summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/leap/eip/checks.py29
1 files changed, 6 insertions, 23 deletions
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index 92964a9d..d7f4402b 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -160,7 +160,6 @@ class ProviderCertChecker(object):
if autocacert and verify is True and self.cacert is not None:
logger.debug('verify cert: %s', self.cacert)
verify = self.cacert
- #import pdb4qt; pdb4qt.set_trace()
logger.debug('is https working?')
logger.debug('uri: %s (verify:%s)', uri, verify)
try:
@@ -278,7 +277,10 @@ class ProviderCertChecker(object):
cert = gnutls.crypto.X509Certificate(cert_s)
from_ = time.gmtime(cert.activation_time)
to_ = time.gmtime(cert.expiration_time)
- return from_ < now() < to_
+ # FIXME BUG ON LEAP_CLI, certs are not valid on gmtime
+ # See #1153
+ #return from_ < now() < to_
+ return now() < to_
def is_valid_pemfile(self, cert_s=None):
"""
@@ -292,27 +294,8 @@ class ProviderCertChecker(object):
certfile = self._get_client_cert_path()
with open(certfile) as cf:
cert_s = cf.read()
- try:
- # XXX get a real cert validation
- # so far this is only checking begin/end
- # delimiters :)
- # XXX use gnutls for get proper
- # validation.
- # crypto.X509Certificate(cert_s)
- sep = "-" * 5 + "BEGIN CERTIFICATE" + "-" * 5
- # we might have private key and cert in the same file
- certparts = cert_s.split(sep)
- if len(certparts) > 1:
- cert_s = sep + certparts[1]
- ssl.PEM_cert_to_DER_cert(cert_s)
- except ValueError:
- # valid_pemfile raises a value error if not BEGIN_CERTIFICATE in
- # there...
- return False
- except:
- # XXX raise proper exception
- raise
- return True
+ valid = certs.can_load_cert_and_pkey(cert_s)
+ return valid
@property
def ca_cert_path(self):