bin/add: Don't allow adding requests with defunct profiles.

[ca] / bin / add

diff --git a/bin/add b/bin/add
index 1c2ae81..d4eae0f 100755 (executable)
--- a/bin/add
+++ b/bin/add
@@ -70,14 +70,14 @@ db transaction {
 
     ## Check whether the profile exists.
     if {![db exists {
-      SELECT 1 FROM profile WHERE label = $profile;
+      SELECT 1 FROM profile WHERE label = $profile AND tombstone = 0;
     }]} {
       error "unknown profile `$profile'"
     }
 
     ## Copy the file away.
     fresh-temp "$CERTROOT/tmp" tmp {
-      file copy $file $tmp
+      exec openssl req -text -in $file -out $tmp
     }
     cleanup { file delete $tmp }
 
@@ -109,3 +109,6 @@ db transaction {
   ## Issue a shiny new certificate.
   issue-cert $id [now]
 }
+
+## Publish any necessary changes.
+update-hook