diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-02-01 14:00:28 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-02-02 14:02:46 -0500 |
| commit | dc55240fe8ce2f27aaca05a5287089080c902c85 (patch) | |
| tree | 684f7a6d20927fc519dea6652536922d1f08bed2 /ipalib/plugins | |
| parent | 8ca97cdf3541adefe11ca0fc4ac49f01e8fb6984 (diff) | |
| download | freeipa-dc55240fe8ce2f27aaca05a5287089080c902c85.tar.gz freeipa-dc55240fe8ce2f27aaca05a5287089080c902c85.tar.xz freeipa-dc55240fe8ce2f27aaca05a5287089080c902c85.zip | |
Be more careful when base64-decoding certificates
Only decode certs that have a BEGIN/END block, otherwise assume it
is in DER format.
Diffstat (limited to 'ipalib/plugins')
| -rw-r--r-- | ipalib/plugins/service.py | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index 6ad992f3b..a477de9ad 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -28,6 +28,7 @@ from ipalib import Str, Flag, Bytes from ipalib.plugins.baseldap import * from ipalib import x509 from pyasn1.error import PyAsn1Error +from ipalib import _, ngettext def get_serial(certificate): @@ -37,16 +38,12 @@ def get_serial(certificate): """ if type(certificate) in (list, tuple): certificate = certificate[0] - try: - certificate = base64.b64decode(certificate) - except Exception: - pass try: serial = x509.get_serial_number(certificate, type=x509.DER) - except PyAsn1Error: + except PyAsn1Error, e: raise errors.GenericError( - format='Unable to decode certificate in entry' + format='Unable to decode certificate in entry: %s' % e ) return serial |