- # parsed by the shell sequence below
- if (re.search('^!EOF\.', noded_cert, re.MULTILINE) or
- re.search('^!EOF\.', rapi_cert, re.MULTILINE)):
- raise errors.OpExecError("invalid PEM encoding in the SSL certificate")
+ # parsed by the shell sequence below. HMAC keys are hexadecimal strings,
+ # so the same restrictions apply.
+ for content in (noded_cert, rapi_cert, hmac_key):
+ if re.search('^!EOF\.', content, re.MULTILINE):
+ raise errors.OpExecError("invalid SSL certificate or HMAC key")