Revision 60cc531d lib/utils/security.py
b/lib/utils/security.py | ||
---|---|---|
24 | 24 |
|
25 | 25 |
import logging |
26 | 26 |
import OpenSSL |
27 |
import os |
|
27 | 28 |
|
28 | 29 |
from ganeti.utils import io |
30 |
from ganeti.utils import x509 |
|
29 | 31 |
from ganeti import pathutils |
30 | 32 |
|
31 | 33 |
|
... | ... | |
92 | 94 |
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, |
93 | 95 |
cert_plain) |
94 | 96 |
return cert.digest("sha1") |
97 |
|
|
98 |
|
|
99 |
def GenerateNewSslCert(new_cert, cert_filename, log_msg): |
|
100 |
"""Creates a new SSL certificate and backups the old one. |
|
101 |
|
|
102 |
@type new_cert: boolean |
|
103 |
@param new_cert: whether a new certificate should be created |
|
104 |
@type cert_filename: string |
|
105 |
@param cert_filename: filename of the certificate file |
|
106 |
@type log_msg: string |
|
107 |
@param log_msg: log message to be written on certificate creation |
|
108 |
|
|
109 |
""" |
|
110 |
cert_exists = os.path.exists(cert_filename) |
|
111 |
if new_cert or not cert_exists: |
|
112 |
if cert_exists: |
|
113 |
io.CreateBackup(cert_filename) |
|
114 |
|
|
115 |
logging.debug(log_msg) |
|
116 |
x509.GenerateSelfSignedSslCert(cert_filename) |
Also available in: Unified diff