Commit 09eeaa8a authored by ale's avatar ale

always revoke the certificate, even if it is already expired

parent 2397de7d
...@@ -160,7 +160,10 @@ class CA(object): ...@@ -160,7 +160,10 @@ class CA(object):
expiry = cert.get_expiration_date() expiry = cert.get_expiration_date()
if expiry and expiry > time.time(): if expiry and expiry > time.time():
log.warn('certificate is still valid, revoking previous version') log.warn('certificate is still valid')
if cert.exists():
log.warn('revoking previous version')
self.revoke(cert) self.revoke(cert)
log.info('generating new certificate %s', cert.name) log.info('generating new certificate %s', cert.name)
......
...@@ -32,8 +32,11 @@ class Cert(object): ...@@ -32,8 +32,11 @@ class Cert(object):
self.private_key_file = os.path.join(ca.basedir, 'private', self.private_key_file = os.path.join(ca.basedir, 'private',
'%s.key' % name) '%s.key' % name)
def exists(self):
return os.path.exists(self.public_key_file)
def get_fingerprint(self, digest='sha1'): def get_fingerprint(self, digest='sha1'):
if os.path.exists(self.public_key_file): if self.exists():
output = openssl_wrap.run('x509', '-in', self.public_key_file, output = openssl_wrap.run('x509', '-in', self.public_key_file,
'-noout', '-fingerprint', '-%s' % digest) '-noout', '-fingerprint', '-%s' % digest)
m = re.search(r'=(.*)$', output) m = re.search(r'=(.*)$', output)
...@@ -42,7 +45,7 @@ class Cert(object): ...@@ -42,7 +45,7 @@ class Cert(object):
return None return None
def get_expiration_date(self): def get_expiration_date(self):
if os.path.exists(self.public_key_file): if self.exists():
output = openssl_wrap.run('x509', '-in', self.public_key_file, output = openssl_wrap.run('x509', '-in', self.public_key_file,
'-noout', '-dates') '-noout', '-dates')
m = re.search(r'notAfter=(.*)', output) m = re.search(r'notAfter=(.*)', output)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment