Revision a8b3b09d
b/lib/tools/prepare_node_join.py | ||
---|---|---|
130 | 130 |
raise errors.X509CertError(_noded_cert_file, |
131 | 131 |
"Unable to load private key: %s" % err) |
132 | 132 |
|
133 |
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD) |
|
134 |
ctx.use_privatekey(key) |
|
135 |
ctx.use_certificate(cert) |
|
133 |
check_fn = utils.PrepareX509CertKeyCheck(cert, key) |
|
136 | 134 |
try: |
137 |
ctx.check_privatekey()
|
|
135 |
check_fn()
|
|
138 | 136 |
except OpenSSL.SSL.Error: |
139 | 137 |
raise JoinError("Given cluster certificate does not match local key") |
140 | 138 |
|
b/lib/utils/x509.py | ||
---|---|---|
319 | 319 |
|
320 | 320 |
return (cert, |
321 | 321 |
OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert)) |
322 |
|
|
323 |
|
|
324 |
def PrepareX509CertKeyCheck(cert, key): |
|
325 |
"""Get function for verifying certificate with a certain private key. |
|
326 |
|
|
327 |
@type key: OpenSSL.crypto.PKey |
|
328 |
@param key: Private key object |
|
329 |
@type cert: OpenSSL.crypto.X509 |
|
330 |
@param cert: X509 certificate object |
|
331 |
@rtype: callable |
|
332 |
@return: Callable doing the actual check; will raise C{OpenSSL.SSL.Error} if |
|
333 |
certificate is not signed by given private key |
|
334 |
|
|
335 |
""" |
|
336 |
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD) |
|
337 |
ctx.use_certificate(cert) |
|
338 |
ctx.use_privatekey(key) |
|
339 |
|
|
340 |
return ctx.check_privatekey |
Also available in: Unified diff