moepman/acertmgr
1
0
Fork 0
mirror of https://github.com/moepman/acertmgr.git synced 2025-01-01 04:21:51 +01:00
Code Releases Activity

standalone: do not attempt webdir challenge verification

Browse Source 
webdir challenge verfication will always fail with standalone due to the
server not being started immediately at the point of challenge creation.
This commit is contained in:
Kishi85 2019-03-23 09:56:29 +01:00
parent 1e5b1defa7
commit 710c42c805
2 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
acertmgr/modes/standalone.py
View File

@ -63,6 +63,7 @@ HTTPServer.allow_reuse_address = True
class ChallengeHandler(WebChallengeHandler): class ChallengeHandler(WebChallengeHandler):
def __init__(self, config): def __init__(self, config):
WebChallengeHandler.__init__(self, config) WebChallengeHandler.__init__(self, config)
self._verify_challenge = False
self.current_directory = os.getcwd() self.current_directory = os.getcwd()
if "port" in config: if "port" in config:
port = int(config["port"]) port = int(config["port"])

20
acertmgr/modes/webdir.py
View File

@ -14,6 +14,7 @@ from acertmgr.modes.abstract import AbstractChallengeHandler
class ChallengeHandler(AbstractChallengeHandler): class ChallengeHandler(AbstractChallengeHandler):
def __init__(self, config): def __init__(self, config):
AbstractChallengeHandler.__init__(self, config) AbstractChallengeHandler.__init__(self, config)
self._verify_challenge = True
self.challenge_directory = config.get("webdir", "/var/www/acme-challenge/") self.challenge_directory = config.get("webdir", "/var/www/acme-challenge/")
if not os.path.isdir(self.challenge_directory): if not os.path.isdir(self.challenge_directory):
raise FileNotFoundError("Challenge directory (%s) does not exist!" % self.challenge_directory) raise FileNotFoundError("Challenge directory (%s) does not exist!" % self.challenge_directory)
@ -30,15 +31,16 @@ class ChallengeHandler(AbstractChallengeHandler):
# check that the file is in place # check that the file is in place
wellknown_url = "http://{0}/.well-known/acme-challenge/{1}".format(domain, token) wellknown_url = "http://{0}/.well-known/acme-challenge/{1}".format(domain, token)
try: if self._verify_challenge:
resp = tools.get_url(wellknown_url) try:
resp_data = resp.read().decode('utf8').strip() resp = tools.get_url(wellknown_url)
if resp_data != keyauthorization: resp_data = resp.read().decode('utf8').strip()
raise ValueError("keyauthorization and response data do NOT match") if resp_data != keyauthorization:
except (IOError, ValueError): raise ValueError("keyauthorization and response data do NOT match")
os.remove(wellknown_path) except (IOError, ValueError):
raise ValueError("Wrote file to {0}, but couldn't download {1}".format( os.remove(wellknown_path)
wellknown_path, wellknown_url)) raise ValueError("Wrote file to {0}, but couldn't download {1}".format(
wellknown_path, wellknown_url))
return datetime.datetime.now() return datetime.datetime.now()
def destroy_challenge(self, domain, thumbprint, token): def destroy_challenge(self, domain, thumbprint, token):