Skip to content

R
re6stnet
Commit 3687dd51 authored by Julien Muchembled's avatar Julien Muchembled
Browse files
Options

Do not fallback on old expired certificate when it can't be renewed

parent 4fe44ea3
Show whitespace changes
Inline Side-by-side
Showing with 30 additions and 27 deletions
re6st/x509.py
View file @ 3687dd51
...@@ -44,11 +44,11 @@ def fingerprint(cert, alg='sha1'): ...@@ -44,11 +44,11 @@ def fingerprint(cert, alg='sha1'):
def maybe_renew(path, cert, info, renew, force=False): def maybe_renew(path, cert, info, renew, force=False):
from .registry import RENEW_PERIOD from .registry import RENEW_PERIOD
retry_period = 86400
not_after = 0 if force else notAfter(cert)
while True: while True:
if force: while True:
force = False next_renew = not_after - RENEW_PERIOD
else:
next_renew = notAfter(cert) - RENEW_PERIOD
if time.time() < next_renew: if time.time() < next_renew:
return cert, next_renew return cert, next_renew
try: try:
...@@ -70,11 +70,14 @@ def maybe_renew(path, cert, info, renew, force=False): ...@@ -70,11 +70,14 @@ def maybe_renew(path, cert, info, renew, force=False):
except OSError: except OSError:
pass pass
os.rename(new_path, path) os.rename(new_path, path)
not_after = notAfter(cert)
logging.info("%s renewed until %s UTC", logging.info("%s renewed until %s UTC",
info, time.asctime(time.gmtime(notAfter(cert)))) info, time.asctime(time.gmtime(not_after)))
logging.error("%s not renewed. Will retry tomorrow.", logging.error("%s not renewed. Will retry tomorrow.",
info, exc_info=exc_info) info, exc_info=exc_info)
return cert, time.time() + 86400 if time.time() < not_after:
return cert, time.time() + retry_period
time.sleep(retry_period)
class VerifyError(Exception): class VerifyError(Exception):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7