diff --git a/certidude/cli.py b/certidude/cli.py index 707e1d9..a072375 100755 --- a/certidude/cli.py +++ b/certidude/cli.py @@ -43,7 +43,7 @@ assert hasattr(crypto.X509Req(), "get_extensions"), "You're running too old vers # keyUsage, extendedKeyUsage - https://www.openssl.org/docs/apps/x509v3_config.html # strongSwan key paths - https://wiki.strongswan.org/projects/1/wiki/SimpleCA -config = CertificateAuthorityConfig("/etc/ssl/openssl.cnf") +config = CertificateAuthorityConfig() # Parse command-line argument defaults from environment HOSTNAME = socket.gethostname() diff --git a/certidude/wrappers.py b/certidude/wrappers.py index 53aa101..7763fe9 100644 --- a/certidude/wrappers.py +++ b/certidude/wrappers.py @@ -61,13 +61,19 @@ def subject2dn(subject): class CertificateAuthorityConfig(object): """ - Attempt to parse CA-s from openssl.cnf + Certificate Authority configuration + + :param path: Absolute path to configuration file. + Defaults to /etc/ssl/openssl.cnf """ - def __init__(self, *args): + def __init__(self, path='/etc/ssl/openssl.cnf', *args): + + #: Path to file where current configuration is loaded from. + self.path = path + self._config = RawConfigParser() - for arg in args: - self._config.readfp(itertools.chain(["[global]"], open(os.path.expanduser(arg)))) + self._config.readfp(itertools.chain(["[global]"], open(self.path))) def get(self, section, key, default=""): if self._config.has_option(section, key): diff --git a/certidude/wsgi.py b/certidude/wsgi.py index 895c15a..241f6cd 100644 --- a/certidude/wsgi.py +++ b/certidude/wsgi.py @@ -11,7 +11,7 @@ from certidude.api import CertificateAuthorityResource, \ # TODO: deduplicate routing code # TODO: set up /run/certidude/api paths and permissions -config = CertificateAuthorityConfig("/etc/ssl/openssl.cnf") +config = CertificateAuthorityConfig() assert os.getenv("PUSH_SUBSCRIBE"), "Please set PUSH_SUBSCRIBE to your web server's subscription URL" assert os.getenv("PUSH_PUBLISH"), "Please set PUSH_PUBLISH to your web server's publishing URL"