Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Remove dead code from acme support. (#11393)
Browse files Browse the repository at this point in the history
  • Loading branch information
clokep authored Nov 19, 2021
1 parent 5505da2 commit 4d6d38a
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 50 deletions.
1 change: 1 addition & 0 deletions changelog.d/11393.misc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Remove dead code from supporting ACME.
50 changes: 0 additions & 50 deletions synapse/config/tls.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@

import logging
import os
from datetime import datetime
from typing import List, Optional, Pattern

from OpenSSL import SSL, crypto
Expand Down Expand Up @@ -133,55 +132,6 @@ def read_config(self, config: dict, config_dir_path: str, **kwargs):
self.tls_certificate: Optional[crypto.X509] = None
self.tls_private_key: Optional[crypto.PKey] = None

def is_disk_cert_valid(self, allow_self_signed=True):
"""
Is the certificate we have on disk valid, and if so, for how long?
Args:
allow_self_signed (bool): Should we allow the certificate we
read to be self signed?
Returns:
int: Days remaining of certificate validity.
None: No certificate exists.
"""
if not os.path.exists(self.tls_certificate_file):
return None

try:
with open(self.tls_certificate_file, "rb") as f:
cert_pem = f.read()
except Exception as e:
raise ConfigError(
"Failed to read existing certificate file %s: %s"
% (self.tls_certificate_file, e)
)

try:
tls_certificate = crypto.load_certificate(crypto.FILETYPE_PEM, cert_pem)
except Exception as e:
raise ConfigError(
"Failed to parse existing certificate file %s: %s"
% (self.tls_certificate_file, e)
)

if not allow_self_signed:
if tls_certificate.get_subject() == tls_certificate.get_issuer():
raise ValueError(
"TLS Certificate is self signed, and this is not permitted"
)

# YYYYMMDDhhmmssZ -- in UTC
expiry_data = tls_certificate.get_notAfter()
if expiry_data is None:
raise ValueError(
"TLS Certificate has no expiry date, and this is not permitted"
)
expires_on = datetime.strptime(expiry_data.decode("ascii"), "%Y%m%d%H%M%SZ")
now = datetime.utcnow()
days_remaining = (expires_on - now).days
return days_remaining

def read_certificate_from_disk(self):
"""
Read the certificates and private key from disk.
Expand Down

0 comments on commit 4d6d38a

Please sign in to comment.