diff options
| author | elijah <elijah@riseup.net> | 2014-10-02 12:11:24 -0700 |
|---|---|---|
| committer | elijah <elijah@riseup.net> | 2014-10-02 12:11:24 -0700 |
| commit | cfd626dc6c067a6465e962f3eeaa182cda994dba (patch) | |
| tree | a9cfcb5dbf914e73a10bbb36afa211ff3aad93a1 | |
| parent | 7bc348aa07afebc8287a6eeb1416cb844363d2fa (diff) | |
| download | leap_cli-cfd626dc6c067a6465e962f3eeaa182cda994dba.tar.gz leap_cli-cfd626dc6c067a6465e962f3eeaa182cda994dba.tar.bz2 | |
leap cert update will now warn if commercial certs will expire soon.
| -rw-r--r-- | lib/leap_cli/commands/ca.rb | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb index 46e3494..66dfd7c 100644 --- a/lib/leap_cli/commands/ca.rb +++ b/lib/leap_cli/commands/ca.rb @@ -36,6 +36,7 @@ module LeapCli; module Commands nodes = manager.filter!(args) nodes.each_node do |node| + warn_if_commercial_cert_will_soon_expire(node) if !node.x509.use remove_file!([:node_x509_key, node.name]) remove_file!([:node_x509_cert, node.name]) @@ -191,7 +192,7 @@ module LeapCli; module Commands return true else cert = load_certificate_file([:node_x509_cert, node.name]) - if cert.not_after < months_from_yesterday(1) + if cert.not_after < months_from_yesterday(2) log :updating, "cert for node '#{node.name}' because it will expire soon" return true end @@ -222,6 +223,18 @@ module LeapCli; module Commands return false end + def warn_if_commercial_cert_will_soon_expire(node) + dns_names_for_node(node).each do |domain| + if file_exists?([:commercial_cert, domain]) + cert = load_certificate_file([:commercial_cert, domain]) + if cert.not_after < months_from_yesterday(2) + log :warning, "the commercial certificate '#{Path.relative_path([:commercial_cert, domain])}' will expire soon. "+ + "You should renew it with `leap cert csr --domain #{domain}`." + end + end + end + end + def generate_cert_for_node(node) return if node.x509.use == false |