YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

certificate: Improve trick to identify certs as self-signed

Browse source
This commit is contained in:
Alexandre Aubin 2022-12-09 01:32:37 +01:00
parent d2417c33de
commit c38aba740c
1 changed files with 3 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
src/certificate.py
View file

@ -654,21 +654,9 @@ def _get_status(domain):
)
days_remaining = (valid_up_to - datetime.utcnow()).days
self_signed_issuers = ["yunohost.org"] + yunohost.domain.domain_list()["domains"]
# FIXME: is the .ca.cnf one actually used anywhere ? x_x
conf = os.path.join(SSL_DIR, "openssl.ca.cnf")
if os.path.exists(conf):
self_signed_issuers.append(
check_output(f"grep commonName_default {conf}").split()[-1]
)
conf = os.path.join(SSL_DIR, "openssl.cnf")
if os.path.exists(conf):
self_signed_issuers.append(
check_output(f"grep commonName_default {conf}").split()[-1]
)
if cert_issuer in self_signed_issuers:
# Identify that a domain's cert is self-signed if the cert dir
# is actually a symlink to a dir ending with -selfsigned
if os.path.realpath(os.path.join(CERT_FOLDER, domain)).endswith("-selfsigned"):
CA_type = "selfsigned"
elif organization_name == "Let's Encrypt":
CA_type = "letsencrypt"