From a5bc8d4542ec4c68de5074fa938ecc46ac9dc1a3 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Mon, 8 Aug 2016 20:52:38 +0100
Subject: [PATCH] Fix pinning

---
 src/freedombone-pin-cert | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/freedombone-pin-cert b/src/freedombone-pin-cert
index a8ffa487..d74b2be7 100755
--- a/src/freedombone-pin-cert
+++ b/src/freedombone-pin-cert
@@ -55,11 +55,11 @@ fi
 KEY_HASH=$(openssl rsa -in $KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
 BACKUP_KEY_HASH=$(openssl rsa -in $BACKUP_KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
 
-PIN_HEADER="add_header Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
-if ! grep -q "add_header Public-Key-Pins" $SITE_FILENAME; then
-    sed -i "/ssl_ciphers.*/a     $PIN_HEADER" $SITE_FILENAME
+PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
+if ! grep -q "Public-Key-Pins" $SITE_FILENAME; then
+    sed -i "/ssl_ciphers.*/a     add_header ${PIN_HEADER}" $SITE_FILENAME
 else
-    sed -i "s/add_header Public-Key-Pins.*/$PIN_HEADER/g" $SITE_FILENAME
+    sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $SITE_FILENAME
 fi
 
 systemctl restart nginx