diff --git a/acertmgr/__init__.py b/acertmgr/__init__.py index 7e30be3..9d288dc 100755 --- a/acertmgr/__init__.py +++ b/acertmgr/__init__.py @@ -95,7 +95,7 @@ def cert_get(settings): crt_final = settings['cert_file'] shutil.copy2(crt_file, crt_final) os.chmod(crt_final, stat.S_IREAD) - if "static_ca" in settings and not settings['static_ca']: + if "static_ca" in settings and not settings['static_ca'] and ca is not None: with io.open(settings['ca_file'], "w") as ca_fd: ca_fd.write(tools.convert_cert_to_pem(ca)) finally: diff --git a/acertmgr/tools.py b/acertmgr/tools.py index 29199d4..d11c1b2 100644 --- a/acertmgr/tools.py +++ b/acertmgr/tools.py @@ -118,11 +118,17 @@ def download_issuer_ca(cert): break if not ca_issuers: - raise Exception("Could not determine issuer CA for given certificate: {}".format(cert)) + print("Could not determine issuer CA for given certificate: {}".format(cert)) + return None print("Downloading CA certificate from {}".format(ca_issuers)) - cadata = get_url(ca_issuers).read() - return x509.load_der_x509_certificate(cadata, default_backend()) + resp = get_url(ca_issuers) + code = resp.getcode() + if code >= 400: + print("Could not download issuer CA (error {}) for given certificate: {}".format(code, cert)) + return None + + return x509.load_der_x509_certificate(resp.read(), default_backend()) # @brief convert certificate to PEM format