Closed mentalfl0w closed 2 years ago
zfb132
commented
2 years ago @Dracanrage Thank you very much.
We can make Domain and SubjectAltName together since the wildcard may be in either.
cert_subject_alt_name = cert_info.SubjectAltName
# 判断域名匹配
matched = False
+ cert_subject_alt_name = [cert_domain] + cert_subject_alt_name
- if cert_domain == cdn_domain:
- matched = True
- else:Do you think it is better?
mentalfl0w
commented
2 years ago @zfb132 Yes, this is indeed better, thank you for pointing it out, it has been revised now.
zfb132
commented
2 years ago We may make it more simple.
def delete_old_ssls(id, key, cdn_domain, ignore_id):
'''删除某个CDN的,除ignore_id以外的所有ssl证书
'''
ssl_client = ssl.get_ssl_client_instance(id, key)
cert_list = ssl.get_cert_list(ssl_client)
for cert in cert_list:
cert_id = cert.CertificateId
# 刚上传的这个证书不删除
if cert_id == ignore_id:
continue
cert_info = ssl.get_cert_info(ssl_client, cert_id)
cert_domain_and_alt_name = [cert_info.Domain] + cert_info.SubjectAltName
matched = False
# 判断域名匹配
for cert_name in cert_domain_and_alt_name:
if cert_name:
# 判断主域名或多域名
if cert_name == cdn_domain:
matched = True
break
# 判断泛域名 m=['*','example.cn']
m = cert_name.split('.', 1)
n = cdn_domain.split('.', 1)
if m[0] == "*" and m[1] == n[1]:
matched = True
break
# 根据结果删除证书
if matched:
ssl.delete_cert(ssl_client, cert_id)@zfb132 Yes, this is more concise and I made an additional small change to make the judgement less.
zfb132
commented
2 years ago Indeed, the if cert_domain_and_alt_name: is always true because if ['']: is true.
mentalfl0w
commented
2 years ago Indeed, the
if cert_domain_and_alt_name:is always true becauseif ['']:is true.
I did forget it, a long time from python coding let me miss this, thanks for pointing it out, I'd revert this change.
1 Fix this bug.