From 0e4fbc3b0d15fd219d831b0b49f5312894448206 Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Mon, 29 Jul 2024 09:58:30 -0400 Subject: [PATCH] ipa-migrate - properly handle invalid certificates A ValueError is raised when an invalid certificate is used, so the tool should handle this properly and not produce a stack trace. Fixes: https://pagure.io/freeipa/issue/9642 Signed-off-by: Mark Reynolds Reviewed-By: Rob Crittenden --- ipaserver/install/ipa_migrate.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ipaserver/install/ipa_migrate.py b/ipaserver/install/ipa_migrate.py index 20f59f84d..e21937401 100644 --- a/ipaserver/install/ipa_migrate.py +++ b/ipaserver/install/ipa_migrate.py @@ -761,6 +761,12 @@ class IPAMigrate(): try: ds_conn = LDAPClient(ldapuri, cacert=self.args.cacertfile, start_tls=True) + except ValueError: + # Most likely invalid certificate + self.handle_error( + "Failed to connect to remote server: " + "CA certificate is invalid" + ) except ( ldap.LDAPError, errors.NetworkError,