txaws-dev team mailing list archive

[Rex Tsai <rex.tsai@xxxxxxxxxx>]

Rex Tsai has proposed merging lp:~chihchun/txaws/txaws-lp1050741 into lp:txaws.

Requested reviews:
  txAWS Committers (txaws-dev)

For more details, see:
https://code.launchpad.net/~chihchun/txaws/txaws-lp1050741/+merge/130777

Improved handling broken PEM files from /etc/ssh/certs
-- 
https://code.launchpad.net/~chihchun/txaws/txaws-lp1050741/+merge/130777
Your team txAWS Committers is requested to review the proposed merge of lp:~chihchun/txaws/txaws-lp1050741 into lp:txaws.

=== modified file 'txaws/client/ssl.py'
--- txaws/client/ssl.py	2012-01-26 23:05:01 +0000
+++ txaws/client/ssl.py	2012-10-22 11:17:23 +0000
@@ -4,7 +4,7 @@
 import sys
 
 from OpenSSL import SSL
-from OpenSSL.crypto import load_certificate, FILETYPE_PEM
+from OpenSSL.crypto import load_certificate, FILETYPE_PEM, Error
 
 from twisted.internet.ssl import CertificateOptions
 
@@ -107,10 +107,14 @@
             cert_file = open(cert_file_name)
             data = cert_file.read()
             cert_file.close()
-            x509 = load_certificate(FILETYPE_PEM, data)
-            digest = x509.digest("sha1")
-            # Now, de-duplicate in case the same cert has multiple names.
-            certificate_authority_map[digest] = x509
+	    try:
+                x509 = load_certificate(FILETYPE_PEM, data)
+                digest = x509.digest("sha1")
+                # Now, de-duplicate in case the same cert has multiple names.
+                certificate_authority_map[digest] = x509
+	    except Error:
+		# ignore broken PEM file.
+		continue
     values = certificate_authority_map.values()
     if len(values) == 0:
         raise exception.CertsNotFoundError("Could not find any .pem files.")