free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Fix pinning

Bob Mottram 8 years ago
parent
ec9395fcec
commit
a5bc8d4542
No account linked to committer's email
1 changed files with 4 additions and 4 deletions
Split View Show Diff Stats
  1. 4
    4
      src/freedombone-pin-cert

+ 4
- 4
src/freedombone-pin-cert View File 

@@ -55,11 +55,11 @@ fi
55 55 
 KEY_HASH=$(openssl rsa -in $KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
56 56 
 BACKUP_KEY_HASH=$(openssl rsa -in $BACKUP_KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
57 57
58 
-PIN_HEADER="add_header Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
59 
-if ! grep -q "add_header Public-Key-Pins" $SITE_FILENAME; then
60 
-    sed -i "/ssl_ciphers.*/a     $PIN_HEADER" $SITE_FILENAME
58 
+PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
59 
+if ! grep -q "Public-Key-Pins" $SITE_FILENAME; then
60 
+    sed -i "/ssl_ciphers.*/a     add_header ${PIN_HEADER}" $SITE_FILENAME
61 61 
 else
62 
-    sed -i "s/add_header Public-Key-Pins.*/$PIN_HEADER/g" $SITE_FILENAME
62 
+    sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $SITE_FILENAME
63 63 
 fi
64 64
65 65 
 systemctl restart nginx