Rezzect/syncplay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

TLS cert rotation: check validity after cert update

Browse Source
This commit is contained in:
Alberto Sottile 2019-02-19 09:55:05 +01:00
parent 0b19d526a1
commit 8b8e45a4d6
2 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
syncplay/protocols.py
View File

@ -670,10 +670,14 @@ class SyncServerProtocol(JSONCommandProtocol):
inquiry = message["startTLS"] if "startTLS" in message else None inquiry = message["startTLS"] if "startTLS" in message else None
if "send" in inquiry: if "send" in inquiry:
if not self.isLogged() and self._factory.serverAcceptsTLS and self._factory.options is not None: if not self.isLogged() and self._factory.serverAcceptsTLS and self._factory.options is not None:
if self._factory.checkLastEditCertTime() > self._factory.lastEditCertTime: lastEditCertTime = self._factory.checkLastEditCertTime()
if lastEditCertTime is not None and lastEditCertTime != self._factory.lastEditCertTime:
self._factory.updateTLSContextFactory() self._factory.updateTLSContextFactory()
self.sendTLS({"startTLS": "true"}) if self._factory.options is not None:
self.transport.startTLS(self._factory.options) self.sendTLS({"startTLS": "true"})
self.transport.startTLS(self._factory.options)
else:
self.sendTLS({"startTLS": "false"})
else: else:
self.sendTLS({"startTLS": "false"}) self.sendTLS({"startTLS": "false"})

7
syncplay/server.py
View File

@ -243,7 +243,12 @@ class SyncFactory(Factory):
return contextFactory return contextFactory
def checkLastEditCertTime(self): def checkLastEditCertTime(self):
return os.path.getmtime(self.certPath+'/cert.pem') try:
outTime = os.path.getmtime(self.certPath+'/cert.pem')
except:
outTime = None
return outTime
def updateTLSContextFactory(self): def updateTLSContextFactory(self):
self.options = self._createTLSContextFactory(self.certPath) self.options = self._createTLSContextFactory(self.certPath)