summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changes/bug-3362_check-for-cacert-existence-before-use1
-rw-r--r--src/leap/config/providerconfig.py16
-rw-r--r--src/leap/services/eip/providerbootstrapper.py10
3 files changed, 21 insertions, 6 deletions
diff --git a/changes/bug-3362_check-for-cacert-existence-before-use b/changes/bug-3362_check-for-cacert-existence-before-use
new file mode 100644
index 00000000..5f69f193
--- /dev/null
+++ b/changes/bug-3362_check-for-cacert-existence-before-use
@@ -0,0 +1 @@
+ o Verify cacert existence before using it. Closes bug #3362.
diff --git a/src/leap/config/providerconfig.py b/src/leap/config/providerconfig.py
index 744199f8..eb097034 100644
--- a/src/leap/config/providerconfig.py
+++ b/src/leap/config/providerconfig.py
@@ -21,13 +21,20 @@ Provider configuration
import logging
import os
-from leap.common.check import leap_assert
+from leap.common.check import leap_check
from leap.common.config.baseconfig import BaseConfig, LocalizedKey
from leap.config.provider_spec import leap_provider_spec
logger = logging.getLogger(__name__)
+class MissingCACert(Exception):
+ """
+ Raised when a CA certificate is needed but not found.
+ """
+ pass
+
+
class ProviderConfig(BaseConfig):
"""
Provider configuration abstraction class
@@ -118,6 +125,8 @@ class ProviderConfig(BaseConfig):
def get_ca_cert_path(self, about_to_download=False):
"""
Returns the path to the certificate for the current provider.
+ It may raise MissingCACert if
+ the certificate does not exists and not about_to_download
:param about_to_download: defines wether we want the path to
download the cert or not. This helps avoid
@@ -135,8 +144,9 @@ class ProviderConfig(BaseConfig):
"cacert.pem")
if not about_to_download:
- leap_assert(os.path.exists(cert_path),
- "You need to download the certificate first")
+ cert_exists = os.path.exists(cert_path)
+ error_msg = "You need to download the certificate first"
+ leap_check(cert_exists, error_msg, MissingCACert)
logger.debug("Going to verify SSL against %s" % (cert_path,))
return cert_path
diff --git a/src/leap/services/eip/providerbootstrapper.py b/src/leap/services/eip/providerbootstrapper.py
index 723475b8..bf5938dc 100644
--- a/src/leap/services/eip/providerbootstrapper.py
+++ b/src/leap/services/eip/providerbootstrapper.py
@@ -29,7 +29,7 @@ from PySide import QtCore
from leap.common.certs import get_digest
from leap.common.files import check_and_fix_urw_only, get_mtime, mkdir_p
from leap.common.check import leap_assert, leap_assert_type, leap_check
-from leap.config.providerconfig import ProviderConfig
+from leap.config.providerconfig import ProviderConfig, MissingCACert
from leap.util.request_helpers import get_content
from leap.util.constants import REQUEST_TIMEOUT
from leap.services.abstractbootstrapper import AbstractBootstrapper
@@ -147,8 +147,12 @@ class ProviderBootstrapper(AbstractBootstrapper):
if mtime: # the provider.json exists
provider_config = ProviderConfig()
provider_config.load(provider_json)
- uri = provider_config.get_api_uri() + '/provider.json'
- verify = provider_config.get_ca_cert_path()
+ try:
+ verify = provider_config.get_ca_cert_path()
+ uri = provider_config.get_api_uri() + '/provider.json'
+ except MissingCACert:
+ # get_ca_cert_path fails if the certificate does not exists.
+ pass
logger.debug("Requesting for provider.json... "
"uri: {0}, verify: {1}, headers: {2}".format(