diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2016-06-15 18:08:48 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2016-06-15 18:13:09 +0200 |
| commit | 02d4a5892bb3019d448c453ad279788fcd3f1531 (patch) | |
| tree | f8e023267ac8af5cab8aa5413c52c37c6d9257af /certs/gencerts.sh | |
| parent | 97e78349145156ca6565ee5b2af54983a6fdd3a6 (diff) | |
certs/public: fetch each cert's pubkey (SPKI), not the cert itself.
To avoid new commits upon cert renewal.
Diffstat (limited to 'certs/gencerts.sh')
| -rwxr-xr-x | certs/gencerts.sh | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/certs/gencerts.sh b/certs/gencerts.sh index b1f56c2..81a27fc 100755 --- a/certs/gencerts.sh +++ b/certs/gencerts.sh @@ -21,7 +21,7 @@ x509fpr() { local msg="$1" host cert h spki host="${msg%%,*}"; host="${host%% *}"; host="${host#\`}" cert="$DIR/${host%%:*}.pem" - spki=$(openssl x509 -noout -pubkey<"$cert" | openssl pkey -pubin -outform DER | openssl dgst -sha1 | sed -nr 's/^[^=]+=\s*//p') + spki=$(openssl pkey -pubin -outform DER <"$cert" | openssl dgst -sha1 | sed -nr 's/^[^=]+=\s*//p') [ "$typ" = mdwn ] && printf '\n [%s](https://crt.sh/?spkisha1=%s&iCAID=16418)\n\n' "$msg" "$spki" \ || printf ' %s\n X.509: https://crt.sh/?spkisha1=%s&iCAID=16418\n SPKI:\n' \ "$( echo "$msg" | tr -d '`' )" "$spki" @@ -29,7 +29,7 @@ x509fpr() { [ "$typ" = mdwn ] || echo -n ' ' echo -n "$h" | tr '[a-z]' '[A-Z]' for i in $(seq 1 $((7 - ${#h}))); do echo -n ' '; done - openssl x509 -noout -pubkey<"$cert" | openssl pkey -pubin -outform DER | openssl dgst -"$h" -c | sed -nr 's/^[^=]+=\s*//p' + openssl pkey -pubin -outform DER <"$cert" | openssl dgst -"$h" -c | sed -nr 's/^[^=]+=\s*//p' done | sed -r "s/(\S+)(.*)/$indent\1\U\2/" } @@ -109,7 +109,7 @@ view all issued Let's Encrypt certificates at crt.sh: https://crt.sh/?Identity=%25fripost.org&iCAID=16418 -Our X.509 certificates are also available in PEM format at: +The SPKI of our X.509 certificates are also available in PEM format at: $VCS_BROWSER/tree/certs/public , @@ -138,8 +138,8 @@ Authority](https://letsencrypt.org), and are submitted to [Certificate Transparency logs](https://www.certificate-transparency.org). You can view all issued Let's Encrypt certificates at [crt.sh](https://crt.sh/?Identity=%25fripost.org&iCAID=16418). -Our X.509 certificates are also available in PEM format under our -[Git repository]($VCS_BROWSER/tree/certs/public), +The SPKI of our X.509 certificates are also available in PEM format +under our [Git repository]($VCS_BROWSER/tree/certs/public), from which this fingerprint list was [generated]($VCS_BROWSER/tree/certs/gencerts.sh), at $(git --no-pager --git-dir="$DIR/../../.git" --work-tree="$DIR" log -1 --pretty=format:"[Commit ID %h from %aD]($VCS_BROWSER/tree/certs/public?id=%H)" -- "$DIR"). |