mirror of
https://github.com/moepman/acertmgr.git
synced 2025-01-04 00:15:23 +01:00
standalone: do not attempt webdir challenge verification
webdir challenge verfication will always fail with standalone due to the server not being started immediately at the point of challenge creation.
This commit is contained in:
parent
1e5b1defa7
commit
710c42c805
@ -63,6 +63,7 @@ HTTPServer.allow_reuse_address = True
|
|||||||
class ChallengeHandler(WebChallengeHandler):
|
class ChallengeHandler(WebChallengeHandler):
|
||||||
def __init__(self, config):
|
def __init__(self, config):
|
||||||
WebChallengeHandler.__init__(self, config)
|
WebChallengeHandler.__init__(self, config)
|
||||||
|
self._verify_challenge = False
|
||||||
self.current_directory = os.getcwd()
|
self.current_directory = os.getcwd()
|
||||||
if "port" in config:
|
if "port" in config:
|
||||||
port = int(config["port"])
|
port = int(config["port"])
|
||||||
|
@ -14,6 +14,7 @@ from acertmgr.modes.abstract import AbstractChallengeHandler
|
|||||||
class ChallengeHandler(AbstractChallengeHandler):
|
class ChallengeHandler(AbstractChallengeHandler):
|
||||||
def __init__(self, config):
|
def __init__(self, config):
|
||||||
AbstractChallengeHandler.__init__(self, config)
|
AbstractChallengeHandler.__init__(self, config)
|
||||||
|
self._verify_challenge = True
|
||||||
self.challenge_directory = config.get("webdir", "/var/www/acme-challenge/")
|
self.challenge_directory = config.get("webdir", "/var/www/acme-challenge/")
|
||||||
if not os.path.isdir(self.challenge_directory):
|
if not os.path.isdir(self.challenge_directory):
|
||||||
raise FileNotFoundError("Challenge directory (%s) does not exist!" % self.challenge_directory)
|
raise FileNotFoundError("Challenge directory (%s) does not exist!" % self.challenge_directory)
|
||||||
@ -30,15 +31,16 @@ class ChallengeHandler(AbstractChallengeHandler):
|
|||||||
|
|
||||||
# check that the file is in place
|
# check that the file is in place
|
||||||
wellknown_url = "http://{0}/.well-known/acme-challenge/{1}".format(domain, token)
|
wellknown_url = "http://{0}/.well-known/acme-challenge/{1}".format(domain, token)
|
||||||
try:
|
if self._verify_challenge:
|
||||||
resp = tools.get_url(wellknown_url)
|
try:
|
||||||
resp_data = resp.read().decode('utf8').strip()
|
resp = tools.get_url(wellknown_url)
|
||||||
if resp_data != keyauthorization:
|
resp_data = resp.read().decode('utf8').strip()
|
||||||
raise ValueError("keyauthorization and response data do NOT match")
|
if resp_data != keyauthorization:
|
||||||
except (IOError, ValueError):
|
raise ValueError("keyauthorization and response data do NOT match")
|
||||||
os.remove(wellknown_path)
|
except (IOError, ValueError):
|
||||||
raise ValueError("Wrote file to {0}, but couldn't download {1}".format(
|
os.remove(wellknown_path)
|
||||||
wellknown_path, wellknown_url))
|
raise ValueError("Wrote file to {0}, but couldn't download {1}".format(
|
||||||
|
wellknown_path, wellknown_url))
|
||||||
return datetime.datetime.now()
|
return datetime.datetime.now()
|
||||||
|
|
||||||
def destroy_challenge(self, domain, thumbprint, token):
|
def destroy_challenge(self, domain, thumbprint, token):
|
||||||
|
Loading…
Reference in New Issue
Block a user