[CalendarServer-changes] [15555] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Tue Apr 26 06:52:54 PDT 2016
Revision: 15555
http://trac.calendarserver.org//changeset/15555
Author: cdaboo at apple.com
Date: 2016-04-26 06:52:54 -0700 (Tue, 26 Apr 2016)
Log Message:
-----------
Allow user interaction when checking keychain so that acls can be applied if needed.
Modified Paths:
--------------
CalendarServer/trunk/bin/keychain_init.py
CalendarServer/trunk/requirements-twisted-osx.txt
Modified: CalendarServer/trunk/bin/keychain_init.py
===================================================================
--- CalendarServer/trunk/bin/keychain_init.py 2016-04-26 13:51:49 UTC (rev 15554)
+++ CalendarServer/trunk/bin/keychain_init.py 2016-04-26 13:52:54 UTC (rev 15555)
@@ -19,6 +19,7 @@
import os
import re
import sys
+import OpenSSL
identity_preference = "org.calendarserver.test"
certname_regex = re.compile(r'"alis"<blob>="(.*)"')
@@ -107,11 +108,29 @@
print("Imported certificate '{}'".format(certificate_name))
return True
+
+
+def checkCertificate():
+
+ # Validate identity
+ error = OpenSSL.crypto.check_keychain_identity(identity_preference, allowInteraction=True)
+ if error:
+ raise RuntimeError(
+ "The configured TLS Keychain Identity ({cert}) cannot be used: {reason}".format(
+ cert=identity_preference,
+ reason=error
+ )
+ )
+ else:
+ print("Certificate/key can be used.")
+
+
if __name__ == '__main__':
if os.path.isfile("/usr/bin/security"):
# If the identity exists we are done
if identityExists():
+ checkCertificate()
sys.exit(0)
# Check for certificate and import if not present
@@ -121,5 +140,6 @@
# Create the identity
identityCreate()
+ checkCertificate()
else:
raise RuntimeError("Keychain access utility ('security') not found")
Modified: CalendarServer/trunk/requirements-twisted-osx.txt
===================================================================
--- CalendarServer/trunk/requirements-twisted-osx.txt 2016-04-26 13:51:49 UTC (rev 15554)
+++ CalendarServer/trunk/requirements-twisted-osx.txt 2016-04-26 13:52:54 UTC (rev 15555)
@@ -10,5 +10,5 @@
#cffi==1.3.0
# pycparser==2.14
- --editable svn+http://svn.calendarserver.org/repository/calendarserver/PySecureTransport/trunk@15423#egg=pysecuretransport
+ --editable svn+http://svn.calendarserver.org/repository/calendarserver/PySecureTransport/trunk@15554#egg=pysecuretransport
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20160426/58cd85a2/attachment.html>
More information about the calendarserver-changes
mailing list