From ef2411e7ec369b046afe0ba3d8325631f3ce22d6 Mon Sep 17 00:00:00 2001 From: Christophe Haen <christophe.haen@cern.ch> Date: Fri, 17 Feb 2023 08:36:39 +0100 Subject: [PATCH 1/2] Do not crash if the authorityKeyIdentifier is not in the certificate --- src/fts3/rest/client/delegator.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/fts3/rest/client/delegator.py b/src/fts3/rest/client/delegator.py index 49e87d5d..cc418162 100644 --- a/src/fts3/rest/client/delegator.py +++ b/src/fts3/rest/client/delegator.py @@ -74,6 +74,10 @@ def _workaround_new_extension(name, value, critical=False, issuer=None, _pyfree= ctx = m2.x509v3_set_conf_lhash(lhash) _init_m2_ctx(ctx, issuer) x509_ext_ptr = m2.x509v3_ext_conf(lhash, ctx, name, value) + except X509.X509Error: + if not critical: + return None + raise if x509_ext_ptr is None: raise Exception("Could not create the X509v3 extension") @@ -190,7 +194,8 @@ class Delegator(object): critical=False, issuer=self.context.x509, ) - proxy.add_ext(identifier_ext) + if identifier_ext: + proxy.add_ext(identifier_ext) any_rfc_proxies = False # FTS-1217 Ignore the user input and select the min proxy lifetime available on the list -- GitLab From 3af379872dc512aa43135288a453c6158bc84c0d Mon Sep 17 00:00:00 2001 From: Christophe Haen <christophe.haen@cern.ch> Date: Fri, 17 Feb 2023 10:53:03 +0100 Subject: [PATCH 2/2] M2crypto requires password to be bytes --- src/fts3/rest/client/context.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fts3/rest/client/context.py b/src/fts3/rest/client/context.py index b8051e23..63ef5291 100644 --- a/src/fts3/rest/client/context.py +++ b/src/fts3/rest/client/context.py @@ -63,7 +63,7 @@ def _get_default_proxy(): class Context(object): def _read_passwd_from_stdin(self, *args, **kwargs): if not self.passwd: - self.passwd = getpass.getpass("Private key password: ") + self.passwd = getpass.getpass("Private key password: ").encode() return self.passwd def _set_x509(self, ucert, ukey): -- GitLab