third-party-tools/acme.sh
1
0
Fork 0
mirror of https://github.com/acmesh-official/acme.sh synced 2025-11-04 13:55:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: Support manually defining extended key usage in CSR

Browse Source 
- New CLI param: --extended-key-usage <string>
- When --extended-key-usage is defined:
  1. Set [v3_req]extendedKeyUsage to the provided value.
  2. Store the value in domain conf Le_ExtKeyUse for reuse.
This commit is contained in:
Matt Mower
2024-05-04 11:43:01 -07:00
parent bd48c99383
commit 957bbab440
1 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
acme.sh
View File

@@ -1243,7 +1243,14 @@ _createcsr() {
_debug2 csr "$csr"
_debug2 csrconf "$csrconf"
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\nextendedKeyUsage=serverAuth,clientAuth\n" >"$csrconf"
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]" >"$csrconf"
if [ "$Le_ExtKeyUse" ]; then
_savedomainconf Le_ExtKeyUse "$Le_ExtKeyUse"
printf "\nextendedKeyUsage=$Le_ExtKeyUse\n" >>"$csrconf"
else
printf "\nextendedKeyUsage=serverAuth,clientAuth\n" >>"$csrconf"
fi
if [ "$acmeValidationv1" ]; then
domainlist="$(_idn "$domainlist")"
@@ -7007,6 +7014,7 @@ Parameters:
--post-hook <command> Command to be run after attempting to obtain/renew certificates. Runs regardless of whether obtain/renew succeeded or failed.
--renew-hook <command> Command to be run after each successfully renewed certificate.
--deploy-hook <hookname> The hook file to deploy cert
--extended-key-usage <string> Manually define the CSR extended key usage value. The default is serverAuth,clientAuth.
--ocsp, --ocsp-must-staple Generate OCSP-Must-Staple extension.
--always-force-new-domain-key Generate new domain key on renewal. Otherwise, the domain key is not changed by default.
--auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. Defaults to 1 if argument is omitted.
@@ -7698,6 +7706,10 @@ _process() {
_deploy_hook="$_deploy_hook$2,"
shift
;;
--extended-key-usage)
Le_ExtKeyUse="$2"
shift
;;
--ocsp-must-staple | --ocsp)
Le_OCSP_Staple="1"
;;