|
@@ -14,7 +14,6 @@
|
|
|
# limitations under the License.
|
|
|
|
|
|
import os
|
|
|
-import subprocess
|
|
|
from hashlib import sha256
|
|
|
|
|
|
from unpaddedbase64 import encode_base64
|
|
@@ -23,8 +22,6 @@ from OpenSSL import crypto
|
|
|
|
|
|
from ._base import Config
|
|
|
|
|
|
-GENERATE_DH_PARAMS = False
|
|
|
-
|
|
|
|
|
|
class TlsConfig(Config):
|
|
|
def read_config(self, config):
|
|
@@ -42,10 +39,6 @@ class TlsConfig(Config):
|
|
|
config.get("tls_private_key_path")
|
|
|
)
|
|
|
|
|
|
- self.tls_dh_params_path = self.check_file(
|
|
|
- config.get("tls_dh_params_path"), "tls_dh_params"
|
|
|
- )
|
|
|
-
|
|
|
self.tls_fingerprints = config["tls_fingerprints"]
|
|
|
|
|
|
# Check that our own certificate is included in the list of fingerprints
|
|
@@ -72,7 +65,6 @@ class TlsConfig(Config):
|
|
|
|
|
|
tls_certificate_path = base_key_name + ".tls.crt"
|
|
|
tls_private_key_path = base_key_name + ".tls.key"
|
|
|
- tls_dh_params_path = base_key_name + ".tls.dh"
|
|
|
|
|
|
return """\
|
|
|
# PEM encoded X509 certificate for TLS.
|
|
@@ -85,9 +77,6 @@ class TlsConfig(Config):
|
|
|
# PEM encoded private key for TLS
|
|
|
tls_private_key_path: "%(tls_private_key_path)s"
|
|
|
|
|
|
- # PEM dh parameters for ephemeral keys
|
|
|
- tls_dh_params_path: "%(tls_dh_params_path)s"
|
|
|
-
|
|
|
# Don't bind to the https port
|
|
|
no_tls: False
|
|
|
|
|
@@ -131,7 +120,6 @@ class TlsConfig(Config):
|
|
|
def generate_files(self, config):
|
|
|
tls_certificate_path = config["tls_certificate_path"]
|
|
|
tls_private_key_path = config["tls_private_key_path"]
|
|
|
- tls_dh_params_path = config["tls_dh_params_path"]
|
|
|
|
|
|
if not self.path_exists(tls_private_key_path):
|
|
|
with open(tls_private_key_path, "wb") as private_key_file:
|
|
@@ -165,31 +153,3 @@ class TlsConfig(Config):
|
|
|
cert_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
|
|
|
|
|
|
certificate_file.write(cert_pem)
|
|
|
-
|
|
|
- if not self.path_exists(tls_dh_params_path):
|
|
|
- if GENERATE_DH_PARAMS:
|
|
|
- subprocess.check_call([
|
|
|
- "openssl", "dhparam",
|
|
|
- "-outform", "PEM",
|
|
|
- "-out", tls_dh_params_path,
|
|
|
- "2048"
|
|
|
- ])
|
|
|
- else:
|
|
|
- with open(tls_dh_params_path, "w") as dh_params_file:
|
|
|
- dh_params_file.write(
|
|
|
- "2048-bit DH parameters taken from rfc3526\n"
|
|
|
- "-----BEGIN DH PARAMETERS-----\n"
|
|
|
- "MIIBCAKCAQEA///////////JD9qiIWjC"
|
|
|
- "NMTGYouA3BzRKQJOCIpnzHQCC76mOxOb\n"
|
|
|
- "IlFKCHmONATd75UZs806QxswKwpt8l8U"
|
|
|
- "N0/hNW1tUcJF5IW1dmJefsb0TELppjft\n"
|
|
|
- "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf"
|
|
|
- "5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT\n"
|
|
|
- "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVS"
|
|
|
- "u57VKQdwlpZtZww1Tkq8mATxdGwIyhgh\n"
|
|
|
- "fDKQXkYuNs474553LBgOhgObJ4Oi7Aei"
|
|
|
- "j7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq\n"
|
|
|
- "5RXSJhiY+gUQFXKOWoqsqmj/////////"
|
|
|
- "/wIBAg==\n"
|
|
|
- "-----END DH PARAMETERS-----\n"
|
|
|
- )
|