upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-06-09 00:32:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Made chain and cert files go into the appropriate directories

Browse source
This commit is contained in:
James Kasten 2012-08-16 17:23:28 -04:00
parent 6bf01a75d6
commit 322622f55e
2 changed files with 13 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
trustify/client/CONFIG.py
View file

@ -6,6 +6,10 @@ CONFIG_DIR = "/etc/trustify/"
WORK_DIR = "/var/lib/trustify/"
# Directory where configuration backups are stored
BACKUP_DIR = WORK_DIR + "backups/"
# Where all keys should be stored
KEY_DIR = SERVER_ROOT + "ssl/"
# Certificate storage
CERT_DIR = SERVER_ROOT + "certs/"
# Used by openssl to sign challenge certificate with trustify extension
CHOC_CERT_CONF = CONFIG_DIR + "choc_cert_extensions.cnf"
@ -23,5 +27,5 @@ NONCE_SIZE = 32
difficulty = 23
# Trustify cert and chain files
cert_file = "cert.pem"
chain_file = "chain.pem"
cert_file = CERT_DIR + "cert.pem"
chain_file = CERT_DIR + "chain.pem"

14
trustify/client/client.py
View file

@ -14,7 +14,7 @@ from trustify.protocol.chocolate_pb2 import chocolatemessage
from trustify.client import sni_challenge
from trustify.client import configurator
from trustify.client.CONFIG import difficulty, cert_file, chain_file
from trustify.client.CONFIG import SERVER_ROOT
from trustify.client.CONFIG import KEY_DIR, CERT_DIR
# it's weird to point to chocolate servers via raw IPv6 addresses, and such
# addresses can be %SCARY in some contexts, so out of paranoia let's disable
@ -198,17 +198,17 @@ def save_key_csr(key, csr):
# This should probably go in the installation script
# Make sure directories exist & make sure directories are set with the
# correct permissions if they do exist.
if not os.path.isdir(SERVER_ROOT + "certs"):
os.makedirs(SERVER_ROOT + "certs", 0755)
if not os.path.isdir(SERVER_ROOT + "ssl"):
os.makedirs(SERVER_ROOT + "ssl", 0700)
if not os.path.isdir(CERT_DIR):
os.makedirs(CERT_DIR, 0755)
if not os.path.isdir(KEY_DIR):
os.makedirs(KEY_DIR, 0700)
# Write key to new file and change permissions
key_f, key_fn = unique_file(SERVER_ROOT+"ssl/key-trustify.pem", 0600)
key_f, key_fn = unique_file(KEY_DIR + "key-trustify.pem", 0600)
key_f.write(key)
key_f.close()
# Write CSR to new file
csr_f, csr_fn = unique_file(SERVER_ROOT + "certs/csr-trustify.pem", 0644)
csr_f, csr_fn = unique_file(CERT_DIR + "csr-trustify.pem", 0644)
csr_f.write(csr)
csr_f.close()