[Freeipa-devel] [freeipa PR#524][synchronized] Remove NSPRError exception from platform tasks

Wed, 01 Mar 2017 05:02:29 -0800 

   URL: https://github.com/freeipa/freeipa/pull/524
Author: tiran
 Title: #524: Remove NSPRError exception from platform tasks
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/524/head:pr524
git checkout pr524

From 7ed05a05433cd3dd068da0f1212ac6496f46d49d Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Wed, 1 Mar 2017 11:19:08 +0100
Subject: [PATCH] Remove NSPRError exception from platform tasks

ipalib.x509 no longer raises NSPRError. PyCA cryptography raises
ValueError for invalid certs.

https://fedorahosted.org/freeipa/ticket/5695

Signed-off-by: Christian Heimes <chei...@redhat.com>
---
 ipaplatform/redhat/tasks.py | 8 ++++----
 ipaplatform/setup.py        | 1 -
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 123595e..8f9b39b 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -33,12 +33,11 @@
 import traceback
 import errno
 
-from cffi import FFI
 from ctypes.util import find_library
 from functools import total_ordering
-
 from subprocess import CalledProcessError
-from nss.error import NSPRError
+
+from cffi import FFI
 from pyasn1.error import PyAsn1Error
 from six.moves import urllib
 
@@ -223,6 +222,7 @@ def reload_systemwide_ca_store(self):
 
     def insert_ca_certs_into_systemwide_ca_store(self, ca_certs):
         from ipalib import x509  # FixMe: break import cycle
+        from ipalib.errors import CertificateError
 
         new_cacert_path = paths.SYSTEMWIDE_IPA_CA_CRT
 
@@ -252,7 +252,7 @@ def insert_ca_certs_into_systemwide_ca_store(self, ca_certs):
                 issuer = x509.get_der_issuer(cert, x509.DER)
                 serial_number = x509.get_der_serial_number(cert, x509.DER)
                 public_key_info = x509.get_der_public_key_info(cert, x509.DER)
-            except (NSPRError, PyAsn1Error, ValueError) as e:
+            except (PyAsn1Error, ValueError, CertificateError) as e:
                 root_logger.warning(
                     "Failed to decode certificate \"%s\": %s", nickname, e)
                 continue
diff --git a/ipaplatform/setup.py b/ipaplatform/setup.py
index 6637830..501e2bc 100644
--- a/ipaplatform/setup.py
+++ b/ipaplatform/setup.py
@@ -45,7 +45,6 @@
             # "ipalib",  # circular dependency
             "ipapython",
             "pyasn1",
-            "python-nss",
             "six",
         ],
     )

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to