crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[gen_conf/bind] Pas d'enregistrement TLSA si le certificat est marqué comme révoqué

Browse source
This commit is contained in:
Valentin Samir 2015-10-30 17:07:08 +01:00
parent 182597ca35
commit e4a36fb702
1 changed files with 8 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

15
gestion/gen_confs/bind.py
View file

@ -398,13 +398,14 @@ class Zone(ZoneBase):
def add_tlsa_record(self, cert): def add_tlsa_record(self, cert):
"""Ajout d'un certif dans le DNS""" """Ajout d'un certif dans le DNS"""
if 'TLSACert' in cert['objectClass']: if 'TLSACert' in cert['objectClass']:
for host in cert['hostCert']: if not cert.get('revocked', [False])[0]:
nom = self.get_name(host) for host in cert['hostCert']:
if nom is None: continue nom = self.get_name(host)
for port in cert['portTCPin']: if nom is None: continue
self.add(TLSA(nom, port, 'tcp', cert['certificat'][0], cert['certificatUsage'][0], cert['matchingType'][0], cert['selector'][0], r_format='der')) for port in cert['portTCPin']:
for port in cert['portUDPin']: self.add(TLSA(nom, port, 'tcp', cert['certificat'][0], cert['certificatUsage'][0], cert['matchingType'][0], cert['selector'][0], r_format='der'))
self.add(TLSA(nom, port, 'udp', cert['certificat'][0], cert['certificatUsage'][0], cert['matchingType'][0], cert['selector'][0], r_format='der')) for port in cert['portUDPin']:
self.add(TLSA(nom, port, 'udp', cert['certificat'][0], cert['certificatUsage'][0], cert['matchingType'][0], cert['selector'][0], r_format='der'))
def add_machine(self, machine): def add_machine(self, machine):
"""Ajout d'une machine, à savoir chaînage d'ajout """Ajout d'une machine, à savoir chaînage d'ajout