From ef2411e7ec369b046afe0ba3d8325631f3ce22d6 Mon Sep 17 00:00:00 2001
From: Christophe Haen <christophe.haen@cern.ch>
Date: Fri, 17 Feb 2023 08:36:39 +0100
Subject: [PATCH 1/2] Do not crash if the authorityKeyIdentifier is not in the
 certificate

---
 src/fts3/rest/client/delegator.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/fts3/rest/client/delegator.py b/src/fts3/rest/client/delegator.py
index 49e87d5d..cc418162 100644
--- a/src/fts3/rest/client/delegator.py
+++ b/src/fts3/rest/client/delegator.py
@@ -74,6 +74,10 @@ def _workaround_new_extension(name, value, critical=False, issuer=None, _pyfree=
         ctx = m2.x509v3_set_conf_lhash(lhash)
         _init_m2_ctx(ctx, issuer)
         x509_ext_ptr = m2.x509v3_ext_conf(lhash, ctx, name, value)
+    except X509.X509Error:
+        if not critical:
+            return None
+        raise
 
     if x509_ext_ptr is None:
         raise Exception("Could not create the X509v3 extension")
@@ -190,7 +194,8 @@ class Delegator(object):
                 critical=False,
                 issuer=self.context.x509,
             )
-            proxy.add_ext(identifier_ext)
+            if identifier_ext:
+                proxy.add_ext(identifier_ext)
 
         any_rfc_proxies = False
         # FTS-1217 Ignore the user input and select the min proxy lifetime available on the list
-- 
GitLab


From 3af379872dc512aa43135288a453c6158bc84c0d Mon Sep 17 00:00:00 2001
From: Christophe Haen <christophe.haen@cern.ch>
Date: Fri, 17 Feb 2023 10:53:03 +0100
Subject: [PATCH 2/2] M2crypto requires password to be bytes

---
 src/fts3/rest/client/context.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/fts3/rest/client/context.py b/src/fts3/rest/client/context.py
index b8051e23..63ef5291 100644
--- a/src/fts3/rest/client/context.py
+++ b/src/fts3/rest/client/context.py
@@ -63,7 +63,7 @@ def _get_default_proxy():
 class Context(object):
     def _read_passwd_from_stdin(self, *args, **kwargs):
         if not self.passwd:
-            self.passwd = getpass.getpass("Private key password: ")
+            self.passwd = getpass.getpass("Private key password: ").encode()
         return self.passwd
 
     def _set_x509(self, ucert, ukey):
-- 
GitLab