validate certificates using the cryptography python package as much as possible, shelling out to openssl just once instead of four times per certificate

* Use `cryptography` instead of parsing openssl's output. * When checking if we can reuse the primary domain certificate or a www-parent-domain certificate for a domain, avoid shelling out to openssl entirely.
2026-03-13 17:17:23 +01:00 · 2015-06-21 10:36:41 -04:00
parent 6a9eb4e367
commit dece359c90
4 changed files with 105 additions and 80 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,7 @@ DNS:
 Control panel:
 * Resetting a user's password now forces them to log in again everywhere.
 * Status checks were not working if an ssh server was not installed.
+* SSL certificate validation now uses the Python cryptography module in some places where openssl was used.

 System:
 * The munin system monitoring tool is now installed and accessible at /admin/munin.