TLS cert rotation: check validity after cert update

2019-02-19 09:55:05 +01:00 · 2019-02-19 09:55:05 +01:00 · 8b8e45a4d6
commit 8b8e45a4d6
parent 0b19d526a1
2 changed files with 13 additions and 4 deletions
--- a/syncplay/protocols.py
+++ b/syncplay/protocols.py
@ -670,10 +670,14 @@ class SyncServerProtocol(JSONCommandProtocol):
        inquiry = message["startTLS"] if "startTLS" in message else None
        if "send" in inquiry:
            if not self.isLogged() and self._factory.serverAcceptsTLS and self._factory.options is not None:
-                if self._factory.checkLastEditCertTime() > self._factory.lastEditCertTime:
+                lastEditCertTime = self._factory.checkLastEditCertTime()
+                if lastEditCertTime is not None and lastEditCertTime != self._factory.lastEditCertTime:
                    self._factory.updateTLSContextFactory()
-                self.sendTLS({"startTLS": "true"})
-                self.transport.startTLS(self._factory.options)
+                if self._factory.options is not None:
+                    self.sendTLS({"startTLS": "true"})
+                    self.transport.startTLS(self._factory.options)
+                else:
+                    self.sendTLS({"startTLS": "false"})
            else:
                self.sendTLS({"startTLS": "false"})

--- a/syncplay/server.py
+++ b/syncplay/server.py
@ -243,7 +243,12 @@ class SyncFactory(Factory):
        return contextFactory

    def checkLastEditCertTime(self):
-        return os.path.getmtime(self.certPath+'/cert.pem')
+        try:
+            outTime = os.path.getmtime(self.certPath+'/cert.pem')
+        except:
+            outTime = None
+
+        return outTime

    def updateTLSContextFactory(self):
        self.options = self._createTLSContextFactory(self.certPath)