external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2025-11-25 23:10:54 +00:00
Code Issues Releases Wiki Activity

Fixes to MTA STS logic as reported by Xombran in #2426

Browse Source
This commit is contained in:
KiekerJan 2025-10-29 20:35:01 +01:00
parent 2d0ca67e85
commit 611d9491af
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
management/dns_update.py
View File

@ -10,7 +10,7 @@ import rtyaml
import dns.resolver import dns.resolver
from utils import shell, load_env_vars_from_file, safe_domain_name, sort_domains, get_ssh_port from utils import shell, load_env_vars_from_file, safe_domain_name, sort_domains, get_ssh_port
from ssl_certificates import get_ssl_certificates, check_certificate from ssl_certificates import get_ssl_certificates, check_certificate, get_domain_ssl_files
# From https://stackoverflow.com/questions/3026957/how-to-validate-a-domain-name-using-regex-php/16491074#16491074 # From https://stackoverflow.com/questions/3026957/how-to-validate-a-domain-name-using-regex-php/16491074#16491074
# This regular expression matches domain names according to RFCs, it also accepts fqdn with an leading dot, # This regular expression matches domain names according to RFCs, it also accepts fqdn with an leading dot,
@ -376,7 +376,14 @@ def build_zone(domain, domain_properties, additional_records, env, is_zone=True)
return records return records
def is_domain_cert_signed_and_valid(domain, env): def is_domain_cert_signed_and_valid(domain, env):
cert = get_ssl_certificates(env).get(domain) # Get all certificates known to the system.
all_certs = get_ssl_certificates(env)
# Use the SMART, wildcard-aware function to find the correct certificate for this domain.
# We set allow_missing_cert=True so it returns None instead of the default cert if no
# match is found.
cert = get_domain_ssl_files(domain, all_certs, env, allow_missing_cert=True, use_main_cert=False)
if not cert: return False # no certificate provisioned if not cert: return False # no certificate provisioned
cert_status = check_certificate(domain, cert['certificate'], cert['private-key']) cert_status = check_certificate(domain, cert['certificate'], cert['private-key'])
return cert_status[0] == 'OK' return cert_status[0] == 'OK'