[CalendarServer-changes] [15226] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Sat Oct 24 09:02:50 PDT 2015
Revision: 15226
http://trac.calendarserver.org//changeset/15226
Author: cdaboo at apple.com
Date: 2015-10-24 09:02:50 -0700 (Sat, 24 Oct 2015)
Log Message:
-----------
Check that Keychain identity private keys are accessible when pre-flighting the SSL and APNS certs.
Modified Paths:
--------------
CalendarServer/trunk/calendarserver/tap/util.py
CalendarServer/trunk/requirements-twisted-osx.txt
Modified: CalendarServer/trunk/calendarserver/tap/util.py
===================================================================
--- CalendarServer/trunk/calendarserver/tap/util.py 2015-10-24 16:00:50 UTC (rev 15225)
+++ CalendarServer/trunk/calendarserver/tap/util.py 2015-10-24 16:02:50 UTC (rev 15226)
@@ -1305,6 +1305,16 @@
if config.SSLKeychainIdentity:
# Fall through to see if we can load the identity from the keychain
certificate_title = "Keychain: {}".format(config.SSLKeychainIdentity)
+
+ error = OpenSSL.crypto.check_keychain_identity(config.SSLKeychainIdentity)
+ if error:
+ message = (
+ "The configured TLS Keychain Identity ({cert}) cannot be used: {reason}".format(
+ cert=certificate_title,
+ reason=error
+ )
+ )
+ return False, message
else:
return True, "TLS disabled"
else:
@@ -1388,6 +1398,17 @@
# Fall through to see if we can load the identity from the keychain
certificate_title = "Keychain: {}".format(protoConfig.KeychainIdentity)
+
+ error = OpenSSL.crypto.check_keychain_identity(protoConfig.KeychainIdentity)
+ if error:
+ message = (
+ "The {proto} APNS Keychain Identity ({cert}) cannot be used: {reason}".format(
+ proto=protocol,
+ cert=certificate_title,
+ reason=error
+ )
+ )
+ return False, message
else:
message = (
"No {proto} APNS Keychain Identity was set".format(
Modified: CalendarServer/trunk/requirements-twisted-osx.txt
===================================================================
--- CalendarServer/trunk/requirements-twisted-osx.txt 2015-10-24 16:00:50 UTC (rev 15225)
+++ CalendarServer/trunk/requirements-twisted-osx.txt 2015-10-24 16:02:50 UTC (rev 15226)
@@ -6,9 +6,9 @@
#zope.interface
pycrypto==2.6.1
- --editable svn+http://svn.calendarserver.org/repository/calendarserver/OSXFrameworks/trunk@15218#egg=osxframeworks
+ --editable svn+http://svn.calendarserver.org/repository/calendarserver/OSXFrameworks/trunk@15224#egg=osxframeworks
cffi==1.3.0
pycparser==2.13
- --editable svn+http://svn.calendarserver.org/repository/calendarserver/PySecureTransport/trunk@15219#egg=pysecuretransport
+ --editable svn+http://svn.calendarserver.org/repository/calendarserver/PySecureTransport/trunk@15225#egg=pysecuretransport
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20151024/01f07ece/attachment-0001.html>
More information about the calendarserver-changes
mailing list