YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #231 from YunoHost/timeout_requests_certinstall

Browse source 
[mod] start putting timeout in certificate code
This commit is contained in:
Laurent Peuch 2017-01-30 19:57:42 +01:00 committed by GitHub
commit 1943e7f245
2 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
locales/en.json
View file

@ -266,5 +266,7 @@
"domain_cannot_remove_main": "Cannot remove main domain. Set a new main domain first", "domain_cannot_remove_main": "Cannot remove main domain. Set a new main domain first",
"certmanager_self_ca_conf_file_not_found": "Configuration file not found for self-signing authority (file: {file:s})", "certmanager_self_ca_conf_file_not_found": "Configuration file not found for self-signing authority (file: {file:s})",
"certmanager_acme_not_configured_for_domain": "Certificate for domain {domain:s} does not appear to be correctly installed. Please run cert-install for this domain first.", "certmanager_acme_not_configured_for_domain": "Certificate for domain {domain:s} does not appear to be correctly installed. Please run cert-install for this domain first.",
"certmanager_http_check_timeout" : "Timed out when server tried to contact itself through HTTP using public IP address (domain {domain:s} with ip {ip:s}). You may be experiencing hairpinning or the firewall/router ahead of your server is misconfigured.",
"certmanager_couldnt_fetch_intermediate_cert" : "Timed out when trying to fetch intermediate certificate from Let's Encrypt. Certificate installation/renewal aborted - please try again later.",
"certmanager_unable_to_parse_self_CA_name": "Unable to parse name of self-signing authority (file: {file:s})" "certmanager_unable_to_parse_self_CA_name": "Unable to parse name of self-signing authority (file: {file:s})"
} }

12
src/yunohost/certificate.py
View file

@ -37,6 +37,8 @@ import glob
from OpenSSL import crypto from OpenSSL import crypto
from datetime import datetime from datetime import datetime
from requests.exceptions import Timeout
from yunohost.vendor.acme_tiny.acme_tiny import get_crt as sign_certificate from yunohost.vendor.acme_tiny.acme_tiny import get_crt as sign_certificate
from moulinette.core import MoulinetteError from moulinette.core import MoulinetteError
@ -567,7 +569,10 @@ def _fetch_and_enable_new_certificate(domain, staging=False):
raise MoulinetteError(errno.EINVAL, m18n.n( raise MoulinetteError(errno.EINVAL, m18n.n(
'certmanager_cert_signing_failed')) 'certmanager_cert_signing_failed'))
intermediate_certificate = requests.get(INTERMEDIATE_CERTIFICATE_URL).text try:
intermediate_certificate = requests.get(INTERMEDIATE_CERTIFICATE_URL, timeout=30).text
except Timeout as e:
raise MoulinetteError(errno.EINVAL, m18n.n('certmanager_couldnt_fetch_intermediate_cert'))
# Now save the key and signed certificate # Now save the key and signed certificate
logger.info("Saving the key and signed certificate...") logger.info("Saving the key and signed certificate...")
@ -837,7 +842,10 @@ def _dns_ip_match_public_ip(public_ip, domain):
def _domain_is_accessible_through_HTTP(ip, domain): def _domain_is_accessible_through_HTTP(ip, domain):
try: try:
requests.head("http://" + ip, headers={"Host": domain}) requests.head("http://" + ip, headers={"Host": domain}, timeout=10)
except Timeout as e:
logger.warning(m18n.n('certmanager_http_check_timeout', domain=domain, ip=ip))
return False
except Exception as e: except Exception as e:
logger.debug("Couldn't reach domain '%s' by requesting this ip '%s' because: %s" % (domain, ip, e)) logger.debug("Couldn't reach domain '%s' by requesting this ip '%s' because: %s" % (domain, ip, e))
return False return False