Improve SSL and expiry handling
This commit is contained in:
parent
c3228c67db
commit
b240cc7f02
|
@ -1,6 +1,6 @@
|
||||||
maubot: 0.1.0
|
maubot: 0.1.0
|
||||||
id: sh.wallace.matrix.shameotron
|
id: sh.wallace.matrix.shameotron
|
||||||
version: 0.0.7
|
version: 0.0.13
|
||||||
license: MIT
|
license: MIT
|
||||||
modules:
|
modules:
|
||||||
- shameotron
|
- shameotron
|
||||||
|
|
|
@ -77,7 +77,7 @@ class ShameOTron(Plugin):
|
||||||
return servers
|
return servers
|
||||||
|
|
||||||
|
|
||||||
async def get_ssl_expiry(self, addr):
|
async def get_ssl_expiry(self, addr, host):
|
||||||
"""
|
"""
|
||||||
Class method to return the expiry date of a specific instance
|
Class method to return the expiry date of a specific instance
|
||||||
"""
|
"""
|
||||||
|
@ -85,11 +85,11 @@ class ShameOTron(Plugin):
|
||||||
(hostname, port) = addr.split(':')
|
(hostname, port) = addr.split(':')
|
||||||
|
|
||||||
context = ssl.create_default_context()
|
context = ssl.create_default_context()
|
||||||
context.check_hostname = False
|
context.check_hostname = True
|
||||||
context.verify_mode = ssl.CERT_OPTIONAL
|
context.verify_mode = ssl.CERT_OPTIONAL
|
||||||
conn = context.wrap_socket(
|
conn = context.wrap_socket(
|
||||||
socket.socket(socket.AF_INET),
|
socket.socket(socket.AF_INET),
|
||||||
server_hostname=hostname,
|
server_hostname=host,
|
||||||
)
|
)
|
||||||
conn.settimeout(10.0)
|
conn.settimeout(10.0)
|
||||||
|
|
||||||
|
@ -124,18 +124,20 @@ class ShameOTron(Plugin):
|
||||||
|
|
||||||
try:
|
try:
|
||||||
addr = list(data['ConnectionReports'].keys())[0]
|
addr = list(data['ConnectionReports'].keys())[0]
|
||||||
ssl_expiry = await self.get_ssl_expiry(addr)
|
ssl_expiry = await self.get_ssl_expiry(addr, host)
|
||||||
except (
|
except (
|
||||||
ssl.SSLCertVerificationError,
|
ssl.SSLCertVerificationError,
|
||||||
|
ssl.SSLError,
|
||||||
IndexError
|
IndexError
|
||||||
):
|
) as error:
|
||||||
|
self.log.warning('SSL error for: %s (%s): %s', host, addr, error)
|
||||||
ssl_expiry = None
|
ssl_expiry = None
|
||||||
|
|
||||||
try:
|
try:
|
||||||
if not version:
|
if not version:
|
||||||
version = data['Version']['version']
|
version = data['Version']['version']
|
||||||
except (TypeError, KeyError) as errstr:
|
except (TypeError, KeyError) as error:
|
||||||
self.log.error(errstr)
|
self.log.error(error)
|
||||||
version = '[ERROR]'
|
version = '[ERROR]'
|
||||||
|
|
||||||
return {
|
return {
|
||||||
|
@ -177,12 +179,13 @@ class ShameOTron(Plugin):
|
||||||
data = await self.query_homeserver(host)
|
data = await self.query_homeserver(host)
|
||||||
|
|
||||||
warning = ''
|
warning = ''
|
||||||
now = int(datetime.now().timestamp())
|
now = datetime.now()
|
||||||
if data['ssl_expiry']:
|
if data['ssl_expiry']:
|
||||||
expiry = int(data['ssl_expiry'].timestamp())
|
expiry_days = (data['ssl_expiry'] - now).days
|
||||||
self.log.debug("%s: %s, %s", host, now, expiry)
|
if expiry_days < 30:
|
||||||
if now > (expiry - (30 * 86400)):
|
warning = f'(cert expiry in {expiry_days} days!)'
|
||||||
warning = '(cert expiry warning!)'
|
else:
|
||||||
|
warning = '(SSL error)'
|
||||||
|
|
||||||
versions.append(
|
versions.append(
|
||||||
(host, f"{data['version']} {warning}")
|
(host, f"{data['version']} {warning}")
|
||||||
|
|
Loading…
Reference in a new issue