Small fixes

2026-06-07 07:42:08 -04:00 · 2020-01-30 16:58:14 +02:00 · 2020-01-30 16:58:14 +02:00 · a8a106c325
commit a8a106c325
parent 4138259c51
6 changed files with 17 additions and 9 deletions
--- a/certbot-apache/certbot_apache/_internal/apache_util.py
+++ b/certbot-apache/certbot_apache/_internal/apache_util.py
@ -3,8 +3,6 @@ import binascii
 import struct
 import time

-import six
-
 from certbot import crypto_util
 from certbot import util
 from certbot.compat import os
@ -25,6 +23,7 @@ def get_apache_ocsp_struct(ttl, ocsp_response):
    ttl_struct = struct.pack('l', int(ttl*1000000))
    return b'\x01'.join([ttl_struct, ocsp_response])

+
 def certid_sha1_hex(cert_path):
    """Hex representation of certificate SHA1 fingerprint

@ -35,9 +34,7 @@ def certid_sha1_hex(cert_path):

    """
    sha1_hex = binascii.hexlify(certid_sha1(cert_path))
-    if isinstance(sha1_hex, six.binary_type):
-        return sha1_hex.decode('utf-8')  # pragma: no cover
-    return sha1_hex  # pragma: no cover
+    return sha1_hex.decode('utf-8')


 def certid_sha1(cert_path):
@ -51,6 +48,7 @@ def certid_sha1(cert_path):
    """
    return crypto_util.cert_sha1_fingerprint(cert_path)

+
 def get_mod_deps(mod_name):
    """Get known module dependencies.

--- a/certbot-apache/certbot_apache/_internal/constants.py
+++ b/certbot-apache/certbot_apache/_internal/constants.py
@ -69,7 +69,7 @@ MANAGED_COMMENT_ID = MANAGED_COMMENT+", VirtualHost id: {0}"
 """Managed by Certbot comments and the VirtualHost identification template"""

 OCSP_APACHE_TTL = 432000
-"""Apache TTL for OCSP response: 5 days"""
+"""Apache TTL for OCSP response in seconds: 5 days"""

 OCSP_INTERNAL_TTL = 86400
-"""Internal TTL for OCSP response: 1 day"""
+"""Internal TTL for OCSP response in seconds: 1 day"""
--- a/certbot-apache/certbot_apache/_internal/prefetch_ocsp.py
+++ b/certbot-apache/certbot_apache/_internal/prefetch_ocsp.py
@ -143,7 +143,7 @@ class OCSPPrefetchMixin(object):
        :rtype: int
        """

-        if next_update:
+        if next_update is not None:
            now = time.time()
            res_ttl = int(time.mktime(next_update.timetuple()) - now)
            if res_ttl > 0:
--- a/certbot/certbot/_internal/ocsp.py
+++ b/certbot/certbot/_internal/ocsp.py
@ -77,6 +77,7 @@ class RevocationChecker(object):

        :param str cert_path: Certificate path
        :param str chain_path: Certificate chain filepath
+        :param str response_file: File path to a file containing a raw OCSP response.

        :returns: True if revoked; False if valid or the check failed or cert is expired.
        :rtype: bool
--- a/certbot/certbot/crypto_util.py
+++ b/certbot/certbot/crypto_util.py
@ -237,7 +237,15 @@ def load_cert(cert_path):


 def cert_sha1_fingerprint(cert_path):
-    """Get sha1 digest of the certificate fingerprint"""
+    """Read fingerprint of a certificate pointed by its file path
+    and returns sha1 digest of said fingerprint.
+
+    :param str cert_path: File path to the x509 certificate file
+
+    :returns: SHA-1 fingerprint of the certificate
+    :rtype: bytes
+    """
+
    cert = load_cert(cert_path)
    return cert.fingerprint(hashes.SHA1())

--- a/certbot/certbot/plugins/enhancements.py
+++ b/certbot/certbot/plugins/enhancements.py
@ -170,6 +170,7 @@ class OCSPPrefetchEnhancement(object):
    Methods:
        enable_ocsp_prefetch is called when the domain is configured to
        serve OCSP responses using mechanism called OCSP Stapling.
+
        update_ocsp_prefetch is called every time when Certbot is run using 'renew'
        verb. Certbot should proceed to make a request to the OCSP server in order
        to fetch an OCSP response and to store the recieved response, if valid.