[CalendarServer-changes] [3201] CalendarServer/trunk/twistedcaldav
source_changes at macosforge.org
source_changes at macosforge.org
Tue Oct 21 12:59:58 PDT 2008
Revision: 3201
http://trac.macosforge.org/projects/calendarserver/changeset/3201
Author: sagen at apple.com
Date: 2008-10-21 12:59:58 -0700 (Tue, 21 Oct 2008)
Log Message:
-----------
Use certadmin (if it's installed) to retrieve ssl passphrase for server cert
Modified Paths:
--------------
CalendarServer/trunk/twistedcaldav/config.py
CalendarServer/trunk/twistedcaldav/tap.py
Modified: CalendarServer/trunk/twistedcaldav/config.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/config.py 2008-10-21 18:52:35 UTC (rev 3200)
+++ CalendarServer/trunk/twistedcaldav/config.py 2008-10-21 19:59:58 UTC (rev 3201)
@@ -152,6 +152,7 @@
"SSLPrivateKey" : "", # Private key
"SSLAuthorityChain" : "", # Certificate Authority Chain
"SSLPassPhraseDialog": "/etc/apache2/getsslpassphrase",
+ "SSLCertAdmin" : "/usr/sbin/certadmin",
#
# Process management
Modified: CalendarServer/trunk/twistedcaldav/tap.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/tap.py 2008-10-21 18:52:35 UTC (rev 3200)
+++ CalendarServer/trunk/twistedcaldav/tap.py 2008-10-21 19:59:58 UTC (rev 3201)
@@ -16,6 +16,7 @@
import os
import stat
+import commands
from zope.interface import implements
@@ -365,32 +366,43 @@
from twisted.internet.ssl import DefaultOpenSSLContextFactory
def _getSSLPassphrase(*args):
- sslPrivKey = open(config.SSLPrivateKey)
- type = None
- for line in sslPrivKey.readlines():
- if "-----BEGIN RSA PRIVATE KEY-----" in line:
- type = "RSA"
- break
- elif "-----BEGIN DSA PRIVATE KEY-----" in line:
- type = "DSA"
- break
+ if os.path.exists(config.SSLCertAdmin):
+ cmd = "sudo %s --get-private-key-passphrase %s" % (config.SSLCertAdmin,
+ config.SSLPrivateKey)
+ status, output = commands.getstatusoutput(cmd)
+ if status != 0:
+ log.err("Could not get passphrase for %s. %s" %
+ (config.SSLPrivateKey, output))
+ return False
+ return output
- sslPrivKey.close()
+ else:
+ sslPrivKey = open(config.SSLPrivateKey)
- if type is None:
- log.err("Could not get private key type for %s" % (config.SSLPrivateKey,))
- return False
+ type = None
+ for line in sslPrivKey.readlines():
+ if "-----BEGIN RSA PRIVATE KEY-----" in line:
+ type = "RSA"
+ break
+ elif "-----BEGIN DSA PRIVATE KEY-----" in line:
+ type = "DSA"
+ break
- import commands
- return commands.getoutput("%s %s:%s %s" % (
- config.SSLPassPhraseDialog,
- config.ServerHostName,
- config.SSLPort,
- type
- ))
+ sslPrivKey.close()
+ if type is None:
+ log.err("Could not get private key type for %s" % (config.SSLPrivateKey,))
+ return False
+ return commands.getoutput("%s %s:%s %s" % (
+ config.SSLPassPhraseDialog,
+ config.ServerHostName,
+ config.SSLPort,
+ type
+ ))
+
+
class ChainingOpenSSLContextFactory(DefaultOpenSSLContextFactory):
def __init__(
self, privateKeyFileName, certificateFileName,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20081021/f2cd516a/attachment-0001.html
More information about the calendarserver-changes
mailing list