diff options
-rw-r--r-- | src/leap/crypto/certs.py | 10 | ||||
-rw-r--r-- | src/leap/eip/checks.py | 6 |
2 files changed, 11 insertions, 5 deletions
diff --git a/src/leap/crypto/certs.py b/src/leap/crypto/certs.py index 45d7326d..78f49fb0 100644 --- a/src/leap/crypto/certs.py +++ b/src/leap/crypto/certs.py @@ -1,6 +1,5 @@ import ctypes from StringIO import StringIO -import re import socket import gnutls.connection @@ -10,6 +9,10 @@ import gnutls.library from leap.util.misc import null_check +class BadCertError(Exception): + """raised for malformed certs""" + + def get_https_cert_from_domain(domain): """ @param domain: a domain name to get a certificate from. @@ -55,9 +58,8 @@ def can_load_cert_and_pkey(string): null_check(cert, 'certificate') null_check(key, 'private key') except: - # XXX catch GNUTLSError - raise - return False + # XXX catch GNUTLSError? + raise BadCertError else: return True diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py index 4afba8b6..65596d1c 100644 --- a/src/leap/eip/checks.py +++ b/src/leap/eip/checks.py @@ -293,7 +293,11 @@ class ProviderCertChecker(object): certfile = self._get_client_cert_path() with open(certfile) as cf: cert_s = cf.read() - valid = certs.can_load_cert_and_pkey(cert_s) + try: + valid = certs.can_load_cert_and_pkey(cert_s) + except certs.BadCertError: + logger.warning("Not valid pemfile") + valid = False return valid @property |