Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Remove dead code from acme support. #11393

Merged
merged 2 commits into from Nov 19, 2021
Merged

Remove dead code from acme support. #11393

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
90d9cc0
Remove dead code from acme support.
clokep Nov 18, 2021
81615c5
Newsfragment
clokep Nov 18, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/11393.misc
View file
Open in desktop
@@ -0,0 +1 @@
Remove dead code from supporting ACME.
50 changes: 0 additions & 50 deletions synapse/config/tls.py
View file
Open in desktop
Expand Up @@ -14,7 +14,6 @@

import logging
import os
from datetime import datetime
from typing import List, Optional, Pattern

from OpenSSL import SSL, crypto
Expand Down Expand Up @@ -133,55 +132,6 @@ def read_config(self, config: dict, config_dir_path: str, **kwargs):
self.tls_certificate: Optional[crypto.X509] = None
self.tls_private_key: Optional[crypto.PKey] = None

def is_disk_cert_valid(self, allow_self_signed=True):
"""
Is the certificate we have on disk valid, and if so, for how long?

Args:
allow_self_signed (bool): Should we allow the certificate we
read to be self signed?

Returns:
int: Days remaining of certificate validity.
None: No certificate exists.
"""
if not os.path.exists(self.tls_certificate_file):
return None

try:
with open(self.tls_certificate_file, "rb") as f:
cert_pem = f.read()
except Exception as e:
raise ConfigError(
"Failed to read existing certificate file %s: %s"
% (self.tls_certificate_file, e)
)

try:
tls_certificate = crypto.load_certificate(crypto.FILETYPE_PEM, cert_pem)
except Exception as e:
raise ConfigError(
"Failed to parse existing certificate file %s: %s"
% (self.tls_certificate_file, e)
)

if not allow_self_signed:
if tls_certificate.get_subject() == tls_certificate.get_issuer():
raise ValueError(
"TLS Certificate is self signed, and this is not permitted"
)

# YYYYMMDDhhmmssZ -- in UTC
expiry_data = tls_certificate.get_notAfter()
if expiry_data is None:
raise ValueError(
"TLS Certificate has no expiry date, and this is not permitted"
)
expires_on = datetime.strptime(expiry_data.decode("ascii"), "%Y%m%d%H%M%SZ")
now = datetime.utcnow()
days_remaining = (expires_on - now).days
return days_remaining

def read_certificate_from_disk(self):
"""
Read the certificates and private key from disk.
Expand Down