From be088fe540060e286fad14bf7e9bc64d8dd04e36 Mon Sep 17 00:00:00 2001
From: Lexi Winter <lexi@le-fay.org>
Date: Wed, 4 Jun 2025 21:28:59 +0100
Subject: make openssl path configurable

---
 renew.sh.in | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'renew.sh.in')

diff --git a/renew.sh.in b/renew.sh.in
index cecf52a..e1d2c6c 100644
--- a/renew.sh.in
+++ b/renew.sh.in
@@ -1,6 +1,8 @@
 #! /bin/sh
 # This source code is released into the public domain.
 
+_OPENSSL="$(_findbin openssl $ACME_OPENSSL)"
+
 # Parse command-line arguments.
 args=$(getopt f $*)
 if [ $? -ne 0 ]; then
@@ -44,8 +46,8 @@ _make_key() {
 	umask 077
 
 	case $keytype in
-	ec)	openssl ecparam -name secp384r1 -genkey -noout -out "$keyfile";;
-	rsa)	openssl genrsa -out "$keyfile" 3072;;
+	ec)	$_OPENSSL ecparam -name secp384r1 -genkey -noout -out "$keyfile";;
+	rsa)	$_OPENSSL genrsa -out "$keyfile" 3072;;
 	*)	_error "%s: unknown key type %s?" "$keyfile" "$keytype"
 		return 1;;
 	esac
@@ -87,7 +89,7 @@ EOF
 	done
 
 	# Generate the CSR
-	openssl req -new -key "$keyfile" -out "$csrfile" -config "$csrconf"
+	$_OPENSSL req -new -key "$keyfile" -out "$csrfile" -config "$csrconf"
 	return $?
 }
 
-- 
cgit v1.2.3