From 96201d441f08a20cf9052eb2cf5078f8773a83cd Mon Sep 17 00:00:00 2001
From: Tim Kimber <tkimber@mobius.org.uk>
Date: Fri, 1 Oct 2021 18:02:57 +0100
Subject: [PATCH 1/4] Fix -preferred-chain arg (#712) Show help if no domain
 specified (#705)

---
 getssl | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/getssl b/getssl
index 5cf32f98..6a4aedb6 100755
--- a/getssl
+++ b/getssl
@@ -271,6 +271,9 @@
 # 2021-08-26 Improve upgrade check & make upgrade do a full install when possible (tlhackque) (#694) (2.42)
 # 2021-09-02 Fix version compare - cURL v8 may have single digit minor numbers. (tlhackque) (2.43)
 # 2021-09-26 Delete key file when key algorithm has changed (makuhama)
+# 2021-09-30 better error if curl returns 60 (#709)
+# 2021-10-01 Fix -preferred-chain argument (#712)
+# 2021-10-01 Show help if no domain specified (#705)(2.44)
 # ----------------------------------------------------------------------------------------
 
 case :$SHELLOPTS: in
@@ -279,7 +282,7 @@ esac
 
 PROGNAME=${0##*/}
 PROGDIR="$(cd "$(dirname "$0")" || exit; pwd -P;)"
-VERSION="2.43"
+VERSION="2.44"
 
 # defaults
 ACCOUNT_KEY_LENGTH=4096
@@ -290,7 +293,7 @@ CHALLENGE_CHECK_TYPE="http"
 CHECK_REMOTE_WAIT=0
 CHECK_REMOTE="true"
 if [[ -n "${GITHUB_REPOSITORY}" ]] ; then
-  CODE_LOCATION="https://raw.githubusercontent.com/${GITHUB_REPOSITORY}/getssl/master/getssl"
+  CODE_LOCATION="https://raw.githubusercontent.com/${GITHUB_REPOSITORY}/master/getssl"
   RELEASE_API="https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/latest"
 else
   CODE_LOCATION="https://raw.githubusercontent.com/srvrco/getssl/master/getssl"
@@ -820,7 +823,7 @@ check_getssl_upgrade() { # check if a more recent release is available
   if [ "$TEMP_UPGRADE_FILE" == "" ]; then
     error_exit "mktemp failed"
   fi
-  CODE_LOCATION=$(sed -e"s/getssl\/master/${release_tag}/" <<<"$CODE_LOCATION")
+  CODE_LOCATION=$(sed -e"s/master/${release_tag}/" <<<"$CODE_LOCATION")
   # shellcheck disable=SC2086
   debug curl ${_NOMETER:---silent} --user-agent "$CURL_USERAGENT" "$CODE_LOCATION" --output "$TEMP_UPGRADE_FILE"
   # shellcheck disable=SC2086
@@ -2755,7 +2758,7 @@ while [[ -n ${1+defined} ]]; do
       _ONLY_CHECK_CONFIG=1 ;;
     -w)
       shift; WORKING_DIR="$1" ;;
-    -preferred-chain)
+    -preferred-chain | --preferred-chain)
       shift; PREFERRED_CHAIN="$1" ;;
     --source)
       return ;;
@@ -2830,6 +2833,10 @@ if [[ $_UPGRADE_CHECK -eq 1 ]]; then
   # if nothing in command line and no revocation and not only config check,
   # then exit after upgrade
   if [[ -z "$DOMAIN" ]] && [[ ${_CHECK_ALL} -ne 1 ]] && [[ ${_REVOKE} -ne 1 ]] && [ "${_ONLY_CHECK_CONFIG}" -ne 1 ]; then
+    # if nothing in command line, print help before exit.
+    if [[ -z "$DOMAIN" ]] && [[ ${_CHECK_ALL} -ne 1 ]]; then
+      help_message
+    fi
     graceful_exit
   fi
 fi

From 0462542f7d3a7d494ee4f31eb58ab38892284cd5 Mon Sep 17 00:00:00 2001
From: Tim Kimber <tkimber@mobius.org.uk>
Date: Wed, 6 Oct 2021 17:47:39 +0100
Subject: [PATCH 2/4] Fixes for centos6 automated test hanging

---
 test/33-ftp.bats         | 4 ++--
 test/34-ftp-passive.bats | 4 ++--
 test/restart-ftpd        | 8 +++++++-
 test/restart-nginx       | 3 ++-
 test/test_helper.bash    | 4 ++--
 5 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/test/33-ftp.bats b/test/33-ftp.bats
index 7c35f966..59297c0b 100644
--- a/test/33-ftp.bats
+++ b/test/33-ftp.bats
@@ -18,7 +18,7 @@ setup() {
 pasv_enable=NO
 _FTP
 
-        ${CODE_DIR}/test/restart-ftpd
+        ${CODE_DIR}/test/restart-ftpd start
     fi
 }
 
@@ -27,7 +27,7 @@ teardown() {
     [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip
     if [ -n "${VSFTPD_CONF}" ]; then
         cp ${VSFTPD_CONF}.getssl $VSFTPD_CONF
-        ${CODE_DIR}/test/restart-ftpd
+        ${CODE_DIR}/test/restart-ftpd stop
     fi
 }
 
diff --git a/test/34-ftp-passive.bats b/test/34-ftp-passive.bats
index 5648771f..71e6ed0a 100644
--- a/test/34-ftp-passive.bats
+++ b/test/34-ftp-passive.bats
@@ -21,7 +21,7 @@ pasv_min_port=10090
 connect_from_port_20=NO
 _FTP
 
-        ${CODE_DIR}/test/restart-ftpd
+        ${CODE_DIR}/test/restart-ftpd start
     fi
 }
 
@@ -30,7 +30,7 @@ teardown() {
     [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip
     if [ -n "${VSFTPD_CONF}" ]; then
         cp ${VSFTPD_CONF}.getssl $VSFTPD_CONF
-        ${CODE_DIR}/test/restart-ftpd
+        ${CODE_DIR}/test/restart-ftpd stop
     fi
 }
 
diff --git a/test/restart-ftpd b/test/restart-ftpd
index 5bdc3cd7..6bb780c1 100755
--- a/test/restart-ftpd
+++ b/test/restart-ftpd
@@ -1,11 +1,17 @@
 #!/usr/bin/env bash
 
+if [ -z "$1" ]; then
+  arg="restart"
+else
+  arg=$1
+fi
+
 if [ "$GETSSL_OS" = "alpine" ]; then
     killall -HUP vsftpd >&3-
 elif [[ "$GETSSL_OS" == "centos"[78] || "$GETSSL_OS" == "rockylinux"* ]]; then
     pgrep vsftpd | head -1 | xargs kill -HUP
 elif [[ "$GETSSL_OS" == "centos6" ]]; then
-    service vsftpd restart >&3- >/dev/null
+    service vsftpd "$arg"
 else
     service vsftpd restart >/dev/null >&3-
 fi
diff --git a/test/restart-nginx b/test/restart-nginx
index ca402f35..ee49af49 100755
--- a/test/restart-nginx
+++ b/test/restart-nginx
@@ -7,7 +7,8 @@ elif [[ "$GETSSL_OS" == "centos"[78] || "$GETSSL_OS" == "rockylinux"* ]]; then
     pgrep nginx | head -1 | xargs kill -HUP
     sleep 5
 elif [[ "$GETSSL_OS" == "centos6" ]]; then
-    service nginx restart >&3- >/dev/null
+    service nginx restart 3>&-
+    # service nginx restart
 else
     service nginx restart >/dev/null >&3-
 fi
diff --git a/test/test_helper.bash b/test/test_helper.bash
index efc52faa..e8d68b0a 100644
--- a/test/test_helper.bash
+++ b/test/test_helper.bash
@@ -74,10 +74,10 @@ if [[ -f /usr/bin/supervisord && -f /etc/supervisord.conf ]]; then
   fi
 elif [[ "$GETSSL_OS" == "centos"[78] || "$GETSSL_OS" == "rockylinux"* ]]; then
   if [ -z "$(pgrep nginx)" ]; then
-    nginx >&3-
+    nginx 3>&-
   fi
   if [ -z "$(pgrep vsftpd)" ] && [ "$(command -v vsftpd)" ]; then
-    vsftpd >&3-
+    vsftpd 3>&-
   fi
 fi
 

From 9e7e8fa77741d8d2846496fd6f0c6dc1d2eb8c79 Mon Sep 17 00:00:00 2001
From: Tim Kimber <tkimber@mobius.org.uk>
Date: Wed, 6 Oct 2021 18:27:05 +0100
Subject: [PATCH 3/4] Don't assume release_data has carriage returns (fixes
 #717)

---
 getssl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/getssl b/getssl
index 6a4aedb6..cee82b72 100755
--- a/getssl
+++ b/getssl
@@ -787,7 +787,7 @@ check_getssl_upgrade() { # check if a more recent release is available
   # Replace error in release description with _error (which is ignored by check_output_for_errors() in the tests)
   debug "${release_data//error/_error}"
   release_data="$(sed -e's/^ *//g' <<<"${release_data}")"
-  release_tag="$(sed -e'/^"tag_name": *"/!d;s/^"tag_name": *"\([^""]*\).*$/\1/' <<<"${release_data}")"
+  release_tag="$(sed -e'/"tag_name": *"/!d;s/"tag_name": *"\([^""]*\).*$/\1/' <<<"${release_data}")"
   if [[ "${release_tag:0:1}" != 'v' ]] ; then
     if [[ ${_MUTE} -eq 0 ]]; then
       info "The current repository has no releases or is improperly tagged; can't check for upgrades: '$release_tag'"

From 34417121c3f75c576d3c8e1758af64d84d0f9ec8 Mon Sep 17 00:00:00 2001
From: Tim Kimber <tkimber@mobius.org.uk>
Date: Wed, 6 Oct 2021 18:30:55 +0100
Subject: [PATCH 4/4] Tweak info message to avoid automated test failure

---
 getssl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/getssl b/getssl
index cee82b72..c4712e8f 100755
--- a/getssl
+++ b/getssl
@@ -2430,7 +2430,7 @@ send_signed_request() { # Sends a request to the ACME server, signed with your p
       fi
       debug "response status = $response_status"
       if [[ "$code" -eq 500 ]]; then
-        info "error on acme server - trying again ...."
+        info "_error on acme server - trying again ...."
         debug "loop_limit = $loop_limit"
         sleep 5
         loop_limit=$((loop_limit - 1))