Changeset 2813


Ignore:
Timestamp:
Dec 16, 2016, 1:18:57 AM (5 years ago)
Author:
andersk
Message:
export-scripts-certs: Add sanity check for key file existence
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/server/fedora/config/etc/httpd/export-scripts-certs

    r2811 r2813  
    2626
    2727cert_filenames = set()
     28error = False
    2829
    2930def conf(vhost):
     
    4243        os.rename(cert_path + '.new', cert_path)
    4344
     45    key_path = os.path.join('/etc/pki/tls/private', key_filename)
     46    if not os.path.exists(key_path):
     47        sys.stderr.write("Error: key file {} does not exist for vhost {}\n".format(key_path, name))
     48        global error
     49        error = True
     50        return
     51
    4452    for port in 443, 444:
    4553        yield '<VirtualHost *:{}>\n'.format(port)
     
    5260            yield '\tInclude conf.d/vhosts-common-ssl-cert.conf\n'
    5361        yield '\tSSLCertificateFile {}\n'.format(cert_path)
    54         yield '\tSSLCertificateKeyFile {}\n'.format(os.path.join('/etc/pki/tls/private', key_filename))
     62        yield '\tSSLCertificateKeyFile {}\n'.format(key_path)
    5563        yield '</VirtualHost>\n'
    5664
     
    6371    if filename.endswith('.pem') and filename not in cert_filenames:
    6472        os.remove(os.path.join(CERTS_DIR, filename))
     73
     74sys.exit(1 if error else 0)
Note: See TracChangeset for help on using the changeset viewer.