diff options
author | Erich Eckner <git@eckner.net> | 2019-12-09 10:17:13 +0100 |
---|---|---|
committer | Erich Eckner <git@eckner.net> | 2019-12-09 10:17:13 +0100 |
commit | b6b7550ccbe694bfd81bfdb216d688c291930351 (patch) | |
tree | f6b9147b30689826c712bc6c294a9cdda476a2ea /sign-request.in | |
parent | 7764d70477823876fdebb9dcd7586d26beeee80c (diff) | |
download | simple-pki-b6b7550ccbe694bfd81bfdb216d688c291930351.tar.xz |
sign-request.in: use the old ca for some time (the new ca may need some time to circulate to clients)
Diffstat (limited to 'sign-request.in')
-rwxr-xr-x | sign-request.in | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sign-request.in b/sign-request.in index 52b481e..0185cf4 100755 --- a/sign-request.in +++ b/sign-request.in @@ -14,6 +14,13 @@ remove_leading_spaces() { ' } +if [ -f '#ETCDIR#/simple-pki/ca/root-ca.old.crt' ] \ +&& [ "$(stat -c%Y '#ETCDIR#/simple-pki/ca/root-ca.old.crt')" -ge "$(($(date +%s)-60*60*24*ca_min_duration))" ]; then + export CA=signing-ca.old +else + export CA=signing-ca +fi + tmp_dir=$(mktemp -d) trap 'rm -rf --one-file-system "${tmp_dir}"' EXIT @@ -95,7 +102,7 @@ while read -r csr; do rm "${csr_local}" continue fi - if ! CA=signing-ca openssl ca -batch -name signing_ca \ + if ! openssl ca -batch -name signing_ca \ -config '#ETCDIR#/simple-pki/ca-ssl.conf' \ -in "${csr_local}" \ -out "${csr_local%.csr}.crt" \ |