Skip to content

Commit

Permalink
Update generate ssl certs so that we add certs to trusted store
Browse files Browse the repository at this point in the history
  • Loading branch information
@sonicaj
sonicaj committed Sep 5, 2024
1 parent 7674f9f commit f1820b2
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions src/middlewared/middlewared/etc_files/generate_ssl_certs.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
from middlewared.service import CallError, Service


def write_certificates(certs: list, cacerts: list) -> set:
def write_certificates(certs: list) -> set:
expected_files = set()
for cert in certs:
if cert['chain_list']:
Expand All @@ -31,9 +31,9 @@ def write_certificates(certs: list, cacerts: list) -> set:
# to forcibly remove all locally-added CAs.
trusted_cas_path = '/var/local/ca-certificates'
shutil.rmtree(trusted_cas_path, ignore_errors=True)
for ca in filter(lambda c: c['chain_list'] and c['add_to_trusted_store'], cacerts):
with open(os.path.join(trusted_cas_path, f'{ca["name"]}.crt'), 'w') as f:
f.write('\n'.join(ca['chain_list']))
for cert in filter(lambda c: c['chain_list'] and c['add_to_trusted_store'], certs):
with open(os.path.join(trusted_cas_path, f'{cert["name"]}.crt'), 'w') as f:
f.write('\n'.join(cert['chain_list']))

cp = subprocess.Popen('update-ca-certificates', stdout=subprocess.DEVNULL, stderr=subprocess.PIPE)
err = cp.communicate()[1]
Expand Down Expand Up @@ -73,7 +73,7 @@ def render(service: Service, middleware: Middleware) -> None:
certs = middleware.call_sync('certificate.query')
cas = middleware.call_sync('certificateauthority.query')

expected_files |= write_certificates(certs + cas, cas)
expected_files |= write_certificates(certs + cas)
expected_files |= write_crls(cas, middleware)

# We would like to remove certificates which have been deleted
Expand Down

0 comments on commit f1820b2

Please sign in to comment.