Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
open
stapled
Commits
beff048d
Commit
beff048d
authored
Oct 30, 2018
by
Chris Snijder
🏅
Browse files
Merge branch 'master' into '62-allow-running-one-off-for-debugging-purposes'
# Conflicts: # stapled/__main__.py # stapled/core/exceptions.py
parents
588951d7
c75e97d3
Pipeline
#5541
canceled with stages
in 7 minutes and 54 seconds
Changes
8
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
config/stapled.conf
View file @
beff048d
...
...
@@ -86,6 +86,19 @@ logdir=/var/log/stapled/
;;
https
://
cbonte
.
github
.
io
/
haproxy
-
dconv
/
1
.
7
/
management
.
html
#9.3-set%20ssl%20ocsp-response
haproxy
-
sockets
=[/
var
/
run
/
haproxy
/
admin
.
sock
]
;;
Use
HAProxy
config
files
as
the
source
of
cert
-
paths
and
socket
mappings
.
;;
Setting
this
will
merge
your
`
cert
-
paths
`
with
paths
found
in
the
specified
;;
HAProxy
config
files
.
Sockets
defined
in
`
haproxy
-
sockets
`
will
also
be
;;
merged
in
the
path
to
socket
mapping
.
;
haproxy
-
config
=/
etc
/
haproxy
/
haproxy
.
cfg
;;
Set
a
keep
alive
time
in
seconds
after
wich
the
connection
to
the
HAProxy
;;
sockets
is
terminated
.
The
minimum
allowed
value
is
10
seconds
,
because
;;
stapled
will
take
at
least
a
bit
of
time
to
communicate
with
HAProxy
,
and
;;
either
process
could
be
"busy"
.
;
haproxy
-
socket
-
keepalive
=
3600
;;
Don
'
t
output
anything
to
stdout
,
can
be
used
together
with
`
logdir
`
;;
and
/
or
`
syslog
`
to
prevent
output
on
stdout
while
logging
the
set
verbosity
;;
level
to
a
file
or
syslog
.
Uncomment
to
enable
...
...
debian/changelog
View file @
beff048d
stapled (1.1) stretch; urgency=low
* Change haproxy socket connection keep-alive (formerly "timeout") to new
default: 3600 seconds.
* Add --haproxy-socket-keepalive command line argument.
-- Chris <chris@greenhost.nl> Mon, 22 Oct 2018 18:34:15 +0200
stapled (1.0) stretch; urgency=low
* This version removes support for debian Jessie due to the shutdown of
...
...
stapled/__main__.py
View file @
beff048d
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
This is the module that parses your command line arguments and then starts
the OCSP Staple daemon, which searches your certificate paths and
requests staples for all certificates in them. They will then be saved as
``certificatename.pem.ocsp`` in the same paths that are being indexed.
Parse command line arguments and starts the OCSP Staple daemon.
The daemon searches your certificate paths and requests staples for all
certificates in them. They will then be saved as ``certificatename.pem.ocsp``
in the same paths that are being indexed.
Type ``stapled.py -h`` for all command line arguments.
...
...
@@ -29,11 +30,11 @@ user's process hierarchy node. In any case, it starts up the
:mod:`stapled.core.daemon`
module to bootstrap the application.
"""
import
configargparse
import
logging
import
logging.handlers
import
os
import
sys
import
configargparse
import
daemon
import
stapled
import
stapled.core.daemon
...
...
@@ -535,6 +536,69 @@ def __get_validated_args():
return
args
def
__get_haproxy_socket_mapping
(
args
):
"""
Get mapping of configured sockets and certificate directories.
From: haproxy config, stapled config and command line arguments.
:param Namespace args: Argparser argument list.
:return dict Of cert-paths and sockets for inform of changes.
"""
# Parse the cert_paths argument
arg_cert_paths
=
__get_arg_cert_paths
(
args
)
# Parse haproxy_sockets argument.
arg_haproxy_sockets
=
__get_arg_haproxy_sockets
(
args
)
# Make a mapping from certificate paths to sockets in a dict.
mapping
=
dict
(
zip
(
arg_cert_paths
,
arg_haproxy_sockets
))
# Parse HAProxy config files.
try
:
conf_cert_paths
,
conf_haproxy_sockets
=
parse_haproxy_config
(
args
.
haproxy_config
)
except
(
OSError
,
IOError
)
as
exc
:
logger
.
critical
(
handle_file_error
(
exc
))
exit
(
1
)
# Combine the socket and certificate paths of the arguments and config
# files in the sockets dictionary.
for
i
,
paths
in
enumerate
(
conf_cert_paths
):
for
path
in
paths
:
if
path
in
mapping
:
mapping
[
path
]
=
unique
(
mapping
[
path
]
+
conf_haproxy_sockets
[
i
],
preserve_order
=
False
)
else
:
mapping
[
path
]
=
conf_haproxy_sockets
[
i
]
logger
.
debug
(
"Paths to socket mapping: %s"
,
str
(
mapping
))
return
mapping
def
__get_validated_args
():
"""
Parse and validate CLI arguments and configuration.
Checks should match the restrictions in the usage help messages.
:returns Namespace: Validated argparser argument list.
"""
parser
=
get_cli_arg_parser
()
args
=
parser
.
parse_args
()
try
:
if
args
.
haproxy_socket_keepalive
<
10
:
raise
ArgumentError
(
"`--haproxy-socket-keepalive` should be higher than 10."
)
except
ArgumentError
as
exc
:
parser
.
print_usage
(
sys
.
stderr
)
logger
.
critical
(
"Invalid command line argument or value: %s"
,
exc
)
exit
(
1
)
return
args
if
__name__
==
'__main__'
:
try
:
init
()
...
...
stapled/core/daemon.py
View file @
beff048d
...
...
@@ -92,6 +92,7 @@ class Stapledaemon(object):
self
.
haproxy_socket_mapping
=
kwargs
.
pop
(
'haproxy_socket_mapping'
,
None
)
self
.
haproxy_socket_keepalive
=
kwargs
.
pop
(
'haproxy_socket_keepalive'
)
self
.
file_extensions
=
kwargs
.
pop
(
'file_extensions'
)
self
.
file_extensions
=
self
.
file_extensions
.
replace
(
" "
,
""
).
split
(
","
)
self
.
renewal_threads
=
kwargs
.
pop
(
'renewal_threads'
)
...
...
@@ -175,6 +176,7 @@ class Stapledaemon(object):
name
=
"proxy-adder"
,
thread_object
=
StapleAdder
,
haproxy_socket_mapping
=
self
.
haproxy_socket_mapping
,
haproxy_socket_keepalive
=
self
.
haproxy_socket_keepalive
,
scheduler
=
self
.
scheduler
)
...
...
stapled/core/exceptions.py
View file @
beff048d
...
...
@@ -61,7 +61,6 @@ class CertValidationError(Exception):
pass
class
ArgumentError
(
Exception
):
"""
Raised when a command line argument has an invalid value.
...
...
stapled/core/stapleadder.py
View file @
beff048d
...
...
@@ -13,7 +13,6 @@ import stapled.core.exceptions
LOG
=
logging
.
getLogger
(
__name__
)
SOCKET_BUFFER_SIZE
=
1024
SOCKET_TIMEOUT
=
86400
class
StapleAdder
(
threading
.
Thread
):
...
...
@@ -41,12 +40,6 @@ class StapleAdder(threading.Thread):
#: the base64 encoded OCSP staple
OCSP_ADD
=
'set ssl ocsp-response {}'
#: Predefines commands to send to sockets just after opening them.
CONNECT_COMMANDS
=
[
"prompt"
,
"set timeout cli {}"
.
format
(
SOCKET_TIMEOUT
)
]
def
__init__
(
self
,
*
args
,
**
kwargs
):
"""
Initialise the thread and its parent :class:`threading.Thread`.
...
...
@@ -65,11 +58,21 @@ class StapleAdder(threading.Thread):
self
.
haproxy_socket_mapping
=
kwargs
.
pop
(
'haproxy_socket_mapping'
,
None
)
self
.
haproxy_socket_keepalive
=
kwargs
.
pop
(
'haproxy_socket_keepalive'
,
None
)
assert
self
.
scheduler
is
not
None
,
\
"Please pass a scheduler to get and add proxy-add tasks."
assert
self
.
haproxy_socket_mapping
is
not
None
,
\
"The StapleAdder needs a haproxy_socket_mapping dict"
assert
self
.
haproxy_socket_keepalive
is
not
None
,
\
"No keep-alive defined for haproxy socket connection."
# Predefines commands to send to sockets just after opening them.
self
.
connect_commands
=
[
"prompt"
,
"set timeout cli {}"
.
format
(
self
.
haproxy_socket_keepalive
)
]
self
.
socks
=
{}
for
paths
in
self
.
haproxy_socket_mapping
.
values
():
...
...
@@ -119,7 +122,7 @@ class StapleAdder(threading.Thread):
try
:
sock
.
connect
(
path
)
result
=
[]
for
command
in
self
.
CONNECT_COMMANDS
:
for
command
in
self
.
connect_commands
:
result
.
extend
(
self
.
_send
(
sock
,
command
))
# Results (index 1) come per path (index 0), we need only results
result
=
[
res
[
1
]
for
res
in
result
]
...
...
stapled/version.py
View file @
beff048d
__version__
=
'1.
0
'
__version__
=
'1.
1
'
__app_name__
=
'stapled'
__debian_version__
=
'stretch'
version
View file @
beff048d
...
...
@@ -286,7 +286,7 @@ class GitVersion(object):
# Take index 7: to strip off 'commit '
commit_hash
=
str
(
subprocess
.
check_output
(
[
'git'
,
'log'
,
'-n'
,
'1'
,
self
.
file
],
[
'git'
,
'log'
,
'--decorate='
,
'-n'
,
'1'
,
self
.
file
],
universal_newlines
=
True
)
).
split
(
'
\n
'
)[
0
][
len
(
'commit '
):]
...
...
@@ -453,7 +453,7 @@ def main():
default
=
'stapled/version.py'
,
const
=
'stapled/version.py'
,
help
=
(
'Save the new number to the
a file named .
version, optionally pass'
'Save the new number to the version
file
, optionally pass'
'a different filename to the argument.'
)
)
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment