always regenerate the CA config file if necessary

790d363e · ale · 85e20677 · 790d363e
Commit 790d363e authored Dec 10, 2012 by ale
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 2 deletions

cam/ca.py cam/ca.py +10 -2

No files found.
--- a/cam/ca.py
+++ b/cam/ca.py
@@ -66,6 +66,10 @@ class CA(object):
        fcntl.lockf(self._lockfd, fcntl.LOCK_UN)
        self._lockfd.close()
+    def _update_config(self):
+        # Create the OpenSSL configuration file.
+        utils.render(self.files.conf, 'openssl_config', self.config)
    def close(self):
        self._unlock()
@@ -92,8 +96,7 @@ class CA(object):
            with open(self.files.crlnumber, 'w') as fd:
                fd.write('01\n')
-        # Create the OpenSSL configuration file.
+        self._update_config()
-        utils.render(self.files.conf, 'openssl_config', self.config)
        # Generate keys if they do not exist.
        if not os.path.exists(self.files.public_key):
@@ -128,6 +131,9 @@ class CA(object):
    def gencrl(self):
        log.info('generating CRL')
+        self._update_config()
        # Write the CRL in PEM format to a temporary file.
        tmpf = self.files.crl + '.tmp'
        openssl_wrap.run_with_config(
@@ -150,6 +156,8 @@ class CA(object):
        self.gencrl()
    def generate(self, cert):
+        self._update_config()
        expiry = cert.get_expiration_date()
        if expiry and expiry > time.time():
            log.warn('certificate is still valid, revoking previous version')