Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos-caddy
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Guillaume Hervier
slapos-caddy
Commits
ad7c3f64
Commit
ad7c3f64
authored
Oct 25, 2016
by
Julien Muchembled
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
certificate_authority: fix temporary file leak when checking certificates
parent
6b51f873
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
10 additions
and
42 deletions
+10
-42
slapos/recipe/certificate_authority/__init__.py
slapos/recipe/certificate_authority/__init__.py
+10
-42
No files found.
slapos/recipe/certificate_authority/__init__.py
View file @
ad7c3f64
...
@@ -156,47 +156,15 @@ class Request(Recipe):
...
@@ -156,47 +156,15 @@ class Request(Recipe):
return
path_list
return
path_list
def
_checkCertificateKeyConsistency
(
self
,
key
,
certificate
,
ca
=
""
):
def
_checkCertificateKeyConsistency
(
self
,
key
,
certificate
):
openssl_binary
=
self
.
options
.
get
(
'openssl-binary'
,
'openssl'
)
openssl_binary
=
self
.
options
.
get
(
'openssl-binary'
,
'openssl'
)
tmpdir
=
tempfile
.
mkdtemp
()
# Simple test if the user/certificates are readable and don't raise
with
open
(
tmpdir
+
"/ca"
,
"w"
)
as
f
:
popenCommunicate
((
openssl_binary
,
'x509'
,
'-noout'
,
'-text'
),
certificate
)
f
.
write
(
ca
)
popenCommunicate
((
openssl_binary
,
'rsa'
,
'-noout'
,
'-text'
),
key
)
with
open
(
tmpdir
+
"/key"
,
"w"
)
as
f
:
# Check if the key and certificate match
f
.
write
(
key
)
modulus_cert
=
popenCommunicate
((
openssl_binary
,
'x509'
,
'-noout'
,
'-modulus'
),
certificate
)
modulus_key
=
popenCommunicate
((
openssl_binary
,
'rsa'
,
'-noout'
,
'-modulus'
),
key
)
with
open
(
tmpdir
+
"/cert"
,
"w"
)
as
f
:
if
modulus_cert
!=
modulus_key
:
f
.
write
(
certificate
)
raise
ValueError
(
"The key and certificate provided don't patch each other. Please check your parameters"
)
try
:
# Simple test if the user/certificates are readable and don't raise
popenCommunicate
([
openssl_binary
,
'x509'
,
'-noout'
,
'-text'
,
'-in'
,
tmpdir
+
"/cert"
])
popenCommunicate
([
openssl_binary
,
'rsa'
,
'-noout'
,
'-text'
,
'-in'
,
tmpdir
+
"/key"
])
# Get md5 to check if the key and certificate matches
modulus_cert
=
popenCommunicate
([
openssl_binary
,
'x509'
,
'-noout'
,
'-modulus'
,
'-in'
,
tmpdir
+
"/cert"
])
modulus_key
=
popenCommunicate
([
openssl_binary
,
'rsa'
,
'-noout'
,
'-modulus'
,
'-in'
,
tmpdir
+
"/key"
])
md5sum_cert
=
popenCommunicate
([
openssl_binary
,
'md5'
],
modulus_cert
)
md5sum_key
=
popenCommunicate
([
openssl_binary
,
'md5'
],
modulus_key
)
if
md5sum_cert
!=
md5sum_key
:
raise
ValueError
(
"The key and certificate provided don't patch each other. Please check your parameters"
)
except
:
try
:
file_list
=
[
tmpdir
+
"/ca"
,
tmpdir
+
"/key"
,
tmpdir
+
"/cert"
]
for
f
in
file_list
:
if
os
.
path
.
exists
(
f
):
os
.
unlink
(
f
)
if
os
.
path
.
exists
(
tmpdir
):
os
.
rmdir
(
tmpdir
)
except
:
# do not raise during cleanup
pass
raise
else
:
pass
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment