summaryrefslogtreecommitdiff
path: root/sign-request.in
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2019-12-09 10:17:13 +0100
committerErich Eckner <git@eckner.net>2019-12-09 10:17:13 +0100
commitb6b7550ccbe694bfd81bfdb216d688c291930351 (patch)
treef6b9147b30689826c712bc6c294a9cdda476a2ea /sign-request.in
parent7764d70477823876fdebb9dcd7586d26beeee80c (diff)
downloadsimple-pki-b6b7550ccbe694bfd81bfdb216d688c291930351.tar.xz
sign-request.in: use the old ca for some time (the new ca may need some time to circulate to clients)
Diffstat (limited to 'sign-request.in')
-rwxr-xr-xsign-request.in9
1 files changed, 8 insertions, 1 deletions
diff --git a/sign-request.in b/sign-request.in
index 52b481e..0185cf4 100755
--- a/sign-request.in
+++ b/sign-request.in
@@ -14,6 +14,13 @@ remove_leading_spaces() {
'
}
+if [ -f '#ETCDIR#/simple-pki/ca/root-ca.old.crt' ] \
+&& [ "$(stat -c%Y '#ETCDIR#/simple-pki/ca/root-ca.old.crt')" -ge "$(($(date +%s)-60*60*24*ca_min_duration))" ]; then
+ export CA=signing-ca.old
+else
+ export CA=signing-ca
+fi
+
tmp_dir=$(mktemp -d)
trap 'rm -rf --one-file-system "${tmp_dir}"' EXIT
@@ -95,7 +102,7 @@ while read -r csr; do
rm "${csr_local}"
continue
fi
- if ! CA=signing-ca openssl ca -batch -name signing_ca \
+ if ! openssl ca -batch -name signing_ca \
-config '#ETCDIR#/simple-pki/ca-ssl.conf' \
-in "${csr_local}" \
-out "${csr_local%.csr}.crt" \