crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[gen_conf/bind] Pas d'enregistrement TLSA si le certificat est marqué comme révoqué

Browse source
This commit is contained in:
Valentin Samir 2015-10-30 17:07:08 +01:00
parent 182597ca35
commit e4a36fb702
1 changed files with 8 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

15
gestion/gen_confs/bind.py
View file

@ -398,13 +398,14 @@ class Zone(ZoneBase):
def add_tlsa_record(self, cert):
"""Ajout d'un certif dans le DNS"""
if 'TLSACert' in cert['objectClass']:
for host in cert['hostCert']:
nom = self.get_name(host)
if nom is None: continue
for port in cert['portTCPin']:
self.add(TLSA(nom, port, 'tcp', cert['certificat'][0], cert['certificatUsage'][0], cert['matchingType'][0], cert['selector'][0], r_format='der'))
for port in cert['portUDPin']:
self.add(TLSA(nom, port, 'udp', cert['certificat'][0], cert['certificatUsage'][0], cert['matchingType'][0], cert['selector'][0], r_format='der'))
if not cert.get('revocked', [False])[0]:
for host in cert['hostCert']:
nom = self.get_name(host)
if nom is None: continue
for port in cert['portTCPin']:
self.add(TLSA(nom, port, 'tcp', cert['certificat'][0], cert['certificatUsage'][0], cert['matchingType'][0], cert['selector'][0], r_format='der'))
for port in cert['portUDPin']:
self.add(TLSA(nom, port, 'udp', cert['certificat'][0], cert['certificatUsage'][0], cert['matchingType'][0], cert['selector'][0], r_format='der'))
def add_machine(self, machine):
"""Ajout d'une machine, à savoir chaînage d'ajout