free
/
freedombone
Beobachten 1
Favorisieren 0
Fork 0
Code Issues 0 Pull-Requests 0 Releases 0 Wiki Aktivität
Quellcode durchsuchen

Don't pin certs

Bob Mottram vor 8 Jahren
Ursprung
d36e756982
Commit
e9949e8861
Es ist kein Account mit dieser Commiter-Email verbunden
1 geänderte Dateien mit 3 neuen und 5 gelöschten Zeilen
Geteilte Ansicht Diff-Statistik anzeigen
  1. 3
    5
      src/freedombone-pin-cert

+ 3
- 5
src/freedombone-pin-cert Datei anzeigen 

@@ -53,7 +53,7 @@ function pin_all_certs {
53 53 
                     if [ ${#BACKUP_KEY_HASH} -gt 5 ]; then
54 54
55 55 
                         PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
56 
-                        sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $file
56 
+                        # sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $file
57 57 
                         echo $"Pinned $DOMAIN_NAME with keys $KEY_HASH $BACKUP_KEY_HASH"
58 58 
                     fi
59 59 
                 fi
 
@@ -115,10 +115,8 @@ if [ ${#BACKUP_KEY_HASH} -lt 5 ]; then
115 115 
 fi
116 116
117 117 
 PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
118 
-if ! grep -q "Public-Key-Pins" $SITE_FILENAME; then
119 
-    sed -i "/ssl_ciphers.*/a     add_header ${PIN_HEADER}" $SITE_FILENAME
120 
-else
121 
-    sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $SITE_FILENAME
118 
+if grep -q "Public-Key-Pins" $SITE_FILENAME; then
119 
+    sed -i "s|Public-Key-Pins.*||g" $SITE_FILENAME
122 120 
 fi
123 121
124 122 
 systemctl restart nginx