|
|
590d18 |
From 688660a0545f5a29b6f4f2f06bbef23d3dbef688 Mon Sep 17 00:00:00 2001
|
|
|
590d18 |
From: Fraser Tweedale <ftweedal@redhat.com>
|
|
|
590d18 |
Date: Fri, 24 Jul 2015 09:23:07 -0400
|
|
|
590d18 |
Subject: [PATCH] Work around python-nss bug on unrecognised OIDs
|
|
|
590d18 |
|
|
|
590d18 |
A bug in python-nss causes an error to be thrown when converting an
|
|
|
590d18 |
unrecognised OID to a string. If cert-request receives a PKCS #10
|
|
|
590d18 |
CSR with an unknown extension, the error is thrown.
|
|
|
590d18 |
|
|
|
590d18 |
Work around this error by first checking if the OID is recognised
|
|
|
590d18 |
and, if it is not, using a different method to obtain its string
|
|
|
590d18 |
representation.
|
|
|
590d18 |
|
|
|
590d18 |
Once the python-nss bug is fixed, this workaround should be
|
|
|
590d18 |
reverted. https://bugzilla.redhat.com/show_bug.cgi?id=1246729
|
|
|
590d18 |
|
|
|
590d18 |
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
590d18 |
---
|
|
|
590d18 |
ipalib/pkcs10.py | 15 ++++++++++++++-
|
|
|
590d18 |
1 file changed, 14 insertions(+), 1 deletion(-)
|
|
|
590d18 |
|
|
|
590d18 |
diff --git a/ipalib/pkcs10.py b/ipalib/pkcs10.py
|
|
|
590d18 |
index 6299dfea43b7a3f4104f0b0ec78c4f105d9daf62..64670835127e96f1d724c5f32ed7a939d37b7f16 100644
|
|
|
590d18 |
--- a/ipalib/pkcs10.py
|
|
|
590d18 |
+++ b/ipalib/pkcs10.py
|
|
|
590d18 |
@@ -53,7 +53,20 @@ def get_extensions(csr, datatype=PEM):
|
|
|
590d18 |
The return value is a tuple of strings
|
|
|
590d18 |
"""
|
|
|
590d18 |
request = load_certificate_request(csr, datatype)
|
|
|
590d18 |
- return tuple(nss.oid_dotted_decimal(ext.oid_tag)[4:]
|
|
|
590d18 |
+
|
|
|
590d18 |
+ # Work around a bug in python-nss where nss.oid_dotted_decimal
|
|
|
590d18 |
+ # errors on unrecognised OIDs
|
|
|
590d18 |
+ #
|
|
|
590d18 |
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1246729
|
|
|
590d18 |
+ #
|
|
|
590d18 |
+ def get_prefixed_oid_str(ext):
|
|
|
590d18 |
+ """Returns a string like 'OID.1.2...'."""
|
|
|
590d18 |
+ if ext.oid_tag == 0:
|
|
|
590d18 |
+ return repr(ext)
|
|
|
590d18 |
+ else:
|
|
|
590d18 |
+ return nss.oid_dotted_decimal(ext.oid)
|
|
|
590d18 |
+
|
|
|
590d18 |
+ return tuple(get_prefixed_oid_str(ext)[4:]
|
|
|
590d18 |
for ext in request.extensions)
|
|
|
590d18 |
|
|
|
590d18 |
class _PrincipalName(univ.Sequence):
|
|
|
590d18 |
--
|
|
|
590d18 |
2.4.3
|
|
|
590d18 |
|