1
0
mirror of https://github.com/moepman/acertmgr.git synced 2024-12-29 09:21:51 +01:00

acertmgr: don't fail when no issuer CA can be retrieved

Do not fail if there is no issuer CA download possible in any way. Just
let the user provide the (static) CA certifiate at ca_file or fail during
certificate deployment.
This commit is contained in:
Kishi85 2019-03-23 08:28:02 +01:00
parent c0d23631b6
commit cda4be09f4
2 changed files with 10 additions and 4 deletions

View File

@ -95,7 +95,7 @@ def cert_get(settings):
crt_final = settings['cert_file']
shutil.copy2(crt_file, crt_final)
os.chmod(crt_final, stat.S_IREAD)
if "static_ca" in settings and not settings['static_ca']:
if "static_ca" in settings and not settings['static_ca'] and ca is not None:
with io.open(settings['ca_file'], "w") as ca_fd:
ca_fd.write(tools.convert_cert_to_pem(ca))
finally:

View File

@ -118,11 +118,17 @@ def download_issuer_ca(cert):
break
if not ca_issuers:
raise Exception("Could not determine issuer CA for given certificate: {}".format(cert))
print("Could not determine issuer CA for given certificate: {}".format(cert))
return None
print("Downloading CA certificate from {}".format(ca_issuers))
cadata = get_url(ca_issuers).read()
return x509.load_der_x509_certificate(cadata, default_backend())
resp = get_url(ca_issuers)
code = resp.getcode()
if code >= 400:
print("Could not download issuer CA (error {}) for given certificate: {}".format(code, cert))
return None
return x509.load_der_x509_certificate(resp.read(), default_backend())
# @brief convert certificate to PEM format