uacme: adapted run.sh script to get it working with step CA #24803
+221
−270
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
OpenWrt will change to the APK package manager which requires The PKG_RELEASE should be an integer and not contain any letters or special characters.
|
Signed-off-by: Sebastian Bogaci <[email protected]>
oldboys92
force-pushed
the
fix_uacme_for_private_CA
branch
from
f4b5a29
to
1a52204
Compare
|
@lucize I prepared everything once again, kindly asking for your review. |
|
@lucize friendly reminder for reviewing this PR |
|
LGTM |
|
@lucize github pr workflow requires your approval, would you be so kind? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Maintainer: @lucize
Compile tested: OpenWrt 23.05.03
Run tested: OpenWrt 23.05.03
Description:
Current uacme package has no support for using private CA (like step CA). The tool supports that, but the wrapper script responsible for handling the ACME challenge is missing additional settings required for that (see this thread).
On top of that, the wrapper script was initially forked from acme.sh package and contains code snippets which suggest wrapper is same when uacme and acme.sh are installed. This makes no sense, so I've decided to fix the wrapper script (run.sh) to support only uacme package.
Added support for
tls-alpn-01and testedhttp-01andtls-alpn-01ACME challenge types using step CA as ACME service. Also fixed and improved the pre_check() and post_check() functions of the wrapper. Added also option for setting which interface should listen on the ACME challenge.