http.manage: Ask passphrase twice during --export-ca.

3de956d3 · Vincent Pelletier · c2aa954a · 3de956d3
Commit 3de956d3 authored Feb 02, 2021 by Vincent Pelletier
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 3 deletions

caucase/http.py caucase/http.py +10 -3

No files found.
--- a/caucase/http.py
+++ b/caucase/http.py
@@ -1142,9 +1142,16 @@ def manage(argv=None, stdout=sys.stdout):
      file=stdout,
    )
  if args.export_ca is not None:
-    encryption_algorithm = serialization.BestAvailableEncryption(
+    while True:
-      getBytePass('CA export passphrase: ')
+      passphrase = getBytePass(
-    )
+        'CA export passphrase: ',
+      )
+      if getBytePass(
+        '             (again): ',
+      ) == passphrase:
+        break
+      print('Error: Input does not match, retrying')
+    encryption_algorithm = serialization.BestAvailableEncryption(passphrase)
    with open(args.export_ca, 'wb') as export_ca_file:
      write = export_ca_file.write
      for key_pair in SQLite3Storage(