Browse Source

[10.0][FIX] Make letsencrypt resilient for alternate name removal. (#757)

* [FIX] Make letsencrypt resilient for alternate name removal.

* [FIX] Do not crash when returning error in letsencrypt cmdline.

* [FIX] Restore ordering by name for alternate domains in letsencrypt.

Conflicts:
	letsencrypt/README.rst
pull/781/merge
Ronald Portier 8 years ago
committed by Dave Lasley
parent
commit
52d234f2ed
  1. 1
      letsencrypt/README.rst
  2. 25
      letsencrypt/models/letsencrypt.py

1
letsencrypt/README.rst

@ -139,6 +139,7 @@ Contributors
* Holger Brunn <hbrunn@therp.nl> * Holger Brunn <hbrunn@therp.nl>
* Antonio Espinosa <antonio.espinosa@tecnativa.com> * Antonio Espinosa <antonio.espinosa@tecnativa.com>
* Dave Lasley <dave@laslabs.com> * Dave Lasley <dave@laslabs.com>
* Ronald Portier <ronald@therp.nl>
ACME implementation ACME implementation
------------------- -------------------

25
letsencrypt/models/letsencrypt.py

@ -38,13 +38,10 @@ class Letsencrypt(models.AbstractModel):
_logger.log(loglevel, stderr) _logger.log(loglevel, stderr)
if stdout: if stdout:
_logger.log(loglevel, stdout) _logger.log(loglevel, stdout)
if process.returncode: if process.returncode:
raise exceptions.Warning( raise exceptions.Warning(
_('Error calling %s: %d') % (cmdline[0], process.returncode),
' '.join(cmdline),
_('Error calling %s: %d') % (cmdline[0], process.returncode)
) )
return process.returncode return process.returncode
@api.model @api.model
@ -96,19 +93,19 @@ class Letsencrypt(models.AbstractModel):
@api.model @api.model
def generate_csr(self, domain): def generate_csr(self, domain):
domains = [domain] domains = [domain]
i = 0
while self.env['ir.config_parameter'].get_param(
'letsencrypt.altname.%d' % i):
domains.append(
self.env['ir.config_parameter']
.get_param('letsencrypt.altname.%d' % i)
parameter_model = self.env['ir.config_parameter']
altnames = parameter_model.search(
[('key', 'like', 'letsencrypt.altname.')],
order='key'
) )
i += 1
for altname in altnames:
domains.append(altname.value)
_logger.info('generating csr for %s', domain) _logger.info('generating csr for %s', domain)
if len(domains) > 1: if len(domains) > 1:
_logger.info('with alternative subjects %s', ','.join(domains[1:])) _logger.info('with alternative subjects %s', ','.join(domains[1:]))
config = self.env['ir.config_parameter'].get_param(
'letsencrypt.openssl.cnf', '/etc/ssl/openssl.cnf')
config = parameter_model.get_param(
'letsencrypt.openssl.cnf', '/etc/ssl/openssl.cnf'
)
csr = os.path.join(get_data_dir(), '%s.csr' % domain) csr = os.path.join(get_data_dir(), '%s.csr' % domain)
with tempfile.NamedTemporaryFile() as cfg: with tempfile.NamedTemporaryFile() as cfg:
cfg.write(open(config).read()) cfg.write(open(config).read())
@ -119,7 +116,7 @@ class Letsencrypt(models.AbstractModel):
cfg.file.flush() cfg.file.flush()
cmdline = [ cmdline = [
'openssl', 'req', '-new', 'openssl', 'req', '-new',
self.env['ir.config_parameter'].get_param(
parameter_model.get_param(
'letsencrypt.openssl.digest', '-sha256'), 'letsencrypt.openssl.digest', '-sha256'),
'-key', self.generate_domain_key(domain), '-key', self.generate_domain_key(domain),
'-subj', '/CN=%s' % domain, '-config', cfg.name, '-subj', '/CN=%s' % domain, '-config', cfg.name,

Loading…
Cancel
Save