1
0

style: coherent coding style on check_dh_group

+ removal of an unneeded local keyword
This commit is contained in:
Nicolas Duchon 2021-12-16 02:00:04 +01:00
parent e0aaa93eb6
commit 9b935a09a5
No known key found for this signature in database
GPG Key ID: EA3151C66A4D79E7

@ -58,7 +58,7 @@ function check_dh_group {
fi
# Let's check DHPARAM_BITS is set to a supported value
if [[ ! ${DHPARAM_BITS} =~ ^(2048|3072|4096)$ ]]; then
if [[ ! "$DHPARAM_BITS" =~ ^(2048|3072|4096)$ ]]; then
echo "Error: Unsupported DHPARAM_BITS size: ${DHPARAM_BITS}. Supported values are 2048, 3072, or 4096 (default)." >&2
exit 1
fi
@ -68,7 +68,7 @@ function check_dh_group {
local EXPECTED_DHPARAM_HASH; EXPECTED_DHPARAM_HASH=$(sha256sum "$RFC7919_DHPARAM_FILE" | cut -d ' ' -f1)
# DH params may be provided by the user (rarely necessary)
if [[ -f ${DHPARAM_FILE} ]]; then
if [[ -f "$DHPARAM_FILE" ]]; then
local USER_PROVIDED_DH
# Check if the DH params file is user provided or comes from acme-companion
@ -78,7 +78,7 @@ function check_dh_group {
local FFDHE_HASH; FFDHE_HASH=$(sha256sum "$f" | cut -d ' ' -f1)
if [[ "$DHPARAM_HASH" == "$FFDHE_HASH" ]]; then
# This is an acme-companion created DH params file
local USER_PROVIDED_DH='false'
USER_PROVIDED_DH='false'
# Check if /etc/nginx/certs/dhparam.pem matches the expected pre-generated DH group
if [[ "$DHPARAM_HASH" == "$EXPECTED_DHPARAM_HASH" ]]; then
@ -89,7 +89,7 @@ function check_dh_group {
fi
done
if parse_true ${USER_PROVIDED_DH:=true}; then
if parse_true "${USER_PROVIDED_DH:=true}"; then
# This is a user provided DH params file
set_ownership_and_permissions "$DHPARAM_FILE"
echo "Info: A custom dhparam.pem file was provided. Best practice is to use standardized RFC7919 Diffie-Hellman groups instead."
@ -100,7 +100,7 @@ function check_dh_group {
# The RFC7919 DH params file either need to be created or replaced
echo "Info: Setting up ${DHPARAM_BITS} bits RFC7919 Diffie-Hellman group..."
cp "$RFC7919_DHPARAM_FILE" "${DHPARAM_FILE}.tmp"
mv "${DHPARAM_FILE}.tmp" "${DHPARAM_FILE}"
mv "${DHPARAM_FILE}.tmp" "$DHPARAM_FILE"
set_ownership_and_permissions "$DHPARAM_FILE"
}