Revision a6c43c02 lib/utils/security.py
| b/lib/utils/security.py | ||
|---|---|---|
| 28 | 28 |
|
| 29 | 29 |
from ganeti.utils import io |
| 30 | 30 |
from ganeti.utils import x509 |
| 31 |
from ganeti import constants |
|
| 32 |
from ganeti import errors |
|
| 31 | 33 |
from ganeti import pathutils |
| 32 | 34 |
|
| 33 | 35 |
|
| ... | ... | |
| 110 | 112 |
|
| 111 | 113 |
logging.debug(log_msg) |
| 112 | 114 |
x509.GenerateSelfSignedSslCert(cert_filename) |
| 115 |
|
|
| 116 |
|
|
| 117 |
def VerifyCertificate(filename): |
|
| 118 |
"""Verifies a SSL certificate. |
|
| 119 |
|
|
| 120 |
@type filename: string |
|
| 121 |
@param filename: Path to PEM file |
|
| 122 |
|
|
| 123 |
""" |
|
| 124 |
try: |
|
| 125 |
cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, |
|
| 126 |
io.ReadFile(filename)) |
|
| 127 |
except Exception, err: # pylint: disable=W0703 |
|
| 128 |
return (constants.CV_ERROR, |
|
| 129 |
"Failed to load X509 certificate %s: %s" % (filename, err)) |
|
| 130 |
|
|
| 131 |
(errcode, msg) = \ |
|
| 132 |
x509.VerifyX509Certificate(cert, constants.SSL_CERT_EXPIRATION_WARN, |
|
| 133 |
constants.SSL_CERT_EXPIRATION_ERROR) |
|
| 134 |
|
|
| 135 |
if msg: |
|
| 136 |
fnamemsg = "While verifying %s: %s" % (filename, msg) |
|
| 137 |
else: |
|
| 138 |
fnamemsg = None |
|
| 139 |
|
|
| 140 |
if errcode is None: |
|
| 141 |
return (None, fnamemsg) |
|
| 142 |
elif errcode == x509.CERT_WARNING: |
|
| 143 |
return (constants.CV_WARNING, fnamemsg) |
|
| 144 |
elif errcode == x509.CERT_ERROR: |
|
| 145 |
return (constants.CV_ERROR, fnamemsg) |
|
| 146 |
|
|
| 147 |
raise errors.ProgrammerError("Unhandled certificate error code %r" % errcode)
|
|
Also available in: Unified diff