summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/certs.py
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2013-06-03 09:14:21 +0200
committerPetr Viktorin <pviktori@redhat.com>2013-06-12 12:59:54 +0200
commit1e772b18451d64e1ece8577abd15afe532432199 (patch)
treefc7360cfd2e40b0bcb04463e05b9c06efe38b802 /ipaserver/install/certs.py
parent6b556235266a71eb3f03acaab869a1757534274a (diff)
downloadfreeipa-1e772b18451d64e1ece8577abd15afe532432199.tar.gz
freeipa-1e772b18451d64e1ece8577abd15afe532432199.tar.xz
freeipa-1e772b18451d64e1ece8577abd15afe532432199.zip
Handle exceptions gracefully when verifying PKCS#12 files.
https://fedorahosted.org/freeipa/ticket/3667
Diffstat (limited to 'ipaserver/install/certs.py')
-rw-r--r--ipaserver/install/certs.py8
1 files changed, 7 insertions, 1 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index b170c7cbf..643cbda30 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -29,6 +29,7 @@ import base64
from hashlib import sha1
from nss import nss
+from nss.error import NSPRError
from ipapython.ipa_log_manager import root_logger
from ipapython import dogtag
@@ -286,7 +287,12 @@ class NSSDatabase(object):
certdb = nss.get_default_certdb()
cert = nss.find_cert_from_nickname(nickname)
intended_usage = nss.certificateUsageSSLServer
- approved_usage = cert.verify_now(certdb, True, intended_usage)
+ try:
+ approved_usage = cert.verify_now(certdb, True, intended_usage)
+ except NSPRError, e:
+ if e.errno != -8102:
+ raise ValueError(e.strerror)
+ approved_usage = 0
if not approved_usage & intended_usage:
raise ValueError('invalid for a SSL server')
if not cert.verify_hostname(hostname):
generated by cgit (git 2.34.1) at 2024-04-30 15:52:26 +0000