cli.updater: Make --crt optional.

No certificate is needed to be an anonymous client, only up-to-date CA and CRL are needed to validate service certificate.

cli.updater: Make --crt optional.
No certificate is needed to be an anonymous client, only up-to-date CA and CRL are needed to validate service certificate.
e3e1893b · Vincent Pelletier · c15f6a11 · e3e1893b
Commit e3e1893b authored May 04, 2018 by Vincent Pelletier
Show whitespace changes
Inline Side-by-side

Showing with 30 additions and 30 deletions

caucase/cli.py caucase/cli.py +30 -30

No files found.
--- a/caucase/cli.py
+++ b/caucase/cli.py
@@ -668,7 +668,6 @@ def updater(argv=None, until=utils.until):
  )
  parser.add_argument(
    '--crt',
-    required=True,
    metavar='CRT_PATH',
    help='Path of your certificate for MODE. Will be renewed before '
    'expiration.',
@@ -701,7 +700,7 @@ def updater(argv=None, until=utils.until):
      ca_url=ca_url,
      ca_crt_pem_list=utils.getCertList(args.cas_ca)
    )
-    if not utils.hasOneCert(args.crt):
+    if args.crt and not utils.hasOneCert(args.crt):
      print 'Bootstraping...'
      csr_pem = utils.getCertRequest(args.csr)
      # Quick sanity check before bothering server
@@ -755,6 +754,7 @@ def updater(argv=None, until=utils.until):
          next_deadline,
          utils.load_crl(open(args.crl).read(), ca_crt_list).next_update,
        )
+      if args.crt:
        crt_pem, key_pem, key_path = utils.getKeyPair(args.crt, args.key)
        crt = utils.load_certificate(crt_pem, ca_crt_list, None)
        if crt.not_valid_after - threshold <= now: