Commit e3e1893b authored by Vincent Pelletier's avatar Vincent Pelletier

cli.updater: Make --crt optional.

No certificate is needed to be an anonymous client, only up-to-date CA and
CRL are needed to validate service certificate.
parent c15f6a11
...@@ -668,7 +668,6 @@ def updater(argv=None, until=utils.until): ...@@ -668,7 +668,6 @@ def updater(argv=None, until=utils.until):
) )
parser.add_argument( parser.add_argument(
'--crt', '--crt',
required=True,
metavar='CRT_PATH', metavar='CRT_PATH',
help='Path of your certificate for MODE. Will be renewed before ' help='Path of your certificate for MODE. Will be renewed before '
'expiration.', 'expiration.',
...@@ -701,7 +700,7 @@ def updater(argv=None, until=utils.until): ...@@ -701,7 +700,7 @@ def updater(argv=None, until=utils.until):
ca_url=ca_url, ca_url=ca_url,
ca_crt_pem_list=utils.getCertList(args.cas_ca) ca_crt_pem_list=utils.getCertList(args.cas_ca)
) )
if not utils.hasOneCert(args.crt): if args.crt and not utils.hasOneCert(args.crt):
print 'Bootstraping...' print 'Bootstraping...'
csr_pem = utils.getCertRequest(args.csr) csr_pem = utils.getCertRequest(args.csr)
# Quick sanity check before bothering server # Quick sanity check before bothering server
...@@ -755,6 +754,7 @@ def updater(argv=None, until=utils.until): ...@@ -755,6 +754,7 @@ def updater(argv=None, until=utils.until):
next_deadline, next_deadline,
utils.load_crl(open(args.crl).read(), ca_crt_list).next_update, utils.load_crl(open(args.crl).read(), ca_crt_list).next_update,
) )
if args.crt:
crt_pem, key_pem, key_path = utils.getKeyPair(args.crt, args.key) crt_pem, key_pem, key_path = utils.getKeyPair(args.crt, args.key)
crt = utils.load_certificate(crt_pem, ca_crt_list, None) crt = utils.load_certificate(crt_pem, ca_crt_list, None)
if crt.not_valid_after - threshold <= now: if crt.not_valid_after - threshold <= now:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment