X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=client-cert-helper;h=9961fc64be0ecf6b487e9c86b3c60c68d1d8e6f0;hb=d85c0e0fbcb0ce109bb59e4dc8f0cedece24c468;hp=6589c40b15f1f243a18d0b724afb18b7384b57b6;hpb=c34b9b437d4a7173190ea58e040a3ae76f7410d7;p=vpn-setup

diff --git a/client-cert-helper b/client-cert-helper
index 6589c40..9961fc6 100755
--- a/client-cert-helper
+++ b/client-cert-helper
@@ -6,11 +6,18 @@ set -eE -o pipefail
 rm -f /tmp/vpn-mk-client-cert.log
 exec 2>/tmp/vpn-mk-client-cert.log
 
+
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?. PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
+
+date >&2
+set -x
+
 name=$1
 common_name=$2
 
-echo common_name=$common_name >&2
-
 server_dir=/etc/openvpn
 if [[ -e /etc/openvpn/server ]]; then
   server_dir=/etc/openvpn/server
@@ -20,7 +27,7 @@ cafile=$server_dir/ca-$name.crt
 
 ### begin section roughly copied from vpn-server-setup
 rsadir=/etc/openvpn/easy-rsa-$name
-new=true
+new=true # newer easy-rsa version
 keyfiles=(
   $rsadir/pki/private/$common_name.key
   $rsadir/pki/issued/$common_name.crt
@@ -35,7 +42,7 @@ fi
 ### end section roughly copied from vpn-server-setup
 
 if [[ ! -e $cafile ]]; then
-  echo error: no cafile found at $cafile >/tmp/errors
+  echo error: no cafile found at $cafile >&2
   exit 1
 fi