From 608c9ea69666698dfdf8770ff7eeb0ba10a256c3 Mon Sep 17 00:00:00 2001 From: j Date: Wed, 16 Jan 2019 16:45:56 +0530 Subject: [PATCH] cycle TLS certificate every 60 days --- oml/utils.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/oml/utils.py b/oml/utils.py index 7a2047f..e5b9337 100644 --- a/oml/utils.py +++ b/oml/utils.py @@ -142,13 +142,14 @@ def get_user_id(private_key, cert_path): fd.write(dump_privatekey(FILETYPE_PEM, key)) os.chmod(private_key, 0o400) user_id = get_service_id(private_key) - if not os.path.exists(cert_path): + if not os.path.exists(cert_path) or \ + (datetime.now() - datetime.fromtimestamp(os.path.getmtime(cert_path))).days > 60: ca = X509() ca.set_version(2) ca.set_serial_number(1) ca.get_subject().CN = user_id ca.gmtime_adj_notBefore(0) - ca.gmtime_adj_notAfter(24 * 60 * 60) + ca.gmtime_adj_notAfter(90 * 24 * 60 * 60) ca.set_issuer(ca.get_subject()) ca.set_pubkey(key) ca.add_extensions([ @@ -198,7 +199,7 @@ def update_dict(root, data): keys = [part.replace('\0', '.') for part in key.replace('\\.', '\0').split('.')] value = data[key] p = root - while len(keys)>1: + while len(keys) > 1: key = keys.pop(0) if isinstance(p, list): p = p[get_position_by_id(p, key)] @@ -206,7 +207,7 @@ def update_dict(root, data): if key not in p: p[key] = {} p = p[key] - if value == None and keys[0] in p: + if value is None and keys[0] in p: del p[keys[0]] else: p[keys[0]] = value @@ -444,11 +445,11 @@ def send_debug(): opener.addheaders = list(zip(headers.keys(), headers.values())) r = opener.open(url, result) if r.status != 200: - logger.debug('failed to send debug information') + logger.debug('failed to send debug information (server error)') else: settings.server['last_debug'] = timestamp except: - logger.debug('failed to send debug information') + logger.error('failed to send debug information (connection error)', exc_info=True) def iexists(path): parts = path.split(os.sep)