Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
M
mailinabox
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Administrator
mailinabox
Commits
659b5c8a
Commit
659b5c8a
authored
Jul 09, 2014
by
Joshua Tauberer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
if the server certificate can be used for a non-primary domain, use it
parent
6c70b10c
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
22 additions
and
6 deletions
+22
-6
web_update.py
management/web_update.py
+22
-6
No files found.
management/web_update.py
View file @
659b5c8a
...
...
@@ -96,18 +96,29 @@ def get_domain_ssl_files(domain, env):
# Don't allow the user to override the key for PRIMARY_HOSTNAME because
# that's what's in the main file.
ssl_key
=
os
.
path
.
join
(
env
[
"STORAGE_ROOT"
],
'ssl/ssl_private_key.pem'
)
ssl_key_is_alt
=
False
alt_key
=
os
.
path
.
join
(
env
[
"STORAGE_ROOT"
],
'ssl/
%
s/private_key.pem'
%
safe_domain_name
(
domain
))
if
domain
!=
env
[
'PRIMARY_HOSTNAME'
]
and
os
.
path
.
exists
(
alt_key
):
ssl_key
=
alt_key
ssl_key_is_alt
=
True
# What SSL certificate will we use? This has to be differnet for each
# domain name. For PRIMARY_HOSTNAME, use the one we generated at set-up
# time.
# What SSL certificate will we use?
ssl_certificate_primary
=
os
.
path
.
join
(
env
[
"STORAGE_ROOT"
],
'ssl/ssl_certificate.pem'
)
if
domain
==
env
[
'PRIMARY_HOSTNAME'
]:
ssl_certificate
=
os
.
path
.
join
(
env
[
"STORAGE_ROOT"
],
'ssl/ssl_certificate.pem'
)
# For PRIMARY_HOSTNAME, use the one we generated at set-up time.
ssl_certificate
=
ssl_certificate_primary
else
:
# For other domains, we'll probably use a certificate in a different path.
ssl_certificate
=
os
.
path
.
join
(
env
[
"STORAGE_ROOT"
],
'ssl/
%
s/ssl_certificate.pem'
%
safe_domain_name
(
domain
))
# But we can be smart and reuse the main SSL certificate if is has
# a Subject Alternative Name matching this domain. Don't do this if
# the user has uploaded a different private key for this domain.
if
not
ssl_key_is_alt
:
from
whats_next
import
check_certificate
if
check_certificate
(
domain
,
ssl_certificate_primary
,
None
)
==
"OK"
:
ssl_certificate
=
ssl_certificate_primary
# Where would the CSR go? As with the SSL cert itself, the CSR must be
# different for each domain name.
if
domain
==
env
[
'PRIMARY_HOSTNAME'
]:
...
...
@@ -118,12 +129,17 @@ def get_domain_ssl_files(domain, env):
return
ssl_key
,
ssl_certificate
,
csr_path
def
ensure_ssl_certificate_exists
(
domain
,
ssl_key
,
ssl_certificate
,
csr_path
,
env
):
# For domains besides PRIMARY_HOSTNAME, generate a self-signed certificate if
one doesn't
# already exist. See setup/mail.sh for documentation.
# For domains besides PRIMARY_HOSTNAME, generate a self-signed certificate if
# a
certificate doesn't a
lready exist. See setup/mail.sh for documentation.
if
domain
==
env
[
'PRIMARY_HOSTNAME'
]:
return
# Sanity check. Shouldn't happen. A non-primary domain might use this
# certificate (see above), but then the certificate should exist anyway.
if
ssl_certificate
==
os
.
path
.
join
(
env
[
"STORAGE_ROOT"
],
'ssl/ssl_certificate.pem'
):
return
if
os
.
path
.
exists
(
ssl_certificate
):
return
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment