summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/leap/crypto/certs.py10
-rw-r--r--src/leap/eip/checks.py6
2 files changed, 11 insertions, 5 deletions
diff --git a/src/leap/crypto/certs.py b/src/leap/crypto/certs.py
index 45d7326d..78f49fb0 100644
--- a/src/leap/crypto/certs.py
+++ b/src/leap/crypto/certs.py
@@ -1,6 +1,5 @@
import ctypes
from StringIO import StringIO
-import re
import socket
import gnutls.connection
@@ -10,6 +9,10 @@ import gnutls.library
from leap.util.misc import null_check
+class BadCertError(Exception):
+ """raised for malformed certs"""
+
+
def get_https_cert_from_domain(domain):
"""
@param domain: a domain name to get a certificate from.
@@ -55,9 +58,8 @@ def can_load_cert_and_pkey(string):
null_check(cert, 'certificate')
null_check(key, 'private key')
except:
- # XXX catch GNUTLSError
- raise
- return False
+ # XXX catch GNUTLSError?
+ raise BadCertError
else:
return True
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index 4afba8b6..65596d1c 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -293,7 +293,11 @@ class ProviderCertChecker(object):
certfile = self._get_client_cert_path()
with open(certfile) as cf:
cert_s = cf.read()
- valid = certs.can_load_cert_and_pkey(cert_s)
+ try:
+ valid = certs.can_load_cert_and_pkey(cert_s)
+ except certs.BadCertError:
+ logger.warning("Not valid pemfile")
+ valid = False
return valid
@property