This adds a little debug script to 'devel/', which eases debugging of SSL problems. When provided with a certificate file (such as client.pem or server.pem), it prints the certificate's digest. This digest can then be compared to the ssconf_master_candidate_certs for example.
Signed-off-by: Helga Velroyen <[email protected]> --- devel/cert_digest.py | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100755 devel/cert_digest.py diff --git a/devel/cert_digest.py b/devel/cert_digest.py new file mode 100755 index 0000000..683fbd3 --- /dev/null +++ b/devel/cert_digest.py @@ -0,0 +1,59 @@ +#!/usr/bin/python + +# Copyright (C) 2015 Google Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# +# 1. Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR +# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# This is a test script to ease debugging of SSL problems. It can be +# applied on any of Ganeti's SSL certificates (for example client.pem +# and server.pem) and will output a digest. + +import sys +import OpenSSL + + +def usage(): + print "%s filename" % sys.argv[0] + print + print "'filename' must be a filename of an SSL certificate in PEM format." + + +if __name__ == "__main__": + + if len(sys.argv) < 2: + usage() + + cert_fd = open(sys.argv[1], "r") + cert_plain = cert_fd.read() + + print "Certificate:" + print cert_plain + + cert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, + cert_plain) + + print "Digest:" + print cert.digest("sha1") + -- 2.5.0.276.gf5e568e
