From: Adam King <adking@redhat.com>
Date: Mon, 22 Jul 2024 15:27:26 +0000 (-0400)
Subject: pybind/mgr/mgr_util: convert certs to bytes before loading them
X-Git-Tag: v17.2.8~269^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=3b66176507ed32dde1727fc45a793062ddf4dc30;p=ceph.git

pybind/mgr/mgr_util: convert certs to bytes before loading them

This function expects to be passed bytes rather than a string.
Mypy complains about failing to do this conversion

mgr_util.py: note: In function "verify_cacrt_content":
mgr_util.py:547: error: Argument 2 to "load_certificate" has incompatible type "str"; expected "bytes"
mgr_util.py: note: In function "verify_tls":
mgr_util.py:584: error: Argument 2 to "load_certificate" has incompatible type "str"; expected "bytes"

Signed-off-by: Adam King <adking@redhat.com>
---

diff --git a/src/pybind/mgr/mgr_util.py b/src/pybind/mgr/mgr_util.py
index 007386d29c8c..24298ae63a8c 100644
--- a/src/pybind/mgr/mgr_util.py
+++ b/src/pybind/mgr/mgr_util.py
@@ -544,7 +544,7 @@ def verify_cacrt_content(crt):
     # type: (str) -> None
     from OpenSSL import crypto
     try:
-        x509 = crypto.load_certificate(crypto.FILETYPE_PEM, crt)
+        x509 = crypto.load_certificate(crypto.FILETYPE_PEM, crt.encode('utf-8'))
         if x509.has_expired():
             logger.warning('Certificate has expired: {}'.format(crt))
     except (ValueError, crypto.Error) as e:
@@ -581,7 +581,7 @@ def verify_tls(crt, key):
         raise ServerConfigException(
             'Invalid private key: {}'.format(str(e)))
     try:
-        _crt = crypto.load_certificate(crypto.FILETYPE_PEM, crt)
+        _crt = crypto.load_certificate(crypto.FILETYPE_PEM, crt.encode('utf-8'))
     except ValueError as e:
         raise ServerConfigException(
             'Invalid certificate key: {}'.format(str(e))