[Freeipa-devel] [freeipa PR#436][opened] x509: allow leading text in PEM files

Mon, 06 Feb 2017 03:48:07 -0800 

   URL: https://github.com/freeipa/freeipa/pull/436
Author: HonzaCholasta
 Title: #436: x509: allow leading text in PEM files
Action: opened

PR body:
"""
This fixes a regression introduced in commit
b8d6524d43dd0667184aebc79fb77a9b8a46939a.

https://fedorahosted.org/freeipa/ticket/4985
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/436/head:pr436
git checkout pr436

From 7d1e12f773f6b184149936114789ab0d28fe8f09 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Mon, 6 Feb 2017 12:45:31 +0100
Subject: [PATCH] x509: allow leading text in PEM files

This fixes a regression introduced in commit
b8d6524d43dd0667184aebc79fb77a9b8a46939a.

https://fedorahosted.org/freeipa/ticket/4985
---
 ipalib/x509.py                    |  2 +-
 ipatests/test_ipalib/test_x509.py | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/ipalib/x509.py b/ipalib/x509.py
index 87d46ae..33f2bdc 100644
--- a/ipalib/x509.py
+++ b/ipalib/x509.py
@@ -86,7 +86,7 @@ def strip_header(pem):
     Remove the header and footer from a certificate.
     """
     regexp = (
-        u"^-----BEGIN CERTIFICATE-----(.*?)-----END CERTIFICATE-----"
+        u"-----BEGIN CERTIFICATE-----(.*?)-----END CERTIFICATE-----"
     )
     if isinstance(pem, bytes):
         regexp = regexp.encode('ascii')
diff --git a/ipatests/test_ipalib/test_x509.py b/ipatests/test_ipalib/test_x509.py
index 750e086..a3e6cda 100644
--- a/ipatests/test_ipalib/test_x509.py
+++ b/ipatests/test_ipalib/test_x509.py
@@ -69,6 +69,17 @@ def test_1_load_base64_cert(self):
         x509.load_certificate((newcert,))
         x509.load_certificate([newcert])
 
+        # Load a good cert with headers and leading text
+        newcert = (
+            'leading text\n-----BEGIN CERTIFICATE-----' +
+            goodcert +
+            '-----END CERTIFICATE-----')
+        x509.load_certificate(newcert)
+
+        # Should handle list/tuple
+        x509.load_certificate((newcert,))
+        x509.load_certificate([newcert])
+
         # Load a good cert with bad headers
         newcert = '-----BEGIN CERTIFICATE-----' + goodcert
         with pytest.raises((TypeError, ValueError)):

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to