From: John Mulligan Date: Wed, 23 Apr 2025 15:25:07 +0000 (-0400) Subject: python-common/cryptotools: fix error path in verify tls function X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=96a7a72cf414a3dc5c8587d34e80838cc64b71a4;p=ceph.git python-common/cryptotools: fix error path in verify tls function The remote verify_tls function was not raising errors when it should. Fix the function so that it always returns an object when it succeeds or fails gracefully. Always parse that function in the crypto caller class. Signed-off-by: John Mulligan --- diff --git a/src/python-common/ceph/cryptotools/cryptotools.py b/src/python-common/ceph/cryptotools/cryptotools.py index e021cf82ad6b7..c38ee44fec48a 100644 --- a/src/python-common/ceph/cryptotools/cryptotools.py +++ b/src/python-common/ceph/cryptotools/cryptotools.py @@ -129,12 +129,11 @@ def get_cert_issuer_info(args: Namespace) -> None: def _fail_message(msg: str) -> None: - json.dump({'error': msg}, sys.stderr) - sys.exit(1) + json.dump({'error': msg}, sys.stdout) + sys.exit(0) def verify_tls(args: Namespace) -> None: - data = json.loads(sys.stdin.read()) crt = data['crt'] @@ -163,6 +162,7 @@ def verify_tls(args: Namespace) -> None: _fail_message('Private key and certificate do not match up: %s' % str(e)) except SSL.Error as e: _fail_message(f'Invalid cert/key pair: {e}') + json.dump({'ok': True}, sys.stdout) # need to emit something on success if __name__ == "__main__": diff --git a/src/python-common/ceph/cryptotools/remote.py b/src/python-common/ceph/cryptotools/remote.py index 9a668ca4bfa26..3271ac847a87a 100644 --- a/src/python-common/ceph/cryptotools/remote.py +++ b/src/python-common/ceph/cryptotools/remote.py @@ -121,12 +121,13 @@ class CryptoCaller: """Given a TLS certificate and a private key raise an error if the combination is not valid. """ - self._run( + result = self._run( ['verify_tls'], input_data=json.dumps({'crt': crt, 'key': key}), capture_output=True, check=True, ) + self._result_json(result) # for errors only def verify_cacrt_content(self, crt: str) -> int: """Verify a CA Certificate return the number of days until expiration."""