Commit 3f04238d authored by Vincent Pelletier's avatar Vincent Pelletier

http.manage: Do not prune expired certificates from ca table.

Because this is not the job of an import/export tool.
parent 7a7d0383
......@@ -1114,7 +1114,7 @@ def manage(argv=None, stdout=sys.stdout):
db = SQLite3Storage(db_path, table_prefix='cas')
trusted_ca_crt_set = [
utils.load_ca_certificate(x['crt_pem'])
for x in db.getCAKeyPairList()
for x in db.getCAKeyPairList(prune=False)
]
latest_ca_not_after = max(
x.not_valid_after
......@@ -1159,7 +1159,7 @@ def manage(argv=None, stdout=sys.stdout):
for key_pair in SQLite3Storage(
db_path,
table_prefix='cas',
).getCAKeyPairList():
).getCAKeyPairList(prune=False):
write(
key_pair['crt_pem'] + serialization.load_pem_private_key(
key_pair['key_pem'],
......
......@@ -215,19 +215,20 @@ class SQLite3Storage(local):
except sqlite3.IntegrityError:
pass
def getCAKeyPairList(self):
def getCAKeyPairList(self, prune=True):
"""
Return the chronologically sorted (oldest in [0], newest in [-1])
certificate authority key pairs.
"""
with self._db as db:
c = db.cursor()
c.execute(
'DELETE FROM %sca WHERE expiration_date < ?' % (
self._table_prefix,
),
(time(), ),
)
if prune:
c.execute(
'DELETE FROM %sca WHERE expiration_date < ?' % (
self._table_prefix,
),
(time(), ),
)
return [
{
'crt_pem': toBytes(x['crt']),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment