Index: /trunk/server/fedora/config/etc/httpd/export-scripts-certs =================================================================== --- /trunk/server/fedora/config/etc/httpd/export-scripts-certs (revision 2810) +++ /trunk/server/fedora/config/etc/httpd/export-scripts-certs (revision 2811) @@ -25,4 +25,6 @@ vhosts.sort(key=lambda (dn, vhost): vhost['scriptsVhostName']) +cert_filenames = set() + def conf(vhost): name, = vhost['scriptsVhostName'] @@ -32,9 +34,11 @@ certs = ''.join('-----BEGIN CERTIFICATE-----\n' + '\n'.join(textwrap.wrap(cert, 64)) + '\n-----END CERTIFICATE-----\n' for cert in certs.split()) - cert_filename = os.path.join(CERTS_DIR, base64.urlsafe_b64encode(hashlib.sha256(certs).digest()).strip() + '.pem') - if not os.path.exists(cert_filename): - with open(cert_filename + '.new', 'w') as cert_file: + cert_filename = base64.urlsafe_b64encode(hashlib.sha256(certs).digest()).strip() + '.pem' + cert_filenames.add(cert_filename) + cert_path = os.path.join(CERTS_DIR, cert_filename) + if not os.path.exists(cert_path): + with open(cert_path + '.new', 'w') as cert_file: cert_file.write(certs) - os.rename(cert_filename + '.new', cert_filename) + os.rename(cert_path + '.new', cert_path) for port in 443, 444: @@ -47,5 +51,5 @@ if port == 444: yield '\tInclude conf.d/vhosts-common-ssl-cert.conf\n' - yield '\tSSLCertificateFile {}\n'.format(cert_filename) + yield '\tSSLCertificateFile {}\n'.format(cert_path) yield '\tSSLCertificateKeyFile {}\n'.format(os.path.join('/etc/pki/tls/private', key_filename)) yield '\n' @@ -55,2 +59,6 @@ vhosts_file.write(''.join(l for dn, vhost in vhosts for l in conf(vhost))) os.rename(os.path.join(CERTS_DIR, 'vhosts.conf.new'), os.path.join(CERTS_DIR, 'vhosts.conf')) + +for filename in os.listdir(CERTS_DIR): + if filename.endswith('.pem') and filename not in cert_filenames: + os.remove(os.path.join(CERTS_DIR, filename))