[SS*S] lighttpd: Don't try to use ssl.ca-file for certificate chain

1 files changed, 3 insertions, 7 deletions

diff --git a/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert b/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert
index 3409244..b2dd5cb 100755
--- a/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert
+++ b/satellit_installer/static_files/lighttpd/opt/openslx/slx-cert
@@ -249,13 +249,12 @@ done
 # with our generated stuff for whatever reason.
 if [ -n "$have_srv" ] || [ -z "$makenew" ]; then
 	if [ -s "${LIGHTDIR}/ca-chain.pem" ]; then
-		unt_list=( "-untrusted" "${LIGHTDIR}/ca-chain.pem" )
-	else
-		unt_list=()
+		# Don't need this anymore, it never worked as separate file anyways, so make new
+		rm -f -- "${LIGHTDIR}/ca-chain.pem"
 	fi
 	valid=
 	for ca in "${ca_list[@]}"; do
-		openssl verify -CAfile "$ca" "${unt_list[@]}" \
+		openssl verify -CAfile "$ca" \
 			"${LIGHTDIR}/server.pem" &> /dev/null || continue
 		valid=1
 		break
@@ -316,9 +315,6 @@ if [ -z "$have_srv" ] || [ -n "$makenew" ]; then
 	cat "${CERTDIR}/srv-${srv_new_ts}.crt" "${PRIVDIR}/srv-${srv_new_ts}.key" > "${LIGHTDIR}/server.pem" || exit 10
 	chmod 0600 "${LIGHTDIR}/server.pem"
 
-	# Don't need this anymore
-	rm -f -- "${LIGHTDIR}/ca-chain.pem"
-
 	if [ "$1" = "--restart" ] || [ -t 0 ]; then
 		echo "Restarting lighttpd..."
 		systemctl restart lighttpd.service