From e29ccf19aca8239374ec7f07a9f4887e98d5cf58 Mon Sep 17 00:00:00 2001
From: DJ Lucas <dj@lucasit.com>
Date: Sat, 14 Oct 2017 00:07:58 -0500
Subject: [PATCH] Allow use of proxy with OpenSSL s_client.

---
 CHANGELOG |  3 +++
 make-ca   | 16 ++++++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 4426738..a627ee2 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,6 @@
+0.6      - Allow use of proxy with OpenSSL s_client
+         - Really check revision before download
+         - Make sure download was successful before testing values
 0.5      - Install systemd timer and service units
          - Add uninstall and clean targets
 0.4      - Add email and code signing flat file certificate stores
diff --git a/make-ca b/make-ca
index 3ee110f..bdb8152 100644
--- a/make-ca
+++ b/make-ca
@@ -180,6 +180,11 @@ function get_args(){
         fi
         shift 2
       ;;
+      -p | --proxy)
+        check_arg $1 $2
+        PROXY="${2}"
+        shift 2
+      ;;
       -k | --keytool)
         check_arg $1 $2
         KEYTOOL="${2}"
@@ -281,6 +286,9 @@ function showhelp(){
   echo "        -n, --nssdb [\$PKIDIR/nssdb]"
   echo "                         The output path for the shared NSS DB"
   echo ""
+  echo "        -p, --proxy [URI:PORT]"
+  echo "                         Use proxy server for download"
+  echo ""
   echo "        -k, --keytool [PATH]"
   echo "                         The path to the java keytool utility"
   echo ""
@@ -412,8 +420,12 @@ mkdir -p "${TEMPDIR}"/{certs,ssl/{certs,java},pki/{nssdb,anchors},work}
 if test "${GET}" == "1"; then
   HOST=$(echo "${URL}" | /usr/bin/cut -d / -f 3)
   _url=$(echo "${URL}" | sed 's@raw-file@log@')
+  SARGS="-ign_eof -connect ${HOST}:443"
+  if test "${PROXY}x" != "x"; then
+    SARGS="${SARGS} -proxy ${PROXY}"
+  fi
   echo GET ${_url} | \
-  ${OPENSSL} s_client -ign_eof -connect ${HOST}:443 2>/dev/null > "${TEMPDIR}/certdata.txt.log"
+  ${OPENSSL} s_client ${SARGS} 2>/dev/null > "${TEMPDIR}/certdata.txt.log"
   unset _url
 
   # Error out here if we couldn't get the file
@@ -436,7 +448,7 @@ if test "${GET}" == "1"; then
 
   # Download the new file
   echo GET ${URL} | \
-  ${OPENSSL} s_client -ign_eof -connect ${HOST}:443 2>/dev/null >> "${CERTDATA}"
+  ${OPENSSL} s_client ${SARGS} 2>/dev/null >> "${CERTDATA}"
   _line=$(( $(grep -n "certdata.txt" "${CERTDATA}" | cut -d ":" -f 1) - 1))
   sed -e "1,${_line}d" -i "${CERTDATA}"
   sed "1i # Revision:${REVISION}" -i "${CERTDATA}"