diff --git a/certbot-apache/certbot_apache/_internal/apache_util.py b/certbot-apache/certbot_apache/_internal/apache_util.py index 4c1a9b250..f6cb00e3c 100644 --- a/certbot-apache/certbot_apache/_internal/apache_util.py +++ b/certbot-apache/certbot_apache/_internal/apache_util.py @@ -3,8 +3,6 @@ import binascii import struct import time -import six - from certbot import crypto_util from certbot import util from certbot.compat import os @@ -25,6 +23,7 @@ def get_apache_ocsp_struct(ttl, ocsp_response): ttl_struct = struct.pack('l', int(ttl*1000000)) return b'\x01'.join([ttl_struct, ocsp_response]) + def certid_sha1_hex(cert_path): """Hex representation of certificate SHA1 fingerprint @@ -35,9 +34,7 @@ def certid_sha1_hex(cert_path): """ sha1_hex = binascii.hexlify(certid_sha1(cert_path)) - if isinstance(sha1_hex, six.binary_type): - return sha1_hex.decode('utf-8') # pragma: no cover - return sha1_hex # pragma: no cover + return sha1_hex.decode('utf-8') def certid_sha1(cert_path): @@ -51,6 +48,7 @@ def certid_sha1(cert_path): """ return crypto_util.cert_sha1_fingerprint(cert_path) + def get_mod_deps(mod_name): """Get known module dependencies. diff --git a/certbot-apache/certbot_apache/_internal/constants.py b/certbot-apache/certbot_apache/_internal/constants.py index e75435b76..92becff32 100644 --- a/certbot-apache/certbot_apache/_internal/constants.py +++ b/certbot-apache/certbot_apache/_internal/constants.py @@ -69,7 +69,7 @@ MANAGED_COMMENT_ID = MANAGED_COMMENT+", VirtualHost id: {0}" """Managed by Certbot comments and the VirtualHost identification template""" OCSP_APACHE_TTL = 432000 -"""Apache TTL for OCSP response: 5 days""" +"""Apache TTL for OCSP response in seconds: 5 days""" OCSP_INTERNAL_TTL = 86400 -"""Internal TTL for OCSP response: 1 day""" +"""Internal TTL for OCSP response in seconds: 1 day""" diff --git a/certbot-apache/certbot_apache/_internal/prefetch_ocsp.py b/certbot-apache/certbot_apache/_internal/prefetch_ocsp.py index 00219f052..f25ffc2ca 100644 --- a/certbot-apache/certbot_apache/_internal/prefetch_ocsp.py +++ b/certbot-apache/certbot_apache/_internal/prefetch_ocsp.py @@ -143,7 +143,7 @@ class OCSPPrefetchMixin(object): :rtype: int """ - if next_update: + if next_update is not None: now = time.time() res_ttl = int(time.mktime(next_update.timetuple()) - now) if res_ttl > 0: diff --git a/certbot/certbot/_internal/ocsp.py b/certbot/certbot/_internal/ocsp.py index 10789776c..c70692f19 100644 --- a/certbot/certbot/_internal/ocsp.py +++ b/certbot/certbot/_internal/ocsp.py @@ -77,6 +77,7 @@ class RevocationChecker(object): :param str cert_path: Certificate path :param str chain_path: Certificate chain filepath + :param str response_file: File path to a file containing a raw OCSP response. :returns: True if revoked; False if valid or the check failed or cert is expired. :rtype: bool diff --git a/certbot/certbot/crypto_util.py b/certbot/certbot/crypto_util.py index e6c063eed..2618a50e7 100644 --- a/certbot/certbot/crypto_util.py +++ b/certbot/certbot/crypto_util.py @@ -237,7 +237,15 @@ def load_cert(cert_path): def cert_sha1_fingerprint(cert_path): - """Get sha1 digest of the certificate fingerprint""" + """Read fingerprint of a certificate pointed by its file path + and returns sha1 digest of said fingerprint. + + :param str cert_path: File path to the x509 certificate file + + :returns: SHA-1 fingerprint of the certificate + :rtype: bytes + """ + cert = load_cert(cert_path) return cert.fingerprint(hashes.SHA1()) diff --git a/certbot/certbot/plugins/enhancements.py b/certbot/certbot/plugins/enhancements.py index ccfc03cee..e9e98d16d 100644 --- a/certbot/certbot/plugins/enhancements.py +++ b/certbot/certbot/plugins/enhancements.py @@ -170,6 +170,7 @@ class OCSPPrefetchEnhancement(object): Methods: enable_ocsp_prefetch is called when the domain is configured to serve OCSP responses using mechanism called OCSP Stapling. + update_ocsp_prefetch is called every time when Certbot is run using 'renew' verb. Certbot should proceed to make a request to the OCSP server in order to fetch an OCSP response and to store the recieved response, if valid.