cycle TLS certificate every 60 days

This commit is contained in:
j 2019-01-16 16:45:56 +05:30
parent dc761279c5
commit 608c9ea696

View file

@ -142,13 +142,14 @@ def get_user_id(private_key, cert_path):
fd.write(dump_privatekey(FILETYPE_PEM, key))
os.chmod(private_key, 0o400)
user_id = get_service_id(private_key)
if not os.path.exists(cert_path):
if not os.path.exists(cert_path) or \
(datetime.now() - datetime.fromtimestamp(os.path.getmtime(cert_path))).days > 60:
ca = X509()
ca.set_version(2)
ca.set_serial_number(1)
ca.get_subject().CN = user_id
ca.gmtime_adj_notBefore(0)
ca.gmtime_adj_notAfter(24 * 60 * 60)
ca.gmtime_adj_notAfter(90 * 24 * 60 * 60)
ca.set_issuer(ca.get_subject())
ca.set_pubkey(key)
ca.add_extensions([
@ -198,7 +199,7 @@ def update_dict(root, data):
keys = [part.replace('\0', '.') for part in key.replace('\\.', '\0').split('.')]
value = data[key]
p = root
while len(keys)>1:
while len(keys) > 1:
key = keys.pop(0)
if isinstance(p, list):
p = p[get_position_by_id(p, key)]
@ -206,7 +207,7 @@ def update_dict(root, data):
if key not in p:
p[key] = {}
p = p[key]
if value == None and keys[0] in p:
if value is None and keys[0] in p:
del p[keys[0]]
else:
p[keys[0]] = value
@ -444,11 +445,11 @@ def send_debug():
opener.addheaders = list(zip(headers.keys(), headers.values()))
r = opener.open(url, result)
if r.status != 200:
logger.debug('failed to send debug information')
logger.debug('failed to send debug information (server error)')
else:
settings.server['last_debug'] = timestamp
except:
logger.debug('failed to send debug information')
logger.error('failed to send debug information (connection error)', exc_info=True)
def iexists(path):
parts = path.split(os.sep)