scott/maubot-shame
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Improve SSL and expiry handling

Browse source
This commit is contained in:
Scott Wallace 2020-09-16 15:28:58 +01:00
parent c3228c67db
commit b240cc7f02
2 changed files with 16 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
maubot.yaml
View file

@ -1,6 +1,6 @@
maubot: 0.1.0
id: sh.wallace.matrix.shameotron
version: 0.0.7
version: 0.0.13
license: MIT
modules:
- shameotron

27
shameotron.py
View file

@ -77,7 +77,7 @@ class ShameOTron(Plugin):
return servers
async def get_ssl_expiry(self, addr):
async def get_ssl_expiry(self, addr, host):
"""
Class method to return the expiry date of a specific instance
"""
@ -85,11 +85,11 @@ class ShameOTron(Plugin):
(hostname, port) = addr.split(':')
context = ssl.create_default_context()
context.check_hostname = False
context.check_hostname = True
context.verify_mode = ssl.CERT_OPTIONAL
conn = context.wrap_socket(
socket.socket(socket.AF_INET),
server_hostname=hostname,
server_hostname=host,
)
conn.settimeout(10.0)
@ -124,18 +124,20 @@ class ShameOTron(Plugin):
try:
addr = list(data['ConnectionReports'].keys())[0]
ssl_expiry = await self.get_ssl_expiry(addr)
ssl_expiry = await self.get_ssl_expiry(addr, host)
except (
ssl.SSLCertVerificationError,
ssl.SSLError,
IndexError
):
) as error:
self.log.warning('SSL error for: %s (%s): %s', host, addr, error)
ssl_expiry = None
try:
if not version:
version = data['Version']['version']
except (TypeError, KeyError) as errstr:
self.log.error(errstr)
except (TypeError, KeyError) as error:
self.log.error(error)
version = '[ERROR]'
return {
@ -177,12 +179,13 @@ class ShameOTron(Plugin):
data = await self.query_homeserver(host)
warning = ''
now = int(datetime.now().timestamp())
now = datetime.now()
if data['ssl_expiry']:
expiry = int(data['ssl_expiry'].timestamp())
self.log.debug("%s: %s, %s", host, now, expiry)
if now > (expiry - (30 * 86400)):
warning = '(cert expiry warning!)'
expiry_days = (data['ssl_expiry'] - now).days
if expiry_days < 30:
warning = f'(cert expiry in {expiry_days} days!)'
else:
warning = '(SSL error)'
versions.append(
(host, f"{data['version']} {warning}")