external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-10-31 19:00:54 +00:00
Code Issues Releases Wiki Activity

check if primary cert is a signed certificate

Browse Source
This commit is contained in:
A. Schippers 2020-03-03 22:54:53 +01:00
parent 2bb67a6b05
commit 0b197cccbd
1 changed files with 20 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
management/dns_update.py
View File

@ -11,6 +11,7 @@ import dns.resolver
from mailconfig import get_mail_domains, get_mail_aliases
from utils import shell, load_env_vars_from_file, safe_domain_name, sort_domains
from ssl_certificates import get_ssl_certificates, check_certificate
# From https://stackoverflow.com/questions/3026957/how-to-validate-a-domain-name-using-regex-php/16491074#16491074
# This regular expression matches domain names according to RFCs, it also accepts fqdn with an leading dot,
@ -306,7 +307,9 @@ def build_zone(domain, all_domains, additional_records, www_redirect_domains, en
# Adds autoconfiguration A records for all domains.
# mta-sts.* - required A record for mta-sts (serving the policy)
primary_cert = get_ssl_certificates(env)[env['PRIMARY_HOSTNAME']]
response = check_certificate(env['PRIMARY_HOSTNAME'], primary_cert['certificate'],primary_cert['private-key'])
if response[0] == 'OK':
mta_sts_records = [
("mta-sts", "A", env["PUBLIC_IP"], "Provides MTA-STS support"),
("mta-sts", "AAAA", env.get('PUBLIC_IPV6'), "Provides MTA-STS support"),