From e9949e8861f272d30e5f771e2e0d28cfec1688db Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Tue, 30 Aug 2016 19:45:22 +0100
Subject: [PATCH] Don't pin certs

---
 src/freedombone-pin-cert | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/freedombone-pin-cert b/src/freedombone-pin-cert
index 78b21dad2..0aef8c6b6 100755
--- a/src/freedombone-pin-cert
+++ b/src/freedombone-pin-cert
@@ -53,7 +53,7 @@ function pin_all_certs {
                     if [ ${#BACKUP_KEY_HASH} -gt 5 ]; then
 
                         PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
-                        sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $file
+                        # sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $file
                         echo $"Pinned $DOMAIN_NAME with keys $KEY_HASH $BACKUP_KEY_HASH"
                     fi
                 fi
@@ -115,10 +115,8 @@ if [ ${#BACKUP_KEY_HASH} -lt 5 ]; then
 fi
 
 PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
-if ! grep -q "Public-Key-Pins" $SITE_FILENAME; then
-    sed -i "/ssl_ciphers.*/a     add_header ${PIN_HEADER}" $SITE_FILENAME
-else
-    sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $SITE_FILENAME
+if grep -q "Public-Key-Pins" $SITE_FILENAME; then
+    sed -i "s|Public-Key-Pins.*||g" $SITE_FILENAME
 fi
 
 systemctl restart nginx
-- 
GitLab