mirror/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git synced 2026-02-04 06:13:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

ADMIN: dump-certs: don't update the file if it's up to date

Browse Source 
Compare the fingerprint of the leaf certificate to the previous file to
check if it needs to be updated or not

Also skip the check if no file is on the disk.
This commit is contained in:
William Lallemand
2025-09-28 16:33:37 +02:00
parent 3a6ea8b959
commit 8781c65d8a
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
admin/cli/haproxy-dump-certs
View File

@@ -60,6 +60,21 @@ read_certificate() {
return 0
}
cmp_certkey() {
prev=$1
new=$2
if [ ! -f "$prev" ]; then
return 1;
fi
if ! cmp -s <(openssl x509 -in "$prev" -noout -fingerprint -sha256) <(openssl x509 -in "$new" -noout -fingerprint -sha256); then
return 1
fi
return 0
}
dump_certificate() {
name=$1
crt_filename=$2
@@ -82,6 +97,11 @@ dump_certificate() {
return 1
fi
if cmp_certkey "${crt_filename}" "${crt_filename}.${tmp}"; then
echo "notice: ${crt_filename} is already up to date"
return 0
fi
# move the current certificates to ".old.timestamp"
mv "${crt_filename}" "${crt_filename}.${d}"
[ "${crt_filename}" != "${key_filename}" ] && mv "${key_filename}" "${key_filename}.${d}"