summaryrefslogtreecommitdiff
path: root/sign-request.in
diff options
context:
space:
mode:
Diffstat (limited to 'sign-request.in')
-rwxr-xr-xsign-request.in26
1 files changed, 22 insertions, 4 deletions
diff --git a/sign-request.in b/sign-request.in
index 331815f..191bbea 100755
--- a/sign-request.in
+++ b/sign-request.in
@@ -87,13 +87,31 @@ while read -r csr; do
ok_sans=$(
printf '%s\n' "${cn}" "${sans}" \
| while read -r san; do
- if ! curl --connect-timeout 10 -Ss --insecure "${csr%%://*}"'://'"${san}/${csr#*//*/}" \
- | diff -q - "${csr_local}"; then
+ resolved=false
+ for address in $(
+ dig +short "${san}" A \
+ | grep -x '\([0-9]\+\.\)\{3\}[0-9]\+'
+ dig +short "${san}" AAAA \
+ | grep -x '[0-9a-f:]\+' \
+ | sed 's/^.*$/[\0]/'
+ ); do
+ if curl -Ss \
+ --resolve "${san}:80:${address}" \
+ --resolve "${san}:443:${address}" \
+ --connect-timeout 10 \
+ --insecure \
+ "${csr%%://*}"'://'"${san}/${csr#*//*/}" \
+ | diff -q - "${csr_local}"; then
+ resolved=true
+ break
+ fi
+ done
+ if ${resolved}; then
+ printf '%s\n' "${san}"
+ else
>&2 printf 'invalid san "%s" - skipping\n' "${san}"
rm "${csr_local}"
- break
fi
- printf '%s\n' "${san}"
done
)
if [ ! -f "${csr_local}" ]; then