Skip to content
Snippets Groups Projects
Unverified Commit e9949e88 authored by Bob Mottram's avatar Bob Mottram
Browse files

Don't pin certs

parent d36e7569
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/freedombone-pin-cert
+ 3
5
View file @ e9949e88
......@@ -53,7 +53,7 @@ function pin_all_certs {
if [ ${#BACKUP_KEY_HASH} -gt 5 ]; then
PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $file
# sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $file
echo $"Pinned $DOMAIN_NAME with keys $KEY_HASH $BACKUP_KEY_HASH"
fi
fi
......@@ -115,10 +115,8 @@ if [ ${#BACKUP_KEY_HASH} -lt 5 ]; then
fi
PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
if ! grep -q "Public-Key-Pins" $SITE_FILENAME; then
sed -i "/ssl_ciphers.*/a add_header ${PIN_HEADER}" $SITE_FILENAME
else
sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $SITE_FILENAME
if grep -q "Public-Key-Pins" $SITE_FILENAME; then
sed -i "s|Public-Key-Pins.*||g" $SITE_FILENAME
fi
systemctl restart nginx
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment