mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-12-22 07:17:05 +00:00
when checking SSL certs are OK, check for wildcard certificates
fixes #175 (hopefully)
This commit is contained in:
parent
c7a2aad0f8
commit
03f9358de4
@ -360,7 +360,8 @@ def check_certificate(domain, ssl_certificate, ssl_private_key):
|
||||
|
||||
# First check that the certificate is for the right domain. The domain
|
||||
# must be found in the Subject Common Name (CN) or be one of the
|
||||
# Subject Alternative Names.
|
||||
# Subject Alternative Names. A wildcard might also appear as the CN
|
||||
# or in the SAN list, so check for that tool.
|
||||
cert_dump = shell('check_output', [
|
||||
"openssl", "x509",
|
||||
"-in", ssl_certificate,
|
||||
@ -389,7 +390,8 @@ def check_certificate(domain, ssl_certificate, ssl_private_key):
|
||||
if m:
|
||||
certificate_names.add(m.group(1))
|
||||
|
||||
if domain is not None and domain not in certificate_names:
|
||||
wildcard_domain = re.sub("^[^\.]+", "*", domain)
|
||||
if domain is not None and domain not in certificate_names and wildcard_domain not in certificate_names:
|
||||
return "This certificate is for the wrong domain names. It is for %s." % \
|
||||
", ".join(sorted(certificate_names))
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user