URL: https://github.com/freeipa/freeipa/pull/436 Author: HonzaCholasta Title: #436: x509: allow leading text in PEM files Action: opened
PR body: """ This fixes a regression introduced in commit b8d6524d43dd0667184aebc79fb77a9b8a46939a. https://fedorahosted.org/freeipa/ticket/4985 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/436/head:pr436 git checkout pr436
From 7d1e12f773f6b184149936114789ab0d28fe8f09 Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Mon, 6 Feb 2017 12:45:31 +0100 Subject: [PATCH] x509: allow leading text in PEM files This fixes a regression introduced in commit b8d6524d43dd0667184aebc79fb77a9b8a46939a. https://fedorahosted.org/freeipa/ticket/4985 --- ipalib/x509.py | 2 +- ipatests/test_ipalib/test_x509.py | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/ipalib/x509.py b/ipalib/x509.py index 87d46ae..33f2bdc 100644 --- a/ipalib/x509.py +++ b/ipalib/x509.py @@ -86,7 +86,7 @@ def strip_header(pem): Remove the header and footer from a certificate. """ regexp = ( - u"^-----BEGIN CERTIFICATE-----(.*?)-----END CERTIFICATE-----" + u"-----BEGIN CERTIFICATE-----(.*?)-----END CERTIFICATE-----" ) if isinstance(pem, bytes): regexp = regexp.encode('ascii') diff --git a/ipatests/test_ipalib/test_x509.py b/ipatests/test_ipalib/test_x509.py index 750e086..a3e6cda 100644 --- a/ipatests/test_ipalib/test_x509.py +++ b/ipatests/test_ipalib/test_x509.py @@ -69,6 +69,17 @@ def test_1_load_base64_cert(self): x509.load_certificate((newcert,)) x509.load_certificate([newcert]) + # Load a good cert with headers and leading text + newcert = ( + 'leading text\n-----BEGIN CERTIFICATE-----' + + goodcert + + '-----END CERTIFICATE-----') + x509.load_certificate(newcert) + + # Should handle list/tuple + x509.load_certificate((newcert,)) + x509.load_certificate([newcert]) + # Load a good cert with bad headers newcert = '-----BEGIN CERTIFICATE-----' + goodcert with pytest.raises((TypeError, ValueError)):
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code