Skip to content

Commit 6715320

Browse files
author
neil
committed
fix #6610
#6617 (comment)
1 parent 7780508 commit 6715320

File tree

1 file changed

+24
-9
lines changed

1 file changed

+24
-9
lines changed

acme.sh

Lines changed: 24 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1250,7 +1250,7 @@ _idn() {
12501250
fi
12511251
}
12521252

1253-
#_createcsr cn san_list keyfile csrfile conf acmeValidationv1
1253+
#_createcsr cn san_list keyfile csrfile conf acmeValidationv1 extendedUsage
12541254
_createcsr() {
12551255
_debug _createcsr
12561256
domain="$1"
@@ -1259,6 +1259,7 @@ _createcsr() {
12591259
csr="$4"
12601260
csrconf="$5"
12611261
acmeValidationv1="$6"
1262+
extusage="$7"
12621263
_debug2 domain "$domain"
12631264
_debug2 domainlist "$domainlist"
12641265
_debug2 csrkey "$csrkey"
@@ -1267,11 +1268,10 @@ _createcsr() {
12671268

12681269
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]" >"$csrconf"
12691270

1270-
if [ "$Le_ExtKeyUse" ]; then
1271-
_savedomainconf Le_ExtKeyUse "$Le_ExtKeyUse"
1272-
printf "\nextendedKeyUsage=$Le_ExtKeyUse\n" >>"$csrconf"
1271+
if [ "$extusage" ]; then
1272+
printf "\nextendedKeyUsage=$extusage\n" >>"$csrconf"
12731273
else
1274-
printf "\nextendedKeyUsage=serverAuth\n" >>"$csrconf"
1274+
printf "\nextendedKeyUsage=serverAuth,clientAuth\n" >>"$csrconf"
12751275
fi
12761276

12771277
if [ "$acmeValidationv1" ]; then
@@ -4445,6 +4445,7 @@ issue() {
44454445
_valid_from="${16}"
44464446
_valid_to="${17}"
44474447
_certificate_profile="${18}"
4448+
_extended_key_usage="${19}"
44484449

44494450
if [ -z "$_ACME_IS_RENEW" ]; then
44504451
_initpath "$_main_domain" "$_key_length"
@@ -4589,12 +4590,25 @@ issue() {
45894590
return 1
45904591
fi
45914592
fi
4592-
if ! _createcsr "$_main_domain" "$_alt_domains" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF"; then
4593+
_keyusage="$_extended_key_usage"
4594+
if [ "$Le_API" = "$CA_GOOGLE" ] || [ "$Le_API" = "$CA_GOOGLE_TEST" ]; then
4595+
if [ -z "$_keyusage" ]; then
4596+
#https://github.com/acmesh-official/acme.sh/issues/6610
4597+
#google accepts serverauth only
4598+
_keyusage="serverAuth"
4599+
fi
4600+
fi
4601+
if ! _createcsr "$_main_domain" "$_alt_domains" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF" "" "$_keyusage"; then
45934602
_err "Error creating CSR."
45944603
_clearup
45954604
_on_issue_err "$_post_hook"
45964605
return 1
45974606
fi
4607+
if [ "$_extended_key_usage" ]; then
4608+
_savedomainconf "Le_ExtKeyUse" "$_extended_key_usage"
4609+
else
4610+
_cleardomainconf "Le_ExtKeyUse"
4611+
fi
45984612
fi
45994613

46004614
_savedomainconf "Le_Keylength" "$_key_length"
@@ -5553,7 +5567,7 @@ renew() {
55535567
_cleardomainconf Le_OCSP_Staple
55545568
fi
55555569
fi
5556-
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias" "$Le_Preferred_Chain" "$Le_Valid_From" "$Le_Valid_To" "$Le_Certificate_Profile"
5570+
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias" "$Le_Preferred_Chain" "$Le_Valid_From" "$Le_Valid_To" "$Le_Certificate_Profile" "$Le_ExtKeyUse"
55575571
res="$?"
55585572
if [ "$res" != "0" ]; then
55595573
return "$res"
@@ -7469,6 +7483,7 @@ _process() {
74697483
_valid_from=""
74707484
_valid_to=""
74717485
_certificate_profile=""
7486+
_extended_key_usage=""
74727487
while [ ${#} -gt 0 ]; do
74737488
case "${1}" in
74747489

@@ -7864,7 +7879,7 @@ _process() {
78647879
shift
78657880
;;
78667881
--extended-key-usage)
7867-
Le_ExtKeyUse="$2"
7882+
_extended_key_usage="$2"
78687883
shift
78697884
;;
78707885
--ocsp-must-staple | --ocsp)
@@ -8081,7 +8096,7 @@ _process() {
80818096
uninstall) uninstall "$_nocron" ;;
80828097
upgrade) upgrade ;;
80838098
issue)
8084-
issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain" "$_valid_from" "$_valid_to" "$_certificate_profile"
8099+
issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain" "$_valid_from" "$_valid_to" "$_certificate_profile" "$_extended_key_usage"
80858100
;;
80868101
deploy)
80878102
deploy "$_domain" "$_deploy_hook" "$_ecc"

0 commit comments

Comments
 (0)