Improve SSL and expiry handling

This commit is contained in:
Scott Wallace 2020-09-16 15:28:58 +01:00
parent c3228c67db
commit b240cc7f02
2 changed files with 16 additions and 13 deletions

View file

@ -1,6 +1,6 @@
maubot: 0.1.0 maubot: 0.1.0
id: sh.wallace.matrix.shameotron id: sh.wallace.matrix.shameotron
version: 0.0.7 version: 0.0.13
license: MIT license: MIT
modules: modules:
- shameotron - shameotron

View file

@ -77,7 +77,7 @@ class ShameOTron(Plugin):
return servers return servers
async def get_ssl_expiry(self, addr): async def get_ssl_expiry(self, addr, host):
""" """
Class method to return the expiry date of a specific instance Class method to return the expiry date of a specific instance
""" """
@ -85,11 +85,11 @@ class ShameOTron(Plugin):
(hostname, port) = addr.split(':') (hostname, port) = addr.split(':')
context = ssl.create_default_context() context = ssl.create_default_context()
context.check_hostname = False context.check_hostname = True
context.verify_mode = ssl.CERT_OPTIONAL context.verify_mode = ssl.CERT_OPTIONAL
conn = context.wrap_socket( conn = context.wrap_socket(
socket.socket(socket.AF_INET), socket.socket(socket.AF_INET),
server_hostname=hostname, server_hostname=host,
) )
conn.settimeout(10.0) conn.settimeout(10.0)
@ -124,18 +124,20 @@ class ShameOTron(Plugin):
try: try:
addr = list(data['ConnectionReports'].keys())[0] addr = list(data['ConnectionReports'].keys())[0]
ssl_expiry = await self.get_ssl_expiry(addr) ssl_expiry = await self.get_ssl_expiry(addr, host)
except ( except (
ssl.SSLCertVerificationError, ssl.SSLCertVerificationError,
ssl.SSLError,
IndexError IndexError
): ) as error:
self.log.warning('SSL error for: %s (%s): %s', host, addr, error)
ssl_expiry = None ssl_expiry = None
try: try:
if not version: if not version:
version = data['Version']['version'] version = data['Version']['version']
except (TypeError, KeyError) as errstr: except (TypeError, KeyError) as error:
self.log.error(errstr) self.log.error(error)
version = '[ERROR]' version = '[ERROR]'
return { return {
@ -177,12 +179,13 @@ class ShameOTron(Plugin):
data = await self.query_homeserver(host) data = await self.query_homeserver(host)
warning = '' warning = ''
now = int(datetime.now().timestamp()) now = datetime.now()
if data['ssl_expiry']: if data['ssl_expiry']:
expiry = int(data['ssl_expiry'].timestamp()) expiry_days = (data['ssl_expiry'] - now).days
self.log.debug("%s: %s, %s", host, now, expiry) if expiry_days < 30:
if now > (expiry - (30 * 86400)): warning = f'(cert expiry in {expiry_days} days!)'
warning = '(cert expiry warning!)' else:
warning = '(SSL error)'
versions.append( versions.append(
(host, f"{data['version']} {warning}") (host, f"{data['version']} {warning}")