From f6ab08783c0f121d33709a2aaecb6087c69ae3f2 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Fri, 25 Apr 2025 11:05:46 -0400 Subject: [PATCH] python-common/cryptotools: catch all failures to read cert Previously, the internal crypto caller would catch (and convert) some errors when reading the cert but not all cases. Move the logic to catch the errors to a common location and do it once consistently. Signed-off-by: John Mulligan --- src/python-common/ceph/cryptotools/internal.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/python-common/ceph/cryptotools/internal.py b/src/python-common/ceph/cryptotools/internal.py index 2de8d742ced47..7d6e0a487ecc9 100644 --- a/src/python-common/ceph/cryptotools/internal.py +++ b/src/python-common/ceph/cryptotools/internal.py @@ -68,7 +68,10 @@ class InternalCryptoCaller(CryptoCaller): def _load_cert(self, crt: Union[str, bytes]) -> Any: crt_buffer = crt.encode() if isinstance(crt, str) else crt - cert = crypto.load_certificate(crypto.FILETYPE_PEM, crt_buffer) + try: + cert = crypto.load_certificate(crypto.FILETYPE_PEM, crt_buffer) + except (ValueError, crypto.Error) as e: + self.fail('Invalid certificate: %s' % str(e)) return cert def _issuer_info(self, cert: Any) -> Tuple[str, str]: @@ -115,11 +118,7 @@ class InternalCryptoCaller(CryptoCaller): _key.check() except (ValueError, crypto.Error) as e: self.fail('Invalid private key: %s' % str(e)) - try: - _crt = self._load_cert(crt) - except ValueError as e: - self.fail('Invalid certificate key: %s' % str(e)) - + _crt = self._load_cert(crt) try: context = SSL.Context(SSL.TLSv1_METHOD) with warnings.catch_warnings(): -- 2.39.5