Merge branch 'master' of github.com:laurivosandi/certidude

2025-10-31 09:29:13 +00:00 · 2015-11-11 20:12:28 +01:00
parent 4eb0cceacc 34636a2abc
commit 3d36b2f92c
7 changed files with 42 additions and 19 deletions
--- a/certidude/api.py
+++ b/certidude/api.py
@@ -310,7 +310,7 @@ class RequestListResource(CertificateAuthorityBase):
        # TODO: check for revoked certificates and return HTTP 410 Gone

        # Process automatic signing if the IP address is whitelisted and autosigning was requested
-        if req.get_param("autosign") in ("yes", "1", "true"):
+        if req.get_param_as_bool("autosign"):
            for subnet in ca.autosign_subnets:
                if subnet.overlaps(remote_addr):
                    try:
--- a/certidude/templates/index.html
+++ b/certidude/templates/index.html
@@ -41,7 +41,7 @@ curl {{request.url}}/certificate/ > /etc/ipsec.d/cacerts/ca.pem
 openssl genrsa -out /etc/ipsec.d/private/$CN.pem 4096
 chmod 0600 /etc/ipsec.d/private/$CN.pem
 openssl req -new -sha256 -key /etc/ipsec.d/private/$CN.pem -out /etc/ipsec.d/reqs/$CN.pem -subj "{% if s.C %}/C={{s.C}}{% endif %}{% if s.ST %}/ST={{s.ST}}{% endif %}{% if s.L %}/L={{s.L}}{% endif %}{% if s.O %}/O={{s.O}}{% endif %}{% if s.OU %}/OU={{s.OU}}{% endif %}/CN=$CN"
-curl -L -H "Content-Type: application/pkcs10" --data-binary @/etc/ipsec.d/reqs/$CN.pem {{request.uri}}/request/?autosign=1\&wait=30 > /etc/ipsec.d/certs/$CN.pem.part
+curl -L -H "Content-Type: application/pkcs10" --data-binary @/etc/ipsec.d/reqs/$CN.pem {{request.uri}}/request/?autosign=yes\&wait=30 > /etc/ipsec.d/certs/$CN.pem.part
 if [ $? -eq 0 ]; then mv /etc/ipsec.d/certs/$CN.pem.part /etc/ipsec.d/certs/$CN.pem; fi
 openssl verify -CAfile /etc/ipsec.d/cacerts/ca.pem /etc/ipsec.d/certs/$CN.pem
 </pre>
--- a/certidude/wrappers.py
+++ b/certidude/wrappers.py
@@ -124,12 +124,7 @@ class CertificateAuthorityConfig(object):
        """
        Returns sorted list of CA-s defined in the configuration file.
        """
-        l = [s[3:] for s in self._config if s.startswith("CA_")]
-        # Sanity check for duplicates (although ConfigParser fails earlier)
-        if len(l) != len(set(l)):
-            raise ValueError
-        return sorted(l)
-
+        return sorted([s[3:] for s in self._config if s.startswith("CA_")])

    def pop_certificate_authority(self):
        def wrapper(func):