nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-21 07:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

pagekite: Fix expired certificates causing connection failures

Browse Source 
This is to make Pagekite use certficates shipped by Debian. Otherwise by
default, it uses internally shipped certificates that may be outdated. See:
https://pagekite.wordpress.com/2020/05/30/tls-certificate-validation-issues/

Tests performed:

- Without the patch, configure pagekite with a proper account. Notice that
pagekite fails to connect to the server due to SSL failures.

- Stop FreedomBox, apply the patch, run ./setup.py and run FreedomBox. File
/etc/pagekite.d/90_freedombox_certs.rc is present. Pagekite is restarted by
restarts. It start connecting to the server successfully.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
[jvalleroy: Fix typo in comment]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This commit is contained in:
Sunil Mohan Adapa 2020-05-31 21:52:42 -07:00 committed by James Valleroy
parent 0273d534cc
commit 48f66a0d7a
No known key found for this signature in database
GPG Key ID: 77C0C75E7B650808
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
plinth/modules/pagekite/__init__.py
View File

@ -5,6 +5,7 @@ FreedomBox app to configure PageKite.
from django.utils.translation import ugettext_lazy as _
from plinth import actions
from plinth import app as app_module
from plinth import cfg, menu
from plinth.daemon import Daemon
@ -14,7 +15,7 @@ from plinth.utils import format_lazy
from . import utils
from .manifest import backup # noqa, pylint: disable=unused-import
version = 1
version = 2
depends = ['names']
@ -106,4 +107,8 @@ def init():
def setup(helper, old_version=None):
"""Install and configure the module."""
helper.install(managed_packages)
helper.call('post', app.enable)
if not old_version:
helper.call('post', app.enable)
if old_version == 1:
actions.superuser_run('service', ['try-restart', managed_services[0]])

11
plinth/modules/pagekite/data/etc/pagekite.d/90_freedombox_certs.rc Normal file
View File

@ -0,0 +1,11 @@
#
# This file is shipped by FreedomBox. DO NOT EDIT.
#
# This is to make Pagekite use certficates shipped by Debian. Otherwise by
# default, it uses internally shipped certificates that may be outdated. See:
# https://pagekite.wordpress.com/2020/05/30/tls-certificate-validation-issues/
#
# If you wish to override this setting, create another file starting with a
# number higher than 90.
#
ca_certs = /etc/ssl/certs/ca-certificates.crt