Commit 09eeaa8a authored by ale's avatar ale

always revoke the certificate, even if it is already expired

parent 2397de7d
......@@ -160,7 +160,10 @@ class CA(object):
expiry = cert.get_expiration_date()
if expiry and expiry > time.time():
log.warn('certificate is still valid, revoking previous version')
log.warn('certificate is still valid')
if cert.exists():
log.warn('revoking previous version')
self.revoke(cert)
log.info('generating new certificate %s', cert.name)
......
......@@ -32,8 +32,11 @@ class Cert(object):
self.private_key_file = os.path.join(ca.basedir, 'private',
'%s.key' % name)
def exists(self):
return os.path.exists(self.public_key_file)
def get_fingerprint(self, digest='sha1'):
if os.path.exists(self.public_key_file):
if self.exists():
output = openssl_wrap.run('x509', '-in', self.public_key_file,
'-noout', '-fingerprint', '-%s' % digest)
m = re.search(r'=(.*)$', output)
......@@ -42,7 +45,7 @@ class Cert(object):
return None
def get_expiration_date(self):
if os.path.exists(self.public_key_file):
if self.exists():
output = openssl_wrap.run('x509', '-in', self.public_key_file,
'-noout', '-dates')
m = re.search(r'notAfter=(.*)', output)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment