external
/
mailinabox
mirror of https://github.com/mail-in-a-box/mailinabox.git
1
0
Fork 0
Code Issues Releases Wiki Activity

when checking SSL certs are OK, check for wildcard certificates 

fixes #175 (hopefully)
This commit is contained in:
Joshua Tauberer 2014-09-03 17:31:11 +00:00
parent c7a2aad0f8
commit 03f9358de4
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
management/status_checks.py
View File

@ -360,7 +360,8 @@ def check_certificate(domain, ssl_certificate, ssl_private_key):
# First check that the certificate is for the right domain. The domain # First check that the certificate is for the right domain. The domain
# must be found in the Subject Common Name (CN) or be one of the # must be found in the Subject Common Name (CN) or be one of the
# Subject Alternative Names. # Subject Alternative Names. A wildcard might also appear as the CN
# or in the SAN list, so check for that tool.
cert_dump = shell('check_output', [ cert_dump = shell('check_output', [
"openssl", "x509", "openssl", "x509",
"-in", ssl_certificate, "-in", ssl_certificate,
@ -389,7 +390,8 @@ def check_certificate(domain, ssl_certificate, ssl_private_key):
if m: if m:
certificate_names.add(m.group(1)) certificate_names.add(m.group(1))
if domain is not None and domain not in certificate_names: wildcard_domain = re.sub("^[^\.]+", "*", domain)
if domain is not None and domain not in certificate_names and wildcard_domain not in certificate_names:
return "This certificate is for the wrong domain names. It is for %s." % \ return "This certificate is for the wrong domain names. It is for %s." % \
", ".join(sorted(certificate_names)) ", ".join(sorted(certificate_names))