From 82c4060d62b9d4cb7e041829e10dc1a7861b39e2 Mon Sep 17 00:00:00 2001 From: Karsten Sperling Date: Fri, 6 Jan 2017 15:30:06 +1300 Subject: [PATCH] Fall back to python if OpenSSL does not support '-macopt' This allows the script to work with the tools shipped with OS X. --- acme.sh | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/acme.sh b/acme.sh index 06b14ef6..2efd9569 100755 --- a/acme.sh +++ b/acme.sh @@ -461,10 +461,19 @@ _hmac() { fi if [ "$alg" = "sha256" ] || [ "$alg" = "sha1" ]; then - if [ "$outputhex" ]; then - $OPENSSL_BIN dgst -"$alg" -mac HMAC -macopt "hexkey:$secret_hex" | cut -d = -f 2 | tr -d ' ' + # OpenSSL only support -macopt from version 1.0. OS X ships version 0.9 + if echo -n "" | $OPENSSL_BIN dgst -sha1 -mac HMAC -macopt hexkey:00 >/dev/null 2>&1; then + if [ "$outputhex" ]; then + $OPENSSL_BIN dgst -"$alg" -mac HMAC -macopt "hexkey:$secret_hex" | cut -d = -f 2 | tr -d ' ' + else + $OPENSSL_BIN dgst -"$alg" -mac HMAC -macopt "hexkey:$secret_hex" -binary + fi else - $OPENSSL_BIN dgst -"$alg" -mac HMAC -macopt "hexkey:$secret_hex" -binary + # Try to fall back to python's built-in hmac/hashlib modules + [ -n "$outputhex" ] && outputhex=hex + python -u -c \ + 'import sys,binascii,hmac,hashlib;sys.stdout.write(getattr(hmac.new(binascii.unhexlify(sys.argv[3]),sys.stdin.read(),getattr(hashlib,sys.argv[1])),sys.argv[2])())' \ + "$alg" "${outputhex}digest" "$secret_hex" fi else _err "$alg is not supported yet"