From 131a20edcf44e7cee9692452c867b64e1b6a1b7d Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Thu, 16 Aug 2018 11:37:51 +0200
Subject: [PATCH] security/acme-client: merge version 1.17 from master

---
 security/acme-client/Makefile                               | 2 +-
 .../src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/security/acme-client/Makefile b/security/acme-client/Makefile
index b5b48f637..40f66703a 100644
--- a/security/acme-client/Makefile
+++ b/security/acme-client/Makefile
@@ -1,5 +1,5 @@
 PLUGIN_NAME=		acme-client
-PLUGIN_VERSION=		1.16
+PLUGIN_VERSION=		1.17
 PLUGIN_COMMENT=		Let's Encrypt client
 PLUGIN_MAINTAINER=	opnsense@moov.de
 PLUGIN_DEPENDS=		acme.sh bind912
diff --git a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
index 509a6e5d7..5f56fd534 100755
--- a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
+++ b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
@@ -319,10 +319,14 @@ function run_acme_account_registration($acctObj, $certObj, $modelObj)
     $account_conf_dir = "/var/etc/acme-client/accounts/" . $acctObj->id;
     $account_conf_file = $account_conf_dir . "/account.conf";
     $account_key_file = $account_conf_dir . "/account.key";
+    $account_json_file = $account_conf_dir . "/account.json";
+    $account_ca_file = $account_conf_dir . "/ca.conf";
     $acme_conf = array();
     $acme_conf[] = "CERT_HOME='/var/etc/acme-client/home'";
     $acme_conf[] = "LOG_FILE='/var/log/acme.sh.log'";
     $acme_conf[] = "ACCOUNT_KEY_PATH='" . $account_key_file . "'";
+    $acme_conf[] = "ACCOUNT_JSON_PATH='" . $account_json_file . "'";
+    $acme_conf[] = "CA_CONF='" . $account_ca_file . "'";
     if (!empty((string)$acctObj->email)) {
         $acme_conf[] = "ACCOUNT_EMAIL='" . (string)$acctObj->email . "'";
     }
@@ -810,7 +814,7 @@ function run_acme_validation($certObj, $valObj, $acctObj)
     }
 
     // if OCSP Extension is turned on pass --ocsp parameter to acme client
-    if (isset($certObj->ocsp)) {
+    if (isset($certObj->ocsp) and ($certObj->ocsp == 1)) {
         $acme_args[] = "--ocsp";
     }