1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-11-22 02:17:26 +00:00

handle catastrophically bad certificates rather than raising an exception

This commit is contained in:
Joshua Tauberer 2014-10-07 14:58:21 +00:00
parent 7d1c0b3834
commit a56bb984d6

View File

@ -413,11 +413,18 @@ def check_certificate(domain, ssl_certificate, ssl_private_key):
# must be found in the Subject Common Name (CN) or be one of the
# Subject Alternative Names. A wildcard might also appear as the CN
# or in the SAN list, so check for that tool.
cert_dump = shell('check_output', [
retcode, cert_dump = shell('check_output', [
"openssl", "x509",
"-in", ssl_certificate,
"-noout", "-text", "-nameopt", "rfc2253",
])
], trap=True)
# If the certificate is catastrophically bad, catch that now and report it.
# More information was probably written to stderr (which we aren't capturing),
# but it is probably not helpful to the user anyway.
if retcode != 0:
return ("The SSL certificate file at %s appears to be corrupted or not a PEM-formatted SSL certificate file." % ssl_certificate, None)
cert_dump = cert_dump.split("\n")
certificate_names = set()
cert_expiration_date = None