adding support for ACME_POWERDNS_VERIFY option to support CA Bundles and disabling Server validation
This commit is contained in:
parent
ca8e73286f
commit
5dfb6acb17
@ -1008,6 +1008,15 @@ The following configuration properties are required to use the PowerDNS ACME Plu
|
||||
|
||||
This is the number of times DNS Verification should be attempted (i.e. 20)
|
||||
|
||||
|
||||
.. data:: ACME_POWERDNS_VERIFY
|
||||
:noindex:
|
||||
|
||||
This configures how PowerDNS verifies TLS certificates. The PowerDNS Plugin relies on the requests library, supported options are as follows:
|
||||
* True: Verifies the certificate chains to a known publicly-trusted CA. (Default)
|
||||
* False: Disable certificate validation (Not Recommended)
|
||||
* File/Dir path to CA Bundle: Verify that the certificate chains to a Certificate Authority in the provided CA bundle.
|
||||
|
||||
.. _CommandLineInterface:
|
||||
|
||||
Command Line Interface
|
||||
|
@ -246,11 +246,12 @@ def _get_zone_name(domain, account_number):
|
||||
def _get(path, params=None):
|
||||
""" Execute a GET request on the given URL (base_uri + path) and return response as JSON object """
|
||||
base_uri = current_app.config.get("ACME_POWERDNS_DOMAIN")
|
||||
verify_value = current_app.config.get("ACME_POWERDNS_VERIFY", True)
|
||||
resp = requests.get(
|
||||
f"{base_uri}{path}",
|
||||
headers=_generate_header(),
|
||||
params=params,
|
||||
verify=True,
|
||||
verify=verify_value,
|
||||
)
|
||||
resp.raise_for_status()
|
||||
return resp.json()
|
||||
@ -259,9 +260,11 @@ def _get(path, params=None):
|
||||
def _patch(path, payload):
|
||||
""" Execute a Patch request on the given URL (base_uri + path) with given payload """
|
||||
base_uri = current_app.config.get("ACME_POWERDNS_DOMAIN")
|
||||
verify_value = current_app.config.get("ACME_POWERDNS_VERIFY", True)
|
||||
resp = requests.patch(
|
||||
f"{base_uri}{path}",
|
||||
data=json.dumps(payload),
|
||||
headers=_generate_header()
|
||||
headers=_generate_header(),
|
||||
verify=verify_value,
|
||||
)
|
||||
resp.raise_for_status()
|
||||
|
Loading…
Reference in New Issue
Block a user