adrian/schematics
1
0
Fork 0
Code Issues Pull requests Releases Activity

Fix expiring ACME certs

Browse source
This commit is contained in:
Adrian Heine 2017-09-17 18:44:07 +02:00
parent c9cf5af6cd
commit 0c7577718d
1 changed files with 7 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/symbols/acme/cert.rs
View file

@ -45,11 +45,14 @@ impl<'a, C: CommandRunner> Symbol for AcmeCert<'a, C> {
return Ok(false);
}
let stdout = try!(self.command_runner.get_output("openssl", &["x509", "-in", &self.get_cert_path(), "-noout", "-subject", "-checkend", &(30*DAYS_IN_SECONDS).to_string()]));
if stdout != format!("subject=CN = {}\nCertificate will not expire\n", self.domain).as_bytes() {
return Ok(false);
let output = try!(self.command_runner.run_with_args("openssl", &["x509", "-in", &self.get_cert_path(), "-noout", "-subject", "-checkend", &(30*DAYS_IN_SECONDS).to_string()]));
if output.status.success() && output.stdout == format!("subject=CN = {}\nCertificate will not expire\n", self.domain).as_bytes() {
Ok(self.command_runner.run_successfully("openssl", &["verify", "--untrusted", "/home/acme/lets_encrypt_x3_cross_signed.pem", &self.get_cert_path()]).is_ok())
} else if output.status.code() == Some(1) && output.stdout == format!("subject=CN = {}\nCertificate will expire\n", self.domain).as_bytes() {
Ok(false)
} else {
Err(try!(String::from_utf8(output.stderr)).into())
}
Ok(self.command_runner.run_successfully("openssl", &["verify", "--untrusted", "/home/acme/lets_encrypt_x3_cross_signed.pem", &self.get_cert_path()]).is_ok())
}
fn execute(&self) -> Result<(), Box<Error>> {