summaryrefslogtreecommitdiffstats
path: root/src/lib/Bcfg2/Server/Plugins/SSLCA.py
diff options
context:
space:
mode:
authorChris St. Pierre <chris.a.st.pierre@gmail.com>2012-11-06 09:49:56 -0500
committerChris St. Pierre <chris.a.st.pierre@gmail.com>2012-11-06 09:54:53 -0500
commit82aded9a3878b2aa34f66e4fd8955b883bf9bc10 (patch)
tree2bc02a42c7a943490bcd68768701cb8915fe7011 /src/lib/Bcfg2/Server/Plugins/SSLCA.py
parent0200b3e4ffc1cff798f85f07da0b27b47a5bfba7 (diff)
downloadbcfg2-82aded9a3878b2aa34f66e4fd8955b883bf9bc10.tar.gz
bcfg2-82aded9a3878b2aa34f66e4fd8955b883bf9bc10.tar.bz2
bcfg2-82aded9a3878b2aa34f66e4fd8955b883bf9bc10.zip
added SSLCA option to append chain cert to cert (e.g., for Nginx)
Diffstat (limited to 'src/lib/Bcfg2/Server/Plugins/SSLCA.py')
-rw-r--r--src/lib/Bcfg2/Server/Plugins/SSLCA.py26
1 files changed, 15 insertions, 11 deletions
diff --git a/src/lib/Bcfg2/Server/Plugins/SSLCA.py b/src/lib/Bcfg2/Server/Plugins/SSLCA.py
index 666f27e53..ab55425a6 100644
--- a/src/lib/Bcfg2/Server/Plugins/SSLCA.py
+++ b/src/lib/Bcfg2/Server/Plugins/SSLCA.py
@@ -43,32 +43,33 @@ class SSLCA(Bcfg2.Server.Plugin.GroupSpool):
if event.filename.endswith('.xml'):
if action in ['exists', 'created', 'changed']:
if event.filename.endswith('key.xml'):
- key_spec = dict(list(lxml.etree.parse(
- epath,
- parser=Bcfg2.Server.XMLParser
- ).find('Key').items()))
+ key_spec = lxml.etree.parse(epath,
+ parser=Bcfg2.Server.XMLParser
+ ).find('Key')
self.key_specs[ident] = {
- 'bits': key_spec.get('bits', 2048),
+ 'bits': key_spec.get('bits', '2048'),
'type': key_spec.get('type', 'rsa')
}
self.Entries['Path'][ident] = self.get_key
elif event.filename.endswith('cert.xml'):
- cert_spec = dict(list(lxml.etree.parse(
- epath,
- parser=Bcfg2.Server.XMLParser
- ).find('Cert').items()))
+ cert_spec = lxml.etree.parse(epath,
+ parser=Bcfg2.Server.XMLParser
+ ).find('Cert')
ca = cert_spec.get('ca', 'default')
self.cert_specs[ident] = {
'ca': ca,
'format': cert_spec.get('format', 'pem'),
'key': cert_spec.get('key'),
- 'days': cert_spec.get('days', 365),
+ 'days': cert_spec.get('days', '365'),
'C': cert_spec.get('c'),
'L': cert_spec.get('l'),
'ST': cert_spec.get('st'),
'OU': cert_spec.get('ou'),
'O': cert_spec.get('o'),
- 'emailAddress': cert_spec.get('emailaddress')
+ 'emailAddress': cert_spec.get('emailaddress'),
+ 'append_chain':
+ cert_spec.get('append_chain',
+ 'false').lower() == 'true',
}
cfp = ConfigParser.ConfigParser()
cfp.read(self.core.cfile)
@@ -246,6 +247,9 @@ class SSLCA(Bcfg2.Server.Plugin.GroupSpool):
os.unlink(req)
except OSError:
self.logger.error("Failed to unlink temporary files")
+ if (self.cert_specs[entry.get('name')]['append_chain'] and
+ self.CAs[ca]['chaincert']):
+ cert += open(self.CAs[ca]['chaincert']).read()
return cert
def build_req_config(self, entry, metadata):
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-07-06 08:31:33 +0000