RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

Provide ftps:// copy which verifies remote TLS certificates 

ftses:// uses --insecure, which is, well, insecure.
pull/685/head
Timothe Litt 4 years ago
parent
e21fd2e087
commit
bf9403fb9c
Failed to extract signature
1 changed files with 12 additions and 5 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +12
    -5
      getssl

+ 12
- 5
getssl View File

@ -264,7 +264,8 @@
# 2021-07-12 Do not redirect outputs on remote commands when the debug option is used (atisne)
# 2021-07-20 Use +noidnout to enable certificates for IDN domains (#679)(2.37)
# 2021-07-22 Only pass +noidnout param to dig/drill(#682)(2.38)
# 2021-07-25 Fix copy_file_to_location failures with ssh when suffix applied to file lacking an extension (2.39)
# 2021-07-25 Fix copy_file_to_location failures with ssh when suffix applied to file lacking an extension
# 2021-07-27 Provide ftps:// copy which verifies remote TLS certificates (vs. ftpes:// which is insecure) (2.39)
# ----------------------------------------------------------------------------------------
case :$SHELLOPTS: in
@ -940,7 +941,7 @@ copy_file_to_location() { # copies a file, using scp, sftp or ftp if required.
debug "davs user=$davsuser - pass=$davspass - host=$davshost port=$davsport dir=$davsdirn file=$davsfile"
debug "from dir=$fromdir file=$fromfile"
curl -u "${davsuser}:${davspass}" -T "${fromdir}/${fromfile}" "https://${davshost}:${davsport}${davsdirn}${davsfile}"
elif [[ "${to:0:6}" == "ftpes:" ]] ; then
elif [[ "${to:0:6}" == "ftpes:" ]] || [[ "${to:0:5}" == "ftps:" ]] ; then
debug "using ftp to copy the file from $from"
ftpuser=$(echo "$to"| awk -F: '{print $2}')
ftppass=$(echo "$to"| awk -F: '{print $3}')
@ -952,7 +953,11 @@ copy_file_to_location() { # copies a file, using scp, sftp or ftp if required.
fromfile=$(basename "$from")
debug "ftp user=$ftpuser - pass=$ftppass - host=$ftphost dir=$ftpdirn file=$ftpfile"
debug "from dir=$fromdir file=$fromfile"
curl --insecure --ftp-ssl -u "${ftpuser}:${ftppass}" -T "${fromdir}/${fromfile}" "ftp://${ftphost}${ftpdirn}/"
if [[ "${to:0:5}" == "ftps:" ]] ; then
curl --ftp-ssl -u "${ftpuser}:${ftppass}" -T "${fromdir}/${fromfile}" "ftp://${ftphost}${ftpdirn}/"
else
curl --insecure --ftp-ssl -u "${ftpuser}:${ftppass}" -T "${fromdir}/${fromfile}" "ftp://${ftphost}${ftpdirn}/"
fi
else
if ! mkdir -p "$(dirname "$to")" ; then
error_exit "cannot create ACL directory $(basename "$to")"
@ -2454,9 +2459,11 @@ write_domain_template() { # write out a template file for a domain.
# An ssh key will be needed to provide you with access to the remote server.
# Optionally, you can specify a different userid for ssh/scp to use on the remote server before the @ sign.
# If left blank, the username on the local server will be used to authenticate against the remote server.
# If these start with ftp:/ftpes: then the next variables are ftpuserid:ftppassword:servername:ACL_location
# If these start with ftp:/ftpes:/ftps: then the next variables are ftpuserid:ftppassword:servername:ACL_location
# These should be of the form "/path/to/your/website/folder/.well-known/acme-challenge"
# where "/path/to/your/website/folder/" is the path, on your web server, to the web root for your domain.
# ftp: uses regular ftp; ftpes: uses ftp over TLS but DOES NOT verify the remote certificates; ftps: uses ftp over TLS.
# ftpes: is less secure than ftps: and should only be used for hosts with self-signed certificates.
# You can also user WebDAV over HTTPS as transport mechanism. To do so, start with davs: followed by username,
# password, host, port (explicitly needed even if using default port 443) and path on the server.
# Multiple locations can be defined for a file by separating the locations with a semi-colon.
@ -2465,7 +2472,7 @@ write_domain_template() { # write out a template file for a domain.
# 'ssh:sshuserid@server5:/var/www/${DOMAIN}/web/.well-known/acme-challenge'
# 'ftp:ftpuserid:ftppassword:${DOMAIN}:/web/.well-known/acme-challenge'
# 'davs:davsuserid:davspassword:{DOMAIN}:443:/web/.well-known/acme-challenge'
# 'ftpes:ftpuserid:ftppassword:${DOMAIN}:/web/.well-known/acme-challenge')
# 'ftps:ftpuserid:ftppassword:${DOMAIN}:/web/.well-known/acme-challenge')
# Specify SSH options, e.g. non standard port in SSH_OPTS
# (Can also use SCP_OPTS and SFTP_OPTS)


Write Preview
Loading…
Cancel
Save