external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-11-22 02:17:26 +00:00
Code Issues Releases Wiki Activity

handle catastrophically bad certificates rather than raising an exception

Browse Source
This commit is contained in:
Joshua Tauberer 2014-10-07 14:58:21 +00:00
parent 7d1c0b3834
commit a56bb984d6
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
management/status_checks.py
View File

@ -413,11 +413,18 @@ def check_certificate(domain, ssl_certificate, ssl_private_key):
# must be found in the Subject Common Name (CN) or be one of the # must be found in the Subject Common Name (CN) or be one of the
# Subject Alternative Names. A wildcard might also appear as the CN # Subject Alternative Names. A wildcard might also appear as the CN
# or in the SAN list, so check for that tool. # or in the SAN list, so check for that tool.
cert_dump = shell('check_output', [ retcode, cert_dump = shell('check_output', [
"openssl", "x509", "openssl", "x509",
"-in", ssl_certificate, "-in", ssl_certificate,
"-noout", "-text", "-nameopt", "rfc2253", "-noout", "-text", "-nameopt", "rfc2253",
]) ], trap=True)
# If the certificate is catastrophically bad, catch that now and report it.
# More information was probably written to stderr (which we aren't capturing),
# but it is probably not helpful to the user anyway.
if retcode != 0:
return ("The SSL certificate file at %s appears to be corrupted or not a PEM-formatted SSL certificate file." % ssl_certificate, None)
cert_dump = cert_dump.split("\n") cert_dump = cert_dump.split("\n")
certificate_names = set() certificate_names = set()
cert_expiration_date = None cert_expiration_date = None