v.licheni.net
/
stack
/
cam.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
2397de7
)
always revoke the certificate, even if it is already expired
author
ale
<ale@incal.net>
Fri, 7 Feb 2014 18:56:50 +0000
(18:56 +0000)
committer
ale
<ale@incal.net>
Fri, 7 Feb 2014 18:56:50 +0000
(18:56 +0000)
cam/ca.py
patch
|
blob
|
history
cam/cert.py
patch
|
blob
|
history
diff --git
a/cam/ca.py
b/cam/ca.py
index
f8a202f
..
0bf7fcf
100644
(file)
--- a/
cam/ca.py
+++ b/
cam/ca.py
@@
-160,7
+160,10
@@
class CA(object):
expiry = cert.get_expiration_date()
if expiry and expiry > time.time():
expiry = cert.get_expiration_date()
if expiry and expiry > time.time():
- log.warn('certificate is still valid, revoking previous version')
+ log.warn('certificate is still valid')
+
+ if cert.exists():
+ log.warn('revoking previous version')
self.revoke(cert)
log.info('generating new certificate %s', cert.name)
self.revoke(cert)
log.info('generating new certificate %s', cert.name)
diff --git
a/cam/cert.py
b/cam/cert.py
index
9254fb0
..
9aab798
100644
(file)
--- a/
cam/cert.py
+++ b/
cam/cert.py
@@
-32,8
+32,11
@@
class Cert(object):
self.private_key_file = os.path.join(ca.basedir, 'private',
'%s.key' % name)
self.private_key_file = os.path.join(ca.basedir, 'private',
'%s.key' % name)
+ def exists(self):
+ return os.path.exists(self.public_key_file)
+
def get_fingerprint(self, digest='sha1'):
def get_fingerprint(self, digest='sha1'):
- if
os.path.exists(self.public_key_file
):
+ if
self.exists(
):
output = openssl_wrap.run('x509', '-in', self.public_key_file,
'-noout', '-fingerprint', '-%s' % digest)
m = re.search(r'=(.*)$', output)
output = openssl_wrap.run('x509', '-in', self.public_key_file,
'-noout', '-fingerprint', '-%s' % digest)
m = re.search(r'=(.*)$', output)
@@
-42,7
+45,7
@@
class Cert(object):
return None
def get_expiration_date(self):
return None
def get_expiration_date(self):
- if
os.path.exists(self.public_key_file
):
+ if
self.exists(
):
output = openssl_wrap.run('x509', '-in', self.public_key_file,
'-noout', '-dates')
m = re.search(r'notAfter=(.*)', output)
output = openssl_wrap.run('x509', '-in', self.public_key_file,
'-noout', '-dates')
m = re.search(r'notAfter=(.*)', output)