[LighttpdHttps] Allow importing a certificate chain

1 files changed, 16 insertions, 7 deletions

diff --git a/scripts/install-https b/scripts/install-https
index 84a6184..bb17abc 100755
--- a/scripts/install-https
+++ b/scripts/install-https
@@ -1,11 +1,13 @@
 #!/bin/bash
 
-CERT="/etc/lighttpd/server.pem"
+CERTFILE="/etc/lighttpd/server.pem"
+CHAINFILE="/etc/lighttpd/chain.pem"
 
 op_disable ()
 {
-	[ -e "$CERT" ] || exit 0
-	rm -f -- "$CERT" || exit 1
+	[ -e "$CERTFILE" ] || exit 0
+	rm -f -- "$CERTFILE" || exit 1
+	rm -f -- "$CHAINFILE"
 }
 
 op_test ()
@@ -31,21 +33,28 @@ op_test ()
 
 op_import ()
 {
-	[ $# -eq 2 ] || exit 1
+	[ $# -lt 2 ] || exit 1
 	local K=$1
 	local C=$2
+	local CHAIN=$3
 	[ -r "$K" ] || exit 2
 	[ -r "$C" ] || exit 3
+	rm -f -- "$CHAINFILE"
 	# Create server.pem
-	cat "$C" "$K" > "$CERT"
-	chmod 0600 "$CERT" || exit 4
+	cat "$C" "$K" > "$CERTFILE"
+	chmod 0600 "$CERTFILE" || exit 4
 	rm -f -- "$C" "$K"
+	# If we have a chainfile, try to use it aswell
+	if [ -s "$CHAIN" ]; then
+		openssl x509 -noout -hash -in "$CHAIN" >/dev/null 2>&1 && cp "$CHAIN" "$CHAINFILE"
+	fi
 }
 
 op_random ()
 {
 	[ -z "$1" ] && exit 1
-	openssl req -x509 -new -newkey rsa:4096 -keyout "$CERT" -out "$CERT" -days 5000 -nodes -subj "/C=DE/ST=Nowhere/L=Springfield/O=bwLehrpool/CN=$1" || exit 2
+	rm -f -- "$CHAINFILE"
+	openssl req -x509 -new -newkey rsa:4096 -keyout "$CERTFILE" -out "$CERTFILE" -days 5000 -nodes -subj "/C=DE/ST=Nowhere/L=Springfield/O=bwLehrpool/CN=$1" || exit 2
 }
 
 OP=$1