registration: Cancel certificate pinning

339722e6 · Vojtech Myslivec · 0321f8fd · 339722e6 · 339722e6
Verified Commit 339722e6 authored Apr 25, 2019 by Vojtech Myslivec
--- a/src/helpers/autocollect.sh
+++ b/src/helpers/autocollect.sh
@@ -29,13 +29,12 @@ set -e

 # Some constants
 TIMEOUT=120
-CA_FILE=/etc/ssl/www_turris_cz_ca.pem
 CHALLENGE_URL=https://api.turris.cz/challenge.cgi
 CONTRACT_URL='https://project.turris.cz/api/contract-valid.txt?registration_code='
 # Get today's registration code
 CODE=$(curl -k -m $TIMEOUT "$CHALLENGE_URL" | atsha204cmd challenge-response | head -c 16)
 # Ask for the status of the contract
-RESULT=$(curl -s -S -L -H "Accept: plain/text" --cacert "$CA_FILE" --cert-status -m "$TIMEOUT" "$CONTRACT_URL$CODE" | sed -ne 's/^result: *\(..*\)/\1/p')
+RESULT=$(curl -s -S -L -H "Accept: plain/text" --cert-status -m "$TIMEOUT" "$CONTRACT_URL$CODE" | sed -ne 's/^result: *\(..*\)/\1/p')

 if [ "$RESULT" = "valid" ] ; then
 	if uci -d'

--- a/src/lua_plugins/registration.lua
+++ b/src/lua_plugins/registration.lua
@@ -95,7 +95,7 @@ function datastore:user_rpc(rpc, data)
 		-- query the server
 		local ecode, stdout, stderr = run_command(
 			nil, 'curl', '-s', '-S', '-L', '-H', 'Accept-Language: ' .. language,
-			'-H', 'Accept: plain/text', '--cacert', '/etc/ssl/www_turris_cz_ca.pem', '--cert-status',
+			'-H', 'Accept: plain/text', '--cert-status',
 			'-m', tostring(connection_timeout), '-w', "\ncode: %{http_code}",
 			lookup_url .. "?registration_code=" .. registration_code .. "&email=" .. simple_escape(email_node:text())
 		);