v.licheni.net
/
stack
/
cam.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
85e2067
)
always regenerate the CA config file if necessary
author
ale
<ale@incal.net>
Mon, 10 Dec 2012 20:14:37 +0000
(20:14 +0000)
committer
ale
<ale@incal.net>
Mon, 10 Dec 2012 20:14:37 +0000
(20:14 +0000)
cam/ca.py
patch
|
blob
|
history
diff --git
a/cam/ca.py
b/cam/ca.py
index
72ae773
..
a19835f
100644
(file)
--- a/
cam/ca.py
+++ b/
cam/ca.py
@@
-66,6
+66,10
@@
class CA(object):
fcntl.lockf(self._lockfd, fcntl.LOCK_UN)
self._lockfd.close()
fcntl.lockf(self._lockfd, fcntl.LOCK_UN)
self._lockfd.close()
+ def _update_config(self):
+ # Create the OpenSSL configuration file.
+ utils.render(self.files.conf, 'openssl_config', self.config)
+
def close(self):
self._unlock()
def close(self):
self._unlock()
@@
-92,8
+96,7
@@
class CA(object):
with open(self.files.crlnumber, 'w') as fd:
fd.write('01\n')
with open(self.files.crlnumber, 'w') as fd:
fd.write('01\n')
- # Create the OpenSSL configuration file.
- utils.render(self.files.conf, 'openssl_config', self.config)
+ self._update_config()
# Generate keys if they do not exist.
if not os.path.exists(self.files.public_key):
# Generate keys if they do not exist.
if not os.path.exists(self.files.public_key):
@@
-128,6
+131,9
@@
class CA(object):
def gencrl(self):
log.info('generating CRL')
def gencrl(self):
log.info('generating CRL')
+
+ self._update_config()
+
# Write the CRL in PEM format to a temporary file.
tmpf = self.files.crl + '.tmp'
openssl_wrap.run_with_config(
# Write the CRL in PEM format to a temporary file.
tmpf = self.files.crl + '.tmp'
openssl_wrap.run_with_config(
@@
-150,6
+156,8
@@
class CA(object):
self.gencrl()
def generate(self, cert):
self.gencrl()
def generate(self, cert):
+ self._update_config()
+
expiry = cert.get_expiration_date()
if expiry and expiry > time.time():
log.warn('certificate is still valid, revoking previous version')
expiry = cert.get_expiration_date()
if expiry and expiry > time.time():
log.warn('certificate is still valid, revoking previous version')