diff options
author | David Kupka <dkupka@redhat.com> | 2017-01-23 10:38:34 +0100 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2017-02-07 13:58:48 +0100 |
commit | 308c790ee90f00e0bc2c40abf51c30e5250631e9 (patch) | |
tree | 8c6ef39585ff3e205b9454d5e3162a2f6acd30f0 | |
parent | 7e2d185ba09382a815e9b0530aeae3d56f9378d1 (diff) | |
download | freeipa-308c790ee90f00e0bc2c40abf51c30e5250631e9.tar.gz freeipa-308c790ee90f00e0bc2c40abf51c30e5250631e9.tar.xz freeipa-308c790ee90f00e0bc2c40abf51c30e5250631e9.zip |
ipalib.x509: Handle missing SAN gracefully
When extension is not present None is returned instead of empty iterable
or exception thrown.
Reviewed-By: Martin Basti <mbasti@redhat.com>
-rw-r--r-- | ipalib/x509.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/ipalib/x509.py b/ipalib/x509.py index 60a947b68..f65cf816c 100644 --- a/ipalib/x509.py +++ b/ipalib/x509.py @@ -435,8 +435,12 @@ def get_san_general_names(cert): asn1Spec=rfc2459.TBSCertificate() )[0] OID_SAN = univ.ObjectIdentifier('2.5.29.17') + # One would expect KeyError or empty iterable when the key ('extensions' + # in this particular case) is not pressent in the certificate but pyasn1 + # returns None here + extensions = tbs['extensions'] or [] gns = [] - for ext in tbs['extensions']: + for ext in extensions: if ext['extnID'] == OID_SAN: der = decoder.decode( ext['extnValue'], asn1Spec=univ.OctetString())[0] |