mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
If the cafile is not present or readable then raise an exception
This can happen on the API level if a user passes in None as cafile or if the value passed in does not exist or is not readable by the IPA framework user. This will also catch situations where /etc/ipa/ca.crt has incorrect permissions and will provide more useful information than just [Errno 13] Permission denied. https://pagure.io/freeipa/issue/7145 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
This commit is contained in:
@@ -313,6 +313,10 @@ def create_https_connection(
|
||||
raise RuntimeError("cafile argument is required to perform server "
|
||||
"certificate verification")
|
||||
|
||||
if not os.path.isfile(cafile) or not os.access(cafile, os.R_OK):
|
||||
raise RuntimeError("cafile \'{file}\' doesn't exist or is unreadable".
|
||||
format(file=cafile))
|
||||
|
||||
# remove the slice of negating protocol options according to options
|
||||
tls_span = get_proper_tls_version_span(tls_version_min, tls_version_max)
|
||||
|
||||
|
Reference in New Issue
Block a user