san "%s" - skipping\n' "${san}"
         rm "${csr_local}"
author	Erich Eckner <git@eckner.net>	2019-09-03 11:00:14 +0200
committer	Erich Eckner <git@eckner.net>	2019-09-03 11:00:14 +0200
commit	d31cb82fb532098a8a8ea4acfb13a09b55b6c452 (patch)
tree	518d102fdab3cded8155344e3908705974f086d1
parent	6ef9ed3ba2e187b0a4efd1fd8f2ee922ab01c777 (diff)
download	simple-pki-d31cb82fb532098a8a8ea4acfb13a09b55b6c452.tar.xz