do not check certificate expiration if OpenSSL cannot be imported

2013-10-03 07:44:04 +02:00 · 2013-10-03 07:44:04 +02:00 · 5086fd6b27
parent c8328ee5fc
commit 5086fd6b27
1 changed files with 13 additions and 7 deletions
--- a/lib/interface.py
+++ b/lib/interface.py
@ -46,6 +46,18 @@ def check_cert(host, cert):
    print_msg(m)


+def cert_has_expired(cert_path):
+    try:
+        import OpenSSL
+    except:
+        print_error("Warning: cannot import OpenSSL")
+        return False
+    from OpenSSL import crypto as c
+    with open(cert_path) as f:
+        cert = f.read()
+    _cert = c.load_certificate(c.FILETYPE_PEM, cert)
+    return _cert.has_expired()
+

 def check_certificates():
    config = SimpleConfig()
@ -343,16 +355,11 @@ class Interface(threading.Thread):
                if is_new:
                    os.rename(temporary_path, cert_path + '.rej')
                else:
-                    from OpenSSL import crypto as c
-                    with open(cert_path) as f:
-                        cert = f.read()
-                    _cert = c.load_certificate(c.FILETYPE_PEM, cert)
-                    if _cert.has_expired():
+                    if cert_has_expired(cert_path):
                        print_error("certificate has expired:", cert_path)
                        os.unlink(cert_path)
                    else:
                        print_msg("wrong certificate", self.host)
-
                return
            except:
                print_error("wrap_socket failed", self.host)
@ -363,7 +370,6 @@ class Interface(threading.Thread):
                print_error("saving certificate for", self.host)
                os.rename(temporary_path, cert_path)

-
        s.settimeout(60)
        self.s = s
        self.is_connected = True