Skip to main content

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

  • From: Yiteng Zhang < >
  • To:
  • Cc: Erik Trauschke < >
  • Subject: [pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e
  • Date: Mon, 21 Oct 2013 10:24:31 -0700

On 09/30/13 03:41 PM, Erik Trauschke wrote:


On 09/25/13 12:52 PM, Yiteng Zhang wrote:
Hi,

Please see the following link. Let me know if there is any problem. Thanks.

https://ips.java.net/webrev/yitezhan/15507548/

Dude, have you actually tried that code?

You are changing the handling of expiring certificates which already doesn't stop execution and will just print out a message.
Right now you changed it in a way that it will actually stop execution if you have one publisher for which the certificate will expire soon. That is even worse than the situation we had before.

What the bug is about is that expired (not expiring) certificates will stop execution after the first ExpiredCertificate exception is raised. However, if you refresh multiple publishers with expired certificates you won't get informed that more than just the first certificate has expired.

What you want to do is change
src/modules/client/image.py:check_cert_validity()
and instead of raising an ExpiredCertificate exception the first time an expired cert is encountered, you save it to a temporary variable and keep going.
After you're through with all the publishers check if any had an expired cert, then raise the exception with information about all the expired certs.

You could create a new exception class for it:
class ExpiredCertificate*s*(CertificateError):
    self.errors = []
        ...

Then put all the ExpiredCertificate exceptions in the errors list to save their content. In the client you can then go through this list and print the appropriate errors in one block.

Erik






Yiteng

Hi all,

I have used two expired certificates to do the test. Please see the following link an let me know your comments.

https://ips.java.net/webrev/yitezhan/15507548_2/

Thank you
Yiteng



[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Yiteng Zhang 10/21/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Erik Trauschke 10/21/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Yiteng Zhang 10/21/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Erik Trauschke 10/21/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Erik Trauschke 10/21/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Yiteng Zhang 10/23/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Xiaobo Shen 10/24/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Erik Trauschke 10/24/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Yiteng Zhang 10/25/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Erik Trauschke 10/29/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Yiteng Zhang 10/30/2013
 
 
Close
loading
Please Confirm
Close