diff options
author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-11-06 09:49:56 -0500 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-11-06 09:54:53 -0500 |
commit | 82aded9a3878b2aa34f66e4fd8955b883bf9bc10 (patch) | |
tree | 2bc02a42c7a943490bcd68768701cb8915fe7011 /src | |
parent | 0200b3e4ffc1cff798f85f07da0b27b47a5bfba7 (diff) | |
download | bcfg2-82aded9a3878b2aa34f66e4fd8955b883bf9bc10.tar.gz bcfg2-82aded9a3878b2aa34f66e4fd8955b883bf9bc10.tar.bz2 bcfg2-82aded9a3878b2aa34f66e4fd8955b883bf9bc10.zip |
added SSLCA option to append chain cert to cert (e.g., for Nginx)
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/Bcfg2/Server/Plugins/SSLCA.py | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/src/lib/Bcfg2/Server/Plugins/SSLCA.py b/src/lib/Bcfg2/Server/Plugins/SSLCA.py index 666f27e53..ab55425a6 100644 --- a/src/lib/Bcfg2/Server/Plugins/SSLCA.py +++ b/src/lib/Bcfg2/Server/Plugins/SSLCA.py @@ -43,32 +43,33 @@ class SSLCA(Bcfg2.Server.Plugin.GroupSpool): if event.filename.endswith('.xml'): if action in ['exists', 'created', 'changed']: if event.filename.endswith('key.xml'): - key_spec = dict(list(lxml.etree.parse( - epath, - parser=Bcfg2.Server.XMLParser - ).find('Key').items())) + key_spec = lxml.etree.parse(epath, + parser=Bcfg2.Server.XMLParser + ).find('Key') self.key_specs[ident] = { - 'bits': key_spec.get('bits', 2048), + 'bits': key_spec.get('bits', '2048'), 'type': key_spec.get('type', 'rsa') } self.Entries['Path'][ident] = self.get_key elif event.filename.endswith('cert.xml'): - cert_spec = dict(list(lxml.etree.parse( - epath, - parser=Bcfg2.Server.XMLParser - ).find('Cert').items())) + cert_spec = lxml.etree.parse(epath, + parser=Bcfg2.Server.XMLParser + ).find('Cert') ca = cert_spec.get('ca', 'default') self.cert_specs[ident] = { 'ca': ca, 'format': cert_spec.get('format', 'pem'), 'key': cert_spec.get('key'), - 'days': cert_spec.get('days', 365), + 'days': cert_spec.get('days', '365'), 'C': cert_spec.get('c'), 'L': cert_spec.get('l'), 'ST': cert_spec.get('st'), 'OU': cert_spec.get('ou'), 'O': cert_spec.get('o'), - 'emailAddress': cert_spec.get('emailaddress') + 'emailAddress': cert_spec.get('emailaddress'), + 'append_chain': + cert_spec.get('append_chain', + 'false').lower() == 'true', } cfp = ConfigParser.ConfigParser() cfp.read(self.core.cfile) @@ -246,6 +247,9 @@ class SSLCA(Bcfg2.Server.Plugin.GroupSpool): os.unlink(req) except OSError: self.logger.error("Failed to unlink temporary files") + if (self.cert_specs[entry.get('name')]['append_chain'] and + self.CAs[ca]['chaincert']): + cert += open(self.CAs[ca]['chaincert']).read() return cert def build_req_config(self, entry, metadata): |