Ignore:
Timestamp:
Dec 16, 2016, 1:05:55 AM (5 years ago)
Author:
andersk
Message:
export-scripts-certs: Delete unused certificates
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/server/fedora/config/etc/httpd/export-scripts-certs

    r2791 r2811  
    2525vhosts.sort(key=lambda (dn, vhost): vhost['scriptsVhostName'])
    2626
     27cert_filenames = set()
     28
    2729def conf(vhost):
    2830    name, = vhost['scriptsVhostName']
     
    3234
    3335    certs = ''.join('-----BEGIN CERTIFICATE-----\n' + '\n'.join(textwrap.wrap(cert, 64)) + '\n-----END CERTIFICATE-----\n' for cert in certs.split())
    34     cert_filename = os.path.join(CERTS_DIR, base64.urlsafe_b64encode(hashlib.sha256(certs).digest()).strip() + '.pem')
    35     if not os.path.exists(cert_filename):
    36         with open(cert_filename + '.new', 'w') as cert_file:
     36    cert_filename = base64.urlsafe_b64encode(hashlib.sha256(certs).digest()).strip() + '.pem'
     37    cert_filenames.add(cert_filename)
     38    cert_path = os.path.join(CERTS_DIR, cert_filename)
     39    if not os.path.exists(cert_path):
     40        with open(cert_path + '.new', 'w') as cert_file:
    3741            cert_file.write(certs)
    38         os.rename(cert_filename + '.new', cert_filename)
     42        os.rename(cert_path + '.new', cert_path)
    3943
    4044    for port in 443, 444:
     
    4751        if port == 444:
    4852            yield '\tInclude conf.d/vhosts-common-ssl-cert.conf\n'
    49         yield '\tSSLCertificateFile {}\n'.format(cert_filename)
     53        yield '\tSSLCertificateFile {}\n'.format(cert_path)
    5054        yield '\tSSLCertificateKeyFile {}\n'.format(os.path.join('/etc/pki/tls/private', key_filename))
    5155        yield '</VirtualHost>\n'
     
    5559    vhosts_file.write(''.join(l for dn, vhost in vhosts for l in conf(vhost)))
    5660os.rename(os.path.join(CERTS_DIR, 'vhosts.conf.new'), os.path.join(CERTS_DIR, 'vhosts.conf'))
     61
     62for filename in os.listdir(CERTS_DIR):
     63    if filename.endswith('.pem') and filename not in cert_filenames:
     64        os.remove(os.path.join(CERTS_DIR, filename))
Note: See TracChangeset for help on using the changeset viewer.