From 02fb80a2c0f6b924c2781d352ab3a943eecdc8a8 Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Thu, 12 Mar 2020 13:35:30 +0100 Subject: sign-request: force connection to ip of ssh client --- sign-request.in | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/sign-request.in b/sign-request.in index 191bbea..56f041e 100755 --- a/sign-request.in +++ b/sign-request.in @@ -28,7 +28,13 @@ trap 'rm -rf --one-file-system "${tmp_dir}"' EXIT while read -r csr; do csr_local="${tmp_dir}/${csr##*/}" - curl --connect-timeout 10 -Ss --insecure "${csr}" -o "${csr_local}" + host="${csr#*://}" + host="${host%%/*}" + curl -Ss \ + --resolve "${host}:443:${SSH_CLIENT%% *}" \ + --resolve "${host}:80:${SSH_CLIENT%% *}" \ + --connect-timeout 10 \ + --insecure "${csr}" -o "${csr_local}" if ! content=$( openssl req -text -noout -verify -in "${csr_local}" 2>/dev/null ); then -- cgit v1.2.3-54-g00ecf