cycle TLS certificate every 60 days

This commit is contained in:
j 2019-01-16 16:45:56 +05:30
parent dc761279c5
commit 608c9ea696

View file

@ -142,13 +142,14 @@ def get_user_id(private_key, cert_path):
fd.write(dump_privatekey(FILETYPE_PEM, key)) fd.write(dump_privatekey(FILETYPE_PEM, key))
os.chmod(private_key, 0o400) os.chmod(private_key, 0o400)
user_id = get_service_id(private_key) user_id = get_service_id(private_key)
if not os.path.exists(cert_path): if not os.path.exists(cert_path) or \
(datetime.now() - datetime.fromtimestamp(os.path.getmtime(cert_path))).days > 60:
ca = X509() ca = X509()
ca.set_version(2) ca.set_version(2)
ca.set_serial_number(1) ca.set_serial_number(1)
ca.get_subject().CN = user_id ca.get_subject().CN = user_id
ca.gmtime_adj_notBefore(0) ca.gmtime_adj_notBefore(0)
ca.gmtime_adj_notAfter(24 * 60 * 60) ca.gmtime_adj_notAfter(90 * 24 * 60 * 60)
ca.set_issuer(ca.get_subject()) ca.set_issuer(ca.get_subject())
ca.set_pubkey(key) ca.set_pubkey(key)
ca.add_extensions([ ca.add_extensions([
@ -206,7 +207,7 @@ def update_dict(root, data):
if key not in p: if key not in p:
p[key] = {} p[key] = {}
p = p[key] p = p[key]
if value == None and keys[0] in p: if value is None and keys[0] in p:
del p[keys[0]] del p[keys[0]]
else: else:
p[keys[0]] = value p[keys[0]] = value
@ -444,11 +445,11 @@ def send_debug():
opener.addheaders = list(zip(headers.keys(), headers.values())) opener.addheaders = list(zip(headers.keys(), headers.values()))
r = opener.open(url, result) r = opener.open(url, result)
if r.status != 200: if r.status != 200:
logger.debug('failed to send debug information') logger.debug('failed to send debug information (server error)')
else: else:
settings.server['last_debug'] = timestamp settings.server['last_debug'] = timestamp
except: except:
logger.debug('failed to send debug information') logger.error('failed to send debug information (connection error)', exc_info=True)
def iexists(path): def iexists(path):
parts = path.split(os.sep) parts = path.split(os.sep)