diff --git a/certidude/api.py b/certidude/api.py index 67ed433..c4e0b18 100644 --- a/certidude/api.py +++ b/certidude/api.py @@ -257,7 +257,7 @@ class RequestListResource(CertificateAuthorityBase): # TODO: check for revoked certificates and return HTTP 410 Gone # Process automatic signing if the IP address is whitelisted and autosigning was requested - if req.get_param("autosign").lower() in ("yes", "1", "true"): + if req.get_param_as_bool("autosign"): for subnet in ca.autosign_subnets: if subnet.overlaps(remote_addr): try: diff --git a/certidude/templates/index.html b/certidude/templates/index.html index 5dbd024..b119ac2 100644 --- a/certidude/templates/index.html +++ b/certidude/templates/index.html @@ -40,7 +40,7 @@ curl {{request.url}}/certificate/ > /etc/ipsec.d/cacerts/ca.pem openssl genrsa -out /etc/ipsec.d/private/$CN.pem 4096 chmod 0600 /etc/ipsec.d/private/$CN.pem openssl req -new -sha256 -key /etc/ipsec.d/private/$CN.pem -out /etc/ipsec.d/reqs/$CN.pem -subj "{% if s.C %}/C={{s.C}}{% endif %}{% if s.ST %}/ST={{s.ST}}{% endif %}{% if s.L %}/L={{s.L}}{% endif %}{% if s.O %}/O={{s.O}}{% endif %}{% if s.OU %}/OU={{s.OU}}{% endif %}/CN=$CN" -curl -L -H "Content-Type: application/pkcs10" --data-binary @/etc/ipsec.d/reqs/$CN.pem {{request.uri}}/request/?autosign=1\&wait=30 > /etc/ipsec.d/certs/$CN.pem.part +curl -L -H "Content-Type: application/pkcs10" --data-binary @/etc/ipsec.d/reqs/$CN.pem {{request.uri}}/request/?autosign=yes\&wait=30 > /etc/ipsec.d/certs/$CN.pem.part if [ $? -eq 0 ]; then mv /etc/ipsec.d/certs/$CN.pem.part /etc/ipsec.d/certs/$CN.pem; fi openssl verify -CAfile /etc/ipsec.d/cacerts/ca.pem /etc/ipsec.d/certs/$CN.pem