do not check certificate expiration if OpenSSL cannot be imported
This commit is contained in:
parent
c8328ee5fc
commit
5086fd6b27
|
@ -46,6 +46,18 @@ def check_cert(host, cert):
|
|||
print_msg(m)
|
||||
|
||||
|
||||
def cert_has_expired(cert_path):
|
||||
try:
|
||||
import OpenSSL
|
||||
except:
|
||||
print_error("Warning: cannot import OpenSSL")
|
||||
return False
|
||||
from OpenSSL import crypto as c
|
||||
with open(cert_path) as f:
|
||||
cert = f.read()
|
||||
_cert = c.load_certificate(c.FILETYPE_PEM, cert)
|
||||
return _cert.has_expired()
|
||||
|
||||
|
||||
def check_certificates():
|
||||
config = SimpleConfig()
|
||||
|
@ -343,16 +355,11 @@ class Interface(threading.Thread):
|
|||
if is_new:
|
||||
os.rename(temporary_path, cert_path + '.rej')
|
||||
else:
|
||||
from OpenSSL import crypto as c
|
||||
with open(cert_path) as f:
|
||||
cert = f.read()
|
||||
_cert = c.load_certificate(c.FILETYPE_PEM, cert)
|
||||
if _cert.has_expired():
|
||||
if cert_has_expired(cert_path):
|
||||
print_error("certificate has expired:", cert_path)
|
||||
os.unlink(cert_path)
|
||||
else:
|
||||
print_msg("wrong certificate", self.host)
|
||||
|
||||
return
|
||||
except:
|
||||
print_error("wrap_socket failed", self.host)
|
||||
|
@ -363,7 +370,6 @@ class Interface(threading.Thread):
|
|||
print_error("saving certificate for", self.host)
|
||||
os.rename(temporary_path, cert_path)
|
||||
|
||||
|
||||
s.settimeout(60)
|
||||
self.s = s
|
||||
self.is_connected = True
|
||||
|
|
Loading…
Reference in New Issue