Revision a6c43c02 lib/utils/security.py
b/lib/utils/security.py | ||
---|---|---|
28 | 28 |
|
29 | 29 |
from ganeti.utils import io |
30 | 30 |
from ganeti.utils import x509 |
31 |
from ganeti import constants |
|
32 |
from ganeti import errors |
|
31 | 33 |
from ganeti import pathutils |
32 | 34 |
|
33 | 35 |
|
... | ... | |
110 | 112 |
|
111 | 113 |
logging.debug(log_msg) |
112 | 114 |
x509.GenerateSelfSignedSslCert(cert_filename) |
115 |
|
|
116 |
|
|
117 |
def VerifyCertificate(filename): |
|
118 |
"""Verifies a SSL certificate. |
|
119 |
|
|
120 |
@type filename: string |
|
121 |
@param filename: Path to PEM file |
|
122 |
|
|
123 |
""" |
|
124 |
try: |
|
125 |
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, |
|
126 |
io.ReadFile(filename)) |
|
127 |
except Exception, err: # pylint: disable=W0703 |
|
128 |
return (constants.CV_ERROR, |
|
129 |
"Failed to load X509 certificate %s: %s" % (filename, err)) |
|
130 |
|
|
131 |
(errcode, msg) = \ |
|
132 |
x509.VerifyX509Certificate(cert, constants.SSL_CERT_EXPIRATION_WARN, |
|
133 |
constants.SSL_CERT_EXPIRATION_ERROR) |
|
134 |
|
|
135 |
if msg: |
|
136 |
fnamemsg = "While verifying %s: %s" % (filename, msg) |
|
137 |
else: |
|
138 |
fnamemsg = None |
|
139 |
|
|
140 |
if errcode is None: |
|
141 |
return (None, fnamemsg) |
|
142 |
elif errcode == x509.CERT_WARNING: |
|
143 |
return (constants.CV_WARNING, fnamemsg) |
|
144 |
elif errcode == x509.CERT_ERROR: |
|
145 |
return (constants.CV_ERROR, fnamemsg) |
|
146 |
|
|
147 |
raise errors.ProgrammerError("Unhandled certificate error code %r" % errcode) |
Also available in: Unified diff