Make HTTP and service key symlinks relative to base.key.pem

2026-03-28 10:33:05 +01:00
parent b3f045ee21
commit bd34efc598
1 changed files with 10 additions and 8 deletions
@@ -29,9 +29,10 @@
 # Project Home: https://dev.town-square.de/cb601/dyntls
 #
 ###############################################################################
+
 # MIT License
 #
-# Copyright (c) 2025 CB-601 - the open tec Elevator <mail@opensource-technology.de>
+# Copyright (c) 2026 CB-601 - the open tec Elevator <mail@opensource-technology.de>
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -875,12 +876,13 @@ _ProvideCertDomainService() {

            # Provide server key: either symlink to base or copy unique key
            KeyPath="$EffectivePkiDir/private/$DYNTLS_MEMBER_HOSTNAME.$DYNTLS_PKI_KEY_SUFFIX"
+
            if [ "$DYNTLS_PKI_KEY_LNS" -eq 1 ]; then
-                _log "Create a symlink '$EffectivePkiDir/private/base.$DYNTLS_PKI_KEY_SUFFIX' to '$KeyPath'." 1
-                ln -sf "$EffectivePkiDir/private/base.$DYNTLS_PKI_KEY_SUFFIX" "$KeyPath"
+                _log "Using relative symlink for service key: $KeyPath -> $DYNTLS_PKI_SERVER_BASEKEY_FILE" 1
+                ln -sf "$DYNTLS_PKI_SERVER_BASEKEY_FILE" "$KeyPath"
            else
-                _log "Copy unique key from '$DYNTLS_PKI_HTTP_KEY_DIR/$DYNTLS_MEMBER_HOSTNAME.$DYNTLS_PKI_KEY_SUFFIX' to '$EffectivePkiDir/private/$DYNTLS_MEMBER_HOSTNAME.$DYNTLS_PKI_KEY_SUFFIX'." 1
-                cp "$DYNTLS_PKI_HTTP_KEY_DIR/$DYNTLS_MEMBER_HOSTNAME.$DYNTLS_PKI_KEY_SUFFIX" "$EffectivePkiDir/private/"
+                _log "Using dedicated service key copy at: $KeyPath (source: $EffectivePkiDir/private/$DYNTLS_PKI_SERVER_BASEKEY_FILE)" 1
+                cp "$EffectivePkiDir/private/$DYNTLS_PKI_SERVER_BASEKEY_FILE" "$KeyPath"
            fi

            # Adjust ownership and permissions on .pem files
@@ -1077,10 +1079,10 @@ _create_cert() {
                _log "Planned server key path: $KeyFile" 1

                if [ "$DYNTLS_PKI_KEY_LNS" -eq 1 ]; then
-                    _log "Linking base server key to: $KeyFile" 1
-                    ln -sf "$DYNTLS_PKI_SERVER_BASEKEY" "$KeyFile"
+                    _log "Using relative symlink for server key: $KeyFile -> $DYNTLS_PKI_SERVER_BASEKEY_FILE" 1
+                    ln -sf "$DYNTLS_PKI_SERVER_BASEKEY_FILE" "$KeyFile"
                else
-                    _log "Copying dedicated server key to: $KeyFile" 1
+                    _log "Using dedicated server key copy at: $KeyFile (source: $DYNTLS_PKI_SERVER_BASEKEY)" 1
                    cp -a "$DYNTLS_PKI_SERVER_BASEKEY" "$KeyFile"
                fi