diff options
author | Christian Heimes <cheimes@redhat.com> | 2017-03-01 11:19:08 +0100 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2017-03-01 15:58:59 +0100 |
commit | 88fd936a761dfce099c4b03529d679256c9860d6 (patch) | |
tree | 8632b6210c2ab8a268677e7f668d9fc69be3aed9 /ipaplatform/redhat | |
parent | 612ea7f66e102c57c2b213eff99ad8f1c91e59a5 (diff) | |
download | freeipa-88fd936a761dfce099c4b03529d679256c9860d6.tar.gz freeipa-88fd936a761dfce099c4b03529d679256c9860d6.tar.xz freeipa-88fd936a761dfce099c4b03529d679256c9860d6.zip |
Remove NSPRError exception from platform tasks
ipalib.x509 no longer raises NSPRError. PyCA cryptography raises
ValueError for invalid certs.
https://fedorahosted.org/freeipa/ticket/5695
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Diffstat (limited to 'ipaplatform/redhat')
-rw-r--r-- | ipaplatform/redhat/tasks.py | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index 123595eb8..8f9b39bf8 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -33,12 +33,11 @@ import base64 import traceback import errno -from cffi import FFI from ctypes.util import find_library from functools import total_ordering - from subprocess import CalledProcessError -from nss.error import NSPRError + +from cffi import FFI from pyasn1.error import PyAsn1Error from six.moves import urllib @@ -223,6 +222,7 @@ class RedHatTaskNamespace(BaseTaskNamespace): def insert_ca_certs_into_systemwide_ca_store(self, ca_certs): from ipalib import x509 # FixMe: break import cycle + from ipalib.errors import CertificateError new_cacert_path = paths.SYSTEMWIDE_IPA_CA_CRT @@ -252,7 +252,7 @@ class RedHatTaskNamespace(BaseTaskNamespace): issuer = x509.get_der_issuer(cert, x509.DER) serial_number = x509.get_der_serial_number(cert, x509.DER) public_key_info = x509.get_der_public_key_info(cert, x509.DER) - except (NSPRError, PyAsn1Error, ValueError) as e: + except (PyAsn1Error, ValueError, CertificateError) as e: root_logger.warning( "Failed to decode certificate \"%s\": %s", nickname, e) continue |