upstream/opnsense-plugins
1
0
Fork 0
mirror of https://github.com/opnsense/plugins.git synced 2026-05-28 04:34:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #2351 from definitio/update-haproxy-ocsp-via-socket

Browse source 
net/haproxy: Update HAProxy OCSP stapling via local UNIX socket
This commit is contained in:
Frank Wall 2021-05-10 22:48:38 +02:00 committed by GitHub
commit 37a9956941
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/updateOcsp.sh
View file

@ -18,6 +18,7 @@
# along with this program. If not, see <https://www.gnu.org/licenses/>.
HAPROXY_DIR="/tmp/haproxy/ssl"
HAPROXY_SOCKET="/var/run/haproxy.socket"
for _pem in "$HAPROXY_DIR"/*.pem; do
cert_file="$(basename "$_pem")"
@ -64,6 +65,11 @@ for _pem in "$HAPROXY_DIR"/*.pem; do
if [ "${_ret}" != "0" ]; then
echo "Updating OCSP stapling failed with return code ${_ret}"
else
_update="$(openssl enc -base64 -A -in "${_ocsp}")"
if ! echo "set ssl ocsp-response ${_update}" | socat stdio $HAPROXY_SOCKET; then
echo "Updating haproxy OCSP stapling via socket failed"
fi
fi
fi
fi