diff options
author | John Eckersberg <jeckersb@redhat.com> | 2009-04-14 09:16:23 -0400 |
---|---|---|
committer | Adrian Likins <alikins@redhat.com> | 2009-04-14 11:29:06 -0400 |
commit | 4575d4c9942579a235eb7b46a726ddcd557a2edd (patch) | |
tree | 45b80d4b7968da3935d4d2d9f5c07aa45e365914 /certmaster/utils.py | |
parent | fc94644e28f0af3ce765ec3f87138b264125dee0 (diff) | |
download | certmaster-master.tar.gz certmaster-master.tar.xz certmaster-master.zip |
Usually this happens when a host is re-provisioned and you forget to
run certmaster-ca --clean afterwards to remove the old cert on the
certmaster.
Instead of accepting the cert and throwing a key-mismatch exception,
we log a useful hint to the log and to stderr.
Diffstat (limited to 'certmaster/utils.py')
-rw-r--r-- | certmaster/utils.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/certmaster/utils.py b/certmaster/utils.py index 76d5b4d..773b0eb 100644 --- a/certmaster/utils.py +++ b/certmaster/utils.py @@ -179,6 +179,13 @@ def create_minion_keys(): if result: # print "DEBUG: recieved certificate from certmaster" log.debug("received certificate from certmaster %s, storing to %s" % (master_uri, cert_file)) + if not keypair: + keypair = certs.retrieve_key_from_file(key_file) + valid = certs.check_cert_key_match(cert_string, keypair) + if not valid: + log.info("certificate does not match key (run certmaster-ca --clean first?)") + sys.stderr.write("certificate does not match key (run certmaster-ca --clean first?)\n") + return cert_fd = os.open(cert_file, os.O_RDWR|os.O_CREAT, 0644) os.write(cert_fd, cert_string) os.close(cert_fd) |