mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-11 08:41:55 -06:00
Work around python-nss bug on unrecognised OIDs
A bug in python-nss causes an error to be thrown when converting an unrecognised OID to a string. If cert-request receives a PKCS #10 CSR with an unknown extension, the error is thrown. Work around this error by first checking if the OID is recognised and, if it is not, using a different method to obtain its string representation. Once the python-nss bug is fixed, this workaround should be reverted. https://bugzilla.redhat.com/show_bug.cgi?id=1246729 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
parent
812ab600a3
commit
e92f25bd50
@ -53,7 +53,20 @@ def get_extensions(csr, datatype=PEM):
|
||||
The return value is a tuple of strings
|
||||
"""
|
||||
request = load_certificate_request(csr, datatype)
|
||||
return tuple(nss.oid_dotted_decimal(ext.oid_tag)[4:]
|
||||
|
||||
# Work around a bug in python-nss where nss.oid_dotted_decimal
|
||||
# errors on unrecognised OIDs
|
||||
#
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1246729
|
||||
#
|
||||
def get_prefixed_oid_str(ext):
|
||||
"""Returns a string like 'OID.1.2...'."""
|
||||
if ext.oid_tag == 0:
|
||||
return repr(ext)
|
||||
else:
|
||||
return nss.oid_dotted_decimal(ext.oid)
|
||||
|
||||
return tuple(get_prefixed_oid_str(ext)[4:]
|
||||
for ext in request.extensions)
|
||||
|
||||
class _PrincipalName(univ.Sequence):
|
||||
|
Loading…
Reference in New Issue
Block a user