From ca9d971e3b141d4c065852a90592627f61b89a37 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Fri, 25 Apr 2025 11:05:46 -0400 Subject: [PATCH] python-common/cryptotools: catch all failures to read cert Previously, the internal crypto caller would catch (and convert) some errors when reading the cert but not all cases. Move the logic to catch the errors to a common location and do it once consistently. Signed-off-by: John Mulligan (cherry picked from commit f6ab08783c0f121d33709a2aaecb6087c69ae3f2) --- src/python-common/ceph/cryptotools/internal.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/python-common/ceph/cryptotools/internal.py b/src/python-common/ceph/cryptotools/internal.py index 2de8d742ced..7d6e0a487ec 100644 --- a/src/python-common/ceph/cryptotools/internal.py +++ b/src/python-common/ceph/cryptotools/internal.py @@ -68,7 +68,10 @@ class InternalCryptoCaller(CryptoCaller): def _load_cert(self, crt: Union[str, bytes]) -> Any: crt_buffer = crt.encode() if isinstance(crt, str) else crt - cert = crypto.load_certificate(crypto.FILETYPE_PEM, crt_buffer) + try: + cert = crypto.load_certificate(crypto.FILETYPE_PEM, crt_buffer) + except (ValueError, crypto.Error) as e: + self.fail('Invalid certificate: %s' % str(e)) return cert def _issuer_info(self, cert: Any) -> Tuple[str, str]: @@ -115,11 +118,7 @@ class InternalCryptoCaller(CryptoCaller): _key.check() except (ValueError, crypto.Error) as e: self.fail('Invalid private key: %s' % str(e)) - try: - _crt = self._load_cert(crt) - except ValueError as e: - self.fail('Invalid certificate key: %s' % str(e)) - + _crt = self._load_cert(crt) try: context = SSL.Context(SSL.TLSv1_METHOD) with warnings.catch_warnings(): -- 2.47.3