free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Don't pin certs

Bob Mottram 8 years ago
parent
d36e756982
commit
e9949e8861
No account linked to committer's email
1 changed files with 3 additions and 5 deletions
Split View Show Diff Stats
  1. 3
    5
      src/freedombone-pin-cert

+ 3
- 5
src/freedombone-pin-cert View File 

@@ -53,7 +53,7 @@ function pin_all_certs {
53 53 
                     if [ ${#BACKUP_KEY_HASH} -gt 5 ]; then
54 54
55 55 
                         PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
56 
-                        sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $file
56 
+                        # sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $file
57 57 
                         echo $"Pinned $DOMAIN_NAME with keys $KEY_HASH $BACKUP_KEY_HASH"
58 58 
                     fi
59 59 
                 fi
 
@@ -115,10 +115,8 @@ if [ ${#BACKUP_KEY_HASH} -lt 5 ]; then
115 115 
 fi
116 116
117 117 
 PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
118 
-if ! grep -q "Public-Key-Pins" $SITE_FILENAME; then
119 
-    sed -i "/ssl_ciphers.*/a     add_header ${PIN_HEADER}" $SITE_FILENAME
120 
-else
121 
-    sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $SITE_FILENAME
118 
+if grep -q "Public-Key-Pins" $SITE_FILENAME; then
119 
+    sed -i "s|Public-Key-Pins.*||g" $SITE_FILENAME
122 120 
 fi
123 121
124 122 
 systemctl restart nginx