external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2026-03-12 17:07:23 +01:00
Code Issues Releases Wiki Activity

choose the best SSL cert from among the installed certificates; use the server certificate instead of self-signed certificates

Browse Source 
For HTTPS for the non-primary domains, instead of selecting an SSL certificate by expecting it to be in a directory named after the domain name (with special-case lookups
for www domains, and reusing the server certificate where possible), now scan all of the certificates that have been installed and just pick the best to use for each domain.

If no certificate is available, don't create a self-signed certificate anymore. This wasn't ever really necessary. Instead just use the server certificate.
This commit is contained in:
Joshua Tauberer
2015-09-18 13:03:07 +00:00
parent 58349a9410
commit 787beab63f
4 changed files with 224 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
management/daemon.py
View File

@@ -318,9 +318,9 @@ def dns_get_dump():
@app.route('/ssl/csr/<domain>', methods=['POST'])
@authorized_personnel_only
def ssl_get_csr(domain):
from web_update import get_domain_ssl_files, create_csr
ssl_key, ssl_certificate, ssl_via = get_domain_ssl_files(domain, env)
return create_csr(domain, ssl_key, env)
from web_update import create_csr
ssl_private_key = os.path.join(os.path.join(env["STORAGE_ROOT"], 'ssl', 'ssl_private_key.pem'))
return create_csr(domain, ssl_private_key, env)
@app.route('/ssl/install', methods=['POST'])
@authorized_personnel_only