From 20f779b644a551bf56cb735868c55cd50d7c3610 Mon Sep 17 00:00:00 2001
From: kali <kali@leap.se>
Date: Tue, 18 Dec 2012 21:07:06 +0900
Subject: catch gnutls error while validating pemfile

---
 src/leap/crypto/certs.py | 10 ++++++----
 src/leap/eip/checks.py   |  6 +++++-
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/leap/crypto/certs.py b/src/leap/crypto/certs.py
index 45d7326d..78f49fb0 100644
--- a/src/leap/crypto/certs.py
+++ b/src/leap/crypto/certs.py
@@ -1,6 +1,5 @@
 import ctypes
 from StringIO import StringIO
-import re
 import socket
 
 import gnutls.connection
@@ -10,6 +9,10 @@ import gnutls.library
 from leap.util.misc import null_check
 
 
+class BadCertError(Exception):
+    """raised for malformed certs"""
+
+
 def get_https_cert_from_domain(domain):
     """
     @param domain: a domain name to get a certificate from.
@@ -55,9 +58,8 @@ def can_load_cert_and_pkey(string):
         null_check(cert, 'certificate')
         null_check(key, 'private key')
     except:
-        # XXX catch GNUTLSError
-        raise
-        return False
+        # XXX catch GNUTLSError?
+        raise BadCertError
     else:
         return True
 
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index 4afba8b6..65596d1c 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -293,7 +293,11 @@ class ProviderCertChecker(object):
             certfile = self._get_client_cert_path()
             with open(certfile) as cf:
                 cert_s = cf.read()
-        valid = certs.can_load_cert_and_pkey(cert_s)
+        try:
+            valid = certs.can_load_cert_and_pkey(cert_s)
+        except certs.BadCertError:
+            logger.warning("Not valid pemfile")
+            valid = False
         return valid
 
     @property
-- 
cgit v1.2.3