diff --git a/plogical/virtualHostUtilities.py b/plogical/virtualHostUtilities.py index f99f58a2e..ad40382b1 100644 --- a/plogical/virtualHostUtilities.py +++ b/plogical/virtualHostUtilities.py @@ -118,8 +118,24 @@ class virtualHostUtilities: logging.CyberCPLogFileWriter.statusWriter(tempStatusPath, message) logging.CyberCPLogFileWriter.writeToFile(message) - x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, open(filePath, 'r').read()) - SSLProvider = x509.get_issuer().get_components()[1][1].decode('utf-8') + try: + with open(filePath, 'r') as f: + x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, f.read()) + + # Safely extract SSL provider from issuer components + issuer_components = x509.get_issuer().get_components() + SSLProvider = 'Denial' # Default to Denial if we can't find the provider + + # Look for the Organization (O) field in the issuer + for component in issuer_components: + if component[0] == b'O': # Organization field + SSLProvider = component[1].decode('utf-8') + break + elif component[0] == b'CN' and SSLProvider == 'Denial': # Fallback to CN if O not found + SSLProvider = component[1].decode('utf-8') + except (FileNotFoundError, IndexError, OpenSSL.crypto.Error) as e: + SSLProvider = 'Denial' + logging.CyberCPLogFileWriter.writeToFile(f"SSL certificate check error: {str(e)}") try: child = ChildDomains.objects.get(domain=CurrentHostName) @@ -139,8 +155,24 @@ class virtualHostUtilities: ### once SSL is issued, re-read the SSL file and check if valid ssl got issued. - x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, open(filePath, 'r').read()) - SSLProvider = x509.get_issuer().get_components()[1][1].decode('utf-8') + try: + with open(filePath, 'r') as f: + x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, f.read()) + + # Safely extract SSL provider from issuer components + issuer_components = x509.get_issuer().get_components() + SSLProvider = 'Denial' # Default to Denial if we can't find the provider + + # Look for the Organization (O) field in the issuer + for component in issuer_components: + if component[0] == b'O': # Organization field + SSLProvider = component[1].decode('utf-8') + break + elif component[0] == b'CN' and SSLProvider == 'Denial': # Fallback to CN if O not found + SSLProvider = component[1].decode('utf-8') + except (FileNotFoundError, IndexError, OpenSSL.crypto.Error) as e: + SSLProvider = 'Denial' + logging.CyberCPLogFileWriter.writeToFile(f"SSL re-check error: {str(e)}") if SSLProvider == 'Denial': message = 'Hostname SSL was already issued, and same hostname was used in mail server SSL, rDNS was also configured but we found invalid SSL. However, we tried to issue SSL and it failed. [404]' @@ -256,8 +288,24 @@ class virtualHostUtilities: virtualHostUtilities.issueSSLForHostName(Domain, path, 1) - x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, open(filePath, 'r').read()) - SSLProvider = x509.get_issuer().get_components()[1][1].decode('utf-8') + try: + with open(filePath, 'r') as f: + x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, f.read()) + + # Safely extract SSL provider from issuer components + issuer_components = x509.get_issuer().get_components() + SSLProvider = 'Denial' # Default to Denial if we can't find the provider + + # Look for the Organization (O) field in the issuer + for component in issuer_components: + if component[0] == b'O': # Organization field + SSLProvider = component[1].decode('utf-8') + break + elif component[0] == b'CN' and SSLProvider == 'Denial': # Fallback to CN if O not found + SSLProvider = component[1].decode('utf-8') + except (FileNotFoundError, IndexError, OpenSSL.crypto.Error) as e: + SSLProvider = 'Denial' + logging.CyberCPLogFileWriter.writeToFile(f"Hostname SSL check error: {str(e)}") if SSLProvider == 'Denial': message = 'Failed to issue Hostname SSL, either its DNS record is not propagated or the domain is behind Cloudflare. If DNS is already propagated you might have reached Lets Encrypt limit, please wait before trying again.. [404]' @@ -275,8 +323,24 @@ class virtualHostUtilities: virtualHostUtilities.issueSSLForMailServer(Domain, path) - x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, open(filePath, 'r').read()) - SSLProvider = x509.get_issuer().get_components()[1][1].decode('utf-8') + try: + with open(filePath, 'r') as f: + x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, f.read()) + + # Safely extract SSL provider from issuer components + issuer_components = x509.get_issuer().get_components() + SSLProvider = 'Denial' # Default to Denial if we can't find the provider + + # Look for the Organization (O) field in the issuer + for component in issuer_components: + if component[0] == b'O': # Organization field + SSLProvider = component[1].decode('utf-8') + break + elif component[0] == b'CN' and SSLProvider == 'Denial': # Fallback to CN if O not found + SSLProvider = component[1].decode('utf-8') + except (FileNotFoundError, IndexError, OpenSSL.crypto.Error) as e: + SSLProvider = 'Denial' + logging.CyberCPLogFileWriter.writeToFile(f"Mail server SSL check error: {str(e)}") if SSLProvider == 'Denial': message = 'Failed to issue Mail server SSL, either its DNS record is not propagated or the domain is behind Cloudflare. [404]'