From: ale Date: Mon, 10 Dec 2012 20:14:37 +0000 (+0000) Subject: always regenerate the CA config file if necessary X-Git-Url: https://v.licheni.net/stack/cam.git/commitdiff_plain/790d363eee564bdc08fc519696d8deb70c70bc3f always regenerate the CA config file if necessary --- diff --git a/cam/ca.py b/cam/ca.py index 72ae773..a19835f 100644 --- a/cam/ca.py +++ b/cam/ca.py @@ -66,6 +66,10 @@ class CA(object): fcntl.lockf(self._lockfd, fcntl.LOCK_UN) self._lockfd.close() + def _update_config(self): + # Create the OpenSSL configuration file. + utils.render(self.files.conf, 'openssl_config', self.config) + def close(self): self._unlock() @@ -92,8 +96,7 @@ class CA(object): with open(self.files.crlnumber, 'w') as fd: fd.write('01\n') - # Create the OpenSSL configuration file. - utils.render(self.files.conf, 'openssl_config', self.config) + self._update_config() # Generate keys if they do not exist. if not os.path.exists(self.files.public_key): @@ -128,6 +131,9 @@ class CA(object): def gencrl(self): log.info('generating CRL') + + self._update_config() + # Write the CRL in PEM format to a temporary file. tmpf = self.files.crl + '.tmp' openssl_wrap.run_with_config( @@ -150,6 +156,8 @@ class CA(object): self.gencrl() def generate(self, cert): + self._update_config() + expiry = cert.get_expiration_date() if expiry and expiry > time.time(): log.warn('certificate is still valid, revoking previous version')