diff options
author | Jan Cholasta <jcholast@redhat.com> | 2013-06-03 09:14:21 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2013-06-12 12:59:54 +0200 |
commit | 1e772b18451d64e1ece8577abd15afe532432199 (patch) | |
tree | fc7360cfd2e40b0bcb04463e05b9c06efe38b802 /ipaserver/install/certs.py | |
parent | 6b556235266a71eb3f03acaab869a1757534274a (diff) | |
download | freeipa-1e772b18451d64e1ece8577abd15afe532432199.tar.gz freeipa-1e772b18451d64e1ece8577abd15afe532432199.tar.xz freeipa-1e772b18451d64e1ece8577abd15afe532432199.zip |
Handle exceptions gracefully when verifying PKCS#12 files.
https://fedorahosted.org/freeipa/ticket/3667
Diffstat (limited to 'ipaserver/install/certs.py')
-rw-r--r-- | ipaserver/install/certs.py | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index b170c7cb..643cbda3 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -29,6 +29,7 @@ import base64 from hashlib import sha1 from nss import nss +from nss.error import NSPRError from ipapython.ipa_log_manager import root_logger from ipapython import dogtag @@ -286,7 +287,12 @@ class NSSDatabase(object): certdb = nss.get_default_certdb() cert = nss.find_cert_from_nickname(nickname) intended_usage = nss.certificateUsageSSLServer - approved_usage = cert.verify_now(certdb, True, intended_usage) + try: + approved_usage = cert.verify_now(certdb, True, intended_usage) + except NSPRError, e: + if e.errno != -8102: + raise ValueError(e.strerror) + approved_usage = 0 if not approved_usage & intended_usage: raise ValueError('invalid for a SSL server') if not cert.verify_hostname(hostname): |