summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2010-02-01 14:00:28 -0500
committerRob Crittenden <rcritten@redhat.com>2010-02-02 14:02:46 -0500
commitdc55240fe8ce2f27aaca05a5287089080c902c85 (patch)
tree684f7a6d20927fc519dea6652536922d1f08bed2 /ipalib/plugins
parent8ca97cdf3541adefe11ca0fc4ac49f01e8fb6984 (diff)
downloadfreeipa-dc55240fe8ce2f27aaca05a5287089080c902c85.tar.gz
freeipa-dc55240fe8ce2f27aaca05a5287089080c902c85.tar.xz
freeipa-dc55240fe8ce2f27aaca05a5287089080c902c85.zip
Be more careful when base64-decoding certificates
Only decode certs that have a BEGIN/END block, otherwise assume it is in DER format.
Diffstat (limited to 'ipalib/plugins')
-rw-r--r--ipalib/plugins/service.py9
1 files changed, 3 insertions, 6 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index 6ad992f3b..a477de9ad 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -28,6 +28,7 @@ from ipalib import Str, Flag, Bytes
from ipalib.plugins.baseldap import *
from ipalib import x509
from pyasn1.error import PyAsn1Error
+from ipalib import _, ngettext
def get_serial(certificate):
@@ -37,16 +38,12 @@ def get_serial(certificate):
"""
if type(certificate) in (list, tuple):
certificate = certificate[0]
- try:
- certificate = base64.b64decode(certificate)
- except Exception:
- pass
try:
serial = x509.get_serial_number(certificate, type=x509.DER)
- except PyAsn1Error:
+ except PyAsn1Error, e:
raise errors.GenericError(
- format='Unable to decode certificate in entry'
+ format='Unable to decode certificate in entry: %s' % e
)
return serial