diff options
author | Alexander Sulfrian <asulfrian@zedat.fu-berlin.de> | 2022-02-14 16:43:09 +0100 |
---|---|---|
committer | Alexander Sulfrian <asulfrian@zedat.fu-berlin.de> | 2022-02-14 16:45:16 +0100 |
commit | 2132d4f7dea1e7355702ca096ff88628c4174bca (patch) | |
tree | df848b87dff340a08cd53d3ee81a10270f2aa8cf /src | |
parent | fd577d6005b037e886c17bf1bbc396090791315a (diff) | |
download | bcfg2-2132d4f7dea1e7355702ca096ff88628c4174bca.tar.gz bcfg2-2132d4f7dea1e7355702ca096ff88628c4174bca.tar.bz2 bcfg2-2132d4f7dea1e7355702ca096ff88628c4174bca.zip |
SSLCA: Allow to create self signed certificates
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/Bcfg2/Server/Plugins/Cfg/CfgSSLCACertCreator.py | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgSSLCACertCreator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgSSLCACertCreator.py index 09a09787e..698203a87 100644 --- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgSSLCACertCreator.py +++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgSSLCACertCreator.py @@ -130,15 +130,20 @@ class CfgSSLCACertCreator(XMLCfgCreator, CfgVerifier): """ generate a new cert """ self.logger.info("Cfg: Generating new SSL cert for %s" % self.name) cert = self.XMLMatch(metadata).find("Cert") - ca = self.get_ca(cert.get('ca', 'default')) - req = self.build_request(self._get_keyfile(cert, metadata), metadata) + keyfile = self._get_keyfile(cert, metadata) + req = self.build_request(keyfile, metadata) try: days = cert.get('days', '365') - cmd = ["openssl", "ca", "-config", ca['config'], "-in", req, - "-days", days, "-batch"] - passphrase = ca.get('passphrase') - if passphrase: - cmd.extend(["-passin", "pass:%s" % passphrase]) + if cert.get('self_sign', 'false') != 'true': + ca = self.get_ca(cert.get('ca', 'default')) + cmd = ["openssl", "ca", "-config", ca['config'], + "-in", req, "-days", days, "-batch"] + passphrase = ca.get('passphrase') + if passphrase: + cmd.extend(["-passin", "pass:%s" % passphrase]) + else: + cmd = ["openssl", "req", "-in", req, "-x509", + "-days", days, "-key", keyfile, "-batch"] result = self.cmd.run(cmd) if not result.success: raise CfgCreationError("Failed to generate cert: %s" % @@ -165,10 +170,11 @@ class CfgSSLCACertCreator(XMLCfgCreator, CfgVerifier): "verification" % (entry.get("name"), fname)) os.fdopen(fd, 'w').write(data) cert = self.XMLMatch(metadata).find("Cert") - ca = self.get_ca(cert.get('ca', 'default')) try: - if ca.get('chaincert'): - self.verify_cert_against_ca(fname, entry, metadata) + if cert.get('self_sign', 'false') != 'true': + ca = self.get_ca(cert.get('ca', 'default')) + if ca.get('chaincert'): + self.verify_cert_against_ca(fname, entry, metadata) self.verify_cert_against_key(fname, self._get_keyfile(cert, metadata)) finally: |