Prevent duplicate CA entries
Message-ID: <5947ee4e.h2dohNJCosc4bbcJ%lm(a)mathias-kettner.de>
User-Agent: Heirloom mailx 12.5 6/20/10
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Module: check_mk
Branch: master
Commit: 69d64f4d95a6c7c9e0db4b4bbcd9a5fa40dc17c3
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=69d64f4d95a6c7…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jun 19 16:51:25 2017 +0200
Trusted CA certificates: Also read .crt files from cert dirs; Prevent duplicate CA
entries
Change-Id: I7d5f05cc40cad4ca5918dabfa5891db199ad8c69
---
web/htdocs/watolib.py | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/web/htdocs/watolib.py b/web/htdocs/watolib.py
index 436a44e..bddd9f7 100644
--- a/web/htdocs/watolib.py
+++ b/web/htdocs/watolib.py
@@ -412,6 +412,9 @@ class ConfigDomainCACertificates(ConfigDomain):
"/etc/pki/tls/certs", # CentOS/RedHat
]
+ _PEM_RE = re.compile(
+ b"-----BEGIN CERTIFICATE-----\r?.+?\r?-----END
CERTIFICATE-----\r?\n?""", re.DOTALL)
+
def config_dir(self):
return multisite_dir
@@ -443,7 +446,7 @@ class ConfigDomainCACertificates(ConfigDomain):
def _get_system_wide_trusted_ca_certificates(self):
- trusted_cas, errors = [], []
+ trusted_cas, errors = set([]), []
for cert_path in self.system_wide_trusted_ca_search_paths:
if not os.path.isdir(cert_path):
continue
@@ -451,10 +454,10 @@ class ConfigDomainCACertificates(ConfigDomain):
for entry in os.listdir(cert_path):
try:
ext = os.path.splitext(entry)[-1]
- if ext != ".pem":
+ if ext not in [ ".pem", ".crt" ]:
continue
- trusted_cas.append(file(os.path.join(cert_path, entry)).read())
+
trusted_cas.update(self._get_certificates_from_file(os.path.join(cert_path, entry)))
except IOError:
log_exception()
errors.append("Failed to add certificate '%s' to trusted
CA certificates. "
@@ -462,7 +465,12 @@ class ConfigDomainCACertificates(ConfigDomain):
break
- return trusted_cas, errors
+ return list(trusted_cas), errors
+
+ def _get_certificates_from_file(self, path):
+ return [ match.group(0) for match in self._PEM_RE.finditer(open(path).read()) ]
+
+
#.
# .--Hosts & Folders-----------------------------------------------------.