free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix pinning

This commit is contained in:
Bob Mottram 2016-08-08 20:52:38 +01:00
parent ec9395fcec
commit a5bc8d4542
No known key found for this signature in database
GPG Key ID: 0452CC7CEA982E38
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/freedombone-pin-cert
View File

@ -55,11 +55,11 @@ fi
KEY_HASH=$(openssl rsa -in $KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64) KEY_HASH=$(openssl rsa -in $KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
BACKUP_KEY_HASH=$(openssl rsa -in $BACKUP_KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64) BACKUP_KEY_HASH=$(openssl rsa -in $BACKUP_KEY_FILENAME -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64)
PIN_HEADER="add_header Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';" PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
if ! grep -q "add_header Public-Key-Pins" $SITE_FILENAME; then if ! grep -q "Public-Key-Pins" $SITE_FILENAME; then
sed -i "/ssl_ciphers.*/a $PIN_HEADER" $SITE_FILENAME sed -i "/ssl_ciphers.*/a add_header ${PIN_HEADER}" $SITE_FILENAME
else else
sed -i "s/add_header Public-Key-Pins.*/$PIN_HEADER/g" $SITE_FILENAME sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $SITE_FILENAME
fi fi
systemctl restart nginx systemctl restart nginx