mirror of
https://github.com/moepman/acertmgr.git
synced 2024-12-29 09:21:51 +01:00
acertmgr: don't fail when no issuer CA can be retrieved
Do not fail if there is no issuer CA download possible in any way. Just let the user provide the (static) CA certifiate at ca_file or fail during certificate deployment.
This commit is contained in:
parent
c0d23631b6
commit
cda4be09f4
@ -95,7 +95,7 @@ def cert_get(settings):
|
||||
crt_final = settings['cert_file']
|
||||
shutil.copy2(crt_file, crt_final)
|
||||
os.chmod(crt_final, stat.S_IREAD)
|
||||
if "static_ca" in settings and not settings['static_ca']:
|
||||
if "static_ca" in settings and not settings['static_ca'] and ca is not None:
|
||||
with io.open(settings['ca_file'], "w") as ca_fd:
|
||||
ca_fd.write(tools.convert_cert_to_pem(ca))
|
||||
finally:
|
||||
|
@ -118,11 +118,17 @@ def download_issuer_ca(cert):
|
||||
break
|
||||
|
||||
if not ca_issuers:
|
||||
raise Exception("Could not determine issuer CA for given certificate: {}".format(cert))
|
||||
print("Could not determine issuer CA for given certificate: {}".format(cert))
|
||||
return None
|
||||
|
||||
print("Downloading CA certificate from {}".format(ca_issuers))
|
||||
cadata = get_url(ca_issuers).read()
|
||||
return x509.load_der_x509_certificate(cadata, default_backend())
|
||||
resp = get_url(ca_issuers)
|
||||
code = resp.getcode()
|
||||
if code >= 400:
|
||||
print("Could not download issuer CA (error {}) for given certificate: {}".format(code, cert))
|
||||
return None
|
||||
|
||||
return x509.load_der_x509_certificate(resp.read(), default_backend())
|
||||
|
||||
|
||||
# @brief convert certificate to PEM format
|
||||
|
Loading…
Reference in New Issue
Block a user