From 451ff117c9bece178a1f0356cfeca299465eb9b9 Mon Sep 17 00:00:00 2001
From: Pier Carlo Chiodi <pierky@pierky.com>
Date: Tue, 27 Sep 2016 18:26:14 +0200
Subject: [PATCH] better error handling

---
 hapos-upd | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/hapos-upd b/hapos-upd
index defd79a..7a16b92 100755
--- a/hapos-upd
+++ b/hapos-upd
@@ -156,6 +156,8 @@ Options:
 
       --noverify       : Do not verify OCSP response.
 
+ -S, --skip-update     : Do not notify haproxy of the new OCSP response.
+
  -h, --help            : this help."
 }
 
@@ -515,18 +517,28 @@ if [ $DEBUG -eq 0 ]; then
 
     if [ $SKIP_UPDATE -eq 0 ]; then
         if [ $ISNEW -eq 1 ]; then
+            # no .ocsp file found, maybe it's an initial run
+            Debug "Reloading haproxy."
+
             service haproxy reload
+
+            if [ $? -ne 0 ]; then
+                Error 5 "can't reload haproxy with 'service haproxy reload'"
+            fi
         else
-        # update haproxy via local UNIX socket
+            # update haproxy via local UNIX socket
+            Debug "Updating haproxy."
+
             echo "set ssl ocsp-response `base64 -w 0 $TMP/ocsp.der`" | $SOCAT_BIN stdio $HAPROXY_ADMIN_SOCKET &>>$TMP/log
+
+            if [ $? -ne 0 ]; then
+                Error 5 "can't update haproxy ssl ocsp-response using $HAPROXY_ADMIN_SOCKET socket"
+            fi
         fi
     else
         Debug "Not notifying haproxy because skip-update is set."
     fi
 
-    if [ $? -ne 0 ]; then
-        Error 5 "can't update haproxy ssl ocsp-response using $HAPROXY_ADMIN_SOCKET socket"
-    fi
 else
     Debug "Debug mode: haproxy update skipped."
 fi