oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Better logging of cert generation

Browse source
This commit is contained in:
shortcutme 2019-03-29 02:29:55 +01:00
parent bad4d14cf6
commit 4a4f311cf8
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
1 changed files with 9 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/Crypt/CryptConnection.py
View file

@ -106,13 +106,14 @@ class CryptConnectionManager:
self.cacert_pem self.cacert_pem
) )
cmd = "%s req -new -newkey rsa:2048 -days 3650 -nodes -x509 -config %s -subj %s -keyout %s -out %s -batch" % cmd_params cmd = "%s req -new -newkey rsa:2048 -days 3650 -nodes -x509 -config %s -subj %s -keyout %s -out %s -batch" % cmd_params
logging.debug("Generating RSA CAcert and CAkey PEM files...")
proc = subprocess.Popen( proc = subprocess.Popen(
cmd, shell=True, stderr=subprocess.STDOUT, cmd, shell=True, stderr=subprocess.STDOUT,
stdout=subprocess.PIPE, env=self.openssl_env stdout=subprocess.PIPE, env=self.openssl_env
) )
back = proc.stdout.read().strip() back = proc.stdout.read().strip().decode().replace("\r", "")
proc.wait() proc.wait()
logging.debug("Generating RSA CAcert and CAkey PEM files... %s: %s" % (cmd, back.decode())) logging.debug("%s\n%s" % (cmd, back))
if not (os.path.isfile(self.cacert_pem) and os.path.isfile(self.cakey_pem)): if not (os.path.isfile(self.cacert_pem) and os.path.isfile(self.cakey_pem)):
logging.error("RSA ECC SSL CAcert generation failed, CAcert or CAkey files not exist.") logging.error("RSA ECC SSL CAcert generation failed, CAcert or CAkey files not exist.")
@ -127,13 +128,14 @@ class CryptConnectionManager:
self.openssl_env["OPENSSL_CONF"], self.openssl_env["OPENSSL_CONF"],
) )
cmd = "%s req -new -newkey rsa:2048 -keyout %s -out %s -subj %s -sha256 -nodes -batch -config %s" % cmd_params cmd = "%s req -new -newkey rsa:2048 -keyout %s -out %s -subj %s -sha256 -nodes -batch -config %s" % cmd_params
logging.debug("Generating certificate key and signing request...")
proc = subprocess.Popen( proc = subprocess.Popen(
cmd, shell=True, stderr=subprocess.STDOUT, cmd, shell=True, stderr=subprocess.STDOUT,
stdout=subprocess.PIPE, env=self.openssl_env stdout=subprocess.PIPE, env=self.openssl_env
) )
back = proc.stdout.read().strip() back = proc.stdout.read().strip().decode().replace("\r", "")
proc.wait() proc.wait()
logging.debug("Generating certificate key and signing request...%s" % back.decode()) logging.debug("%s\n%s" % (cmd, back))
# Sign request and generate certificate # Sign request and generate certificate
cmd_params = helper.shellquote( cmd_params = helper.shellquote(
@ -145,13 +147,14 @@ class CryptConnectionManager:
self.openssl_env["OPENSSL_CONF"] self.openssl_env["OPENSSL_CONF"]
) )
cmd = "%s x509 -req -in %s -CA %s -CAkey %s -CAcreateserial -out %s -days 730 -sha256 -extensions x509_ext -extfile %s" % cmd_params cmd = "%s x509 -req -in %s -CA %s -CAkey %s -CAcreateserial -out %s -days 730 -sha256 -extensions x509_ext -extfile %s" % cmd_params
logging.debug("Generating RSA cert...")
proc = subprocess.Popen( proc = subprocess.Popen(
cmd, shell=True, stderr=subprocess.STDOUT, cmd, shell=True, stderr=subprocess.STDOUT,
stdout=subprocess.PIPE, env=self.openssl_env stdout=subprocess.PIPE, env=self.openssl_env
) )
back = proc.stdout.read().strip() back = proc.stdout.read().strip().decode().replace("\r", "")
proc.wait() proc.wait()
logging.debug("Generating RSA cert...%s" % back.decode()) logging.debug("%s\n%s" % (cmd, back))
if os.path.isfile(self.cert_pem) and os.path.isfile(self.key_pem): if os.path.isfile(self.cert_pem) and os.path.isfile(self.key_pem):
return True return True