nahakubuilder/PyMTA-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7e55bfed58fe6bd3db2774725c3c3e91da3c1a5b
PyMTA-server/email_server/tls_utils.py
nahakubuilde 7e55bfed58 checking encryption, fixing module calling
2025-05-30 22:01:48 +01:00

68 lines
2.2 KiB
Python
Raw Blame History

"""
TLS utilities for the SMTP server.
"""
import ssl
import os
import logging
from OpenSSL import crypto
from email_server.config import TLS_CERT_FILE, TLS_KEY_FILE
from email_server.tool_box import ensure_folder_exists
logger = logging.getLogger(__name__)
ensure_folder_exists(TLS_CERT_FILE)
ensure_folder_exists(TLS_KEY_FILE)
def generate_self_signed_cert():
"""Generate self-signed SSL certificate if it doesn't exist."""
if os.path.exists(TLS_CERT_FILE) and os.path.exists(TLS_KEY_FILE):
logger.info("SSL certificate already exists")
return True
try:
logger.info("Generating self-signed SSL certificate...")
# Generate private key
k = crypto.PKey()
k.generate_key(crypto.TYPE_RSA, 2048)
# Generate certificate
cert = crypto.X509()
cert.get_subject().CN = 'localhost'
cert.get_subject().O = 'PyMTA Server'
cert.get_subject().C = 'GB'
cert.set_serial_number(1000)
cert.gmtime_adj_notBefore(0)
cert.gmtime_adj_notAfter(365 * 24 * 60 * 60) # Valid for 1 year
cert.set_issuer(cert.get_subject())
cert.set_pubkey(k)
cert.sign(k, 'sha256')
# Write certificate
with open(TLS_CERT_FILE, 'wb') as f:
f.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
# Write private key
with open(TLS_KEY_FILE, 'wb') as f:
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
logger.info(f"SSL certificate generated: {TLS_CERT_FILE}, {TLS_KEY_FILE}")
return True
except Exception as e:
logger.error(f"Failed to generate SSL certificate: {e}")
return False
def create_ssl_context():
"""Create SSL context for TLS support."""
try:
ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_context.load_cert_chain(certfile=TLS_CERT_FILE, keyfile=TLS_KEY_FILE)
ssl_context.set_ciphers('DEFAULT') # Relax ciphers for compatibility
logger.info('SSL context created successfully')
return ssl_context
except Exception as e:
logger.error(f'Failed to create SSL context: {e}')
return None
Reference in New Issue View Git Blame Copy Permalink