From 8b8e45a4d67aa01b56e03f164293c8e247e72db9 Mon Sep 17 00:00:00 2001 From: Alberto Sottile Date: Tue, 19 Feb 2019 09:55:05 +0100 Subject: [PATCH] TLS cert rotation: check validity after cert update --- syncplay/protocols.py | 10 +++++++--- syncplay/server.py | 7 ++++++- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/syncplay/protocols.py b/syncplay/protocols.py index f9112a7..cf14a96 100755 --- a/syncplay/protocols.py +++ b/syncplay/protocols.py @@ -670,10 +670,14 @@ class SyncServerProtocol(JSONCommandProtocol): inquiry = message["startTLS"] if "startTLS" in message else None if "send" in inquiry: if not self.isLogged() and self._factory.serverAcceptsTLS and self._factory.options is not None: - if self._factory.checkLastEditCertTime() > self._factory.lastEditCertTime: + lastEditCertTime = self._factory.checkLastEditCertTime() + if lastEditCertTime is not None and lastEditCertTime != self._factory.lastEditCertTime: self._factory.updateTLSContextFactory() - self.sendTLS({"startTLS": "true"}) - self.transport.startTLS(self._factory.options) + if self._factory.options is not None: + self.sendTLS({"startTLS": "true"}) + self.transport.startTLS(self._factory.options) + else: + self.sendTLS({"startTLS": "false"}) else: self.sendTLS({"startTLS": "false"}) diff --git a/syncplay/server.py b/syncplay/server.py index e7570da..833c3a6 100755 --- a/syncplay/server.py +++ b/syncplay/server.py @@ -243,7 +243,12 @@ class SyncFactory(Factory): return contextFactory def checkLastEditCertTime(self): - return os.path.getmtime(self.certPath+'/cert.pem') + try: + outTime = os.path.getmtime(self.certPath+'/cert.pem') + except: + outTime = None + + return outTime def updateTLSContextFactory(self): self.options = self._createTLSContextFactory(self.certPath)