diff options
author | John Eckersberg <jeckersb@redhat.com> | 2009-04-14 09:16:23 -0400 |
---|---|---|
committer | Adrian Likins <alikins@redhat.com> | 2009-04-14 11:29:06 -0400 |
commit | 4575d4c9942579a235eb7b46a726ddcd557a2edd (patch) | |
tree | 45b80d4b7968da3935d4d2d9f5c07aa45e365914 /certmaster/certs.py | |
parent | fc94644e28f0af3ce765ec3f87138b264125dee0 (diff) | |
download | certmaster-master.tar.gz certmaster-master.tar.xz certmaster-master.zip |
Usually this happens when a host is re-provisioned and you forget to
run certmaster-ca --clean afterwards to remove the old cert on the
certmaster.
Instead of accepting the cert and throwing a key-mismatch exception,
we log a useful hint to the log and to stderr.
Diffstat (limited to 'certmaster/certs.py')
-rw-r--r-- | certmaster/certs.py | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/certmaster/certs.py b/certmaster/certs.py index 3d8d991..8a1db3a 100644 --- a/certmaster/certs.py +++ b/certmaster/certs.py @@ -137,3 +137,18 @@ def create_slave_certificate(csr, cakey, cacert, cadir, slave_cert_file=None): destfo.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) destfo.close() return cert + +def check_cert_key_match(cert, key): + if not isinstance(cert, crypto.X509Type): + cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert) + if not isinstance(key, crypto.PKeyType): + key = crypto.load_privatekey(crypto.FILETYPE_PEM, key) + + from OpenSSL import SSL + context = SSL.Context(SSL.SSLv3_METHOD) + try: + context.use_certificate(cert) + context.use_privatekey(key) + return True + except: + return False |