est_client: allow setting the EST_SERVER via an env variable

Signed-off-by: John Crispin <john@phrozen.org>
2025-10-28 17:12:22 +00:00 · 2025-07-17 08:14:25 +02:00
parent 5aca134364
commit f56fb3c0d3
1 changed files with 6 additions and 2 deletions
--- a/feeds/tip/cloud_discovery/files/usr/bin/est_client
+++ b/feeds/tip/cloud_discovery/files/usr/bin/est_client
@@ -7,6 +7,10 @@ import * as fs from 'fs';

 let store_operational_pem = false;
 let store_operational_ca = false;
+let est_server = 'qaest.certificates.open-lan.org:8001';
+
+if (getenv('EST_SERVER'))
+	est_server = getenv('EST_SERVER');

 ulog_open(ULOG_SYSLOG | ULOG_STDIO, LOG_DAEMON, "est_client");

@@ -70,7 +74,7 @@ function call_est_server(path, cert, target) {
 	if (generate_csr(cert))
 		return 1;

-	let ret = system('curl -X POST https://qaest.certificates.open-lan.org:8001/.well-known/est/' + path + ' -d @/tmp/csr.nohdr.p10 -H "Content-Type: application/pkcs10" --cert ' + cert + ' --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.nohdr.p7');
+	let ret = system('curl -X POST https://' + est_server + '/.well-known/est/' + path + ' -d @/tmp/csr.nohdr.p10 -H "Content-Type: application/pkcs10" --cert ' + cert + ' --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.nohdr.p7');
 	if (ret) {
 		ulog(LOG_INFO, 'Failed to request operational certificate\n');
 		return 1;
@@ -116,7 +120,7 @@ function load_operational_ca() {
 		ulog(LOG_INFO, 'Operational CA is present\n');
 		return 0;
 	}
-	let ret = system('curl -X GET https://qaest.certificates.open-lan.org:8001/.well-known/est/cacerts --cert /etc/ucentral/operational.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.ca.nohdr.p7');
+	let ret = system('curl -X GET https://' + est_server + '/.well-known/est/cacerts --cert /etc/ucentral/operational.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.ca.nohdr.p7');
 	if (!ret)
 		ret = p7_too_pem('/tmp/operational.ca.nohdr.p7', '/etc/ucentral/operational.ca');
 	if (ret) {