On 10/23/13 03:52 PM, Yiteng Zhang wrote:
The webrev can be seen at:
This still needs some work.
You don't want to generate the error messages in image.py:check_cert_validity(). That is the job of the exception.
You also don't need to modify misc.py:validate_ssl_cert().
How this should look like is, that ExpiredCertificates() includes a list of ExpiredCertificate() objects. And the str() method of this Exception just prints the generic header ("One or more client key and certificates ...") and then cycles through each ExpiredCertificate exceptions in the list and extracts the information needed for the message (everything you need is in the 'uri' property.
Then, in image.py, you leave the code mainly as is but put in a try/except statement which checks for an ExpiredCertificate exception when misc.validate_ssl_cert() is called. If that happens you add it to your ExpiredCertificates exception.
At the end of the loop you check if your ExpiredCertificates exception contains any ExpiredCertificate exceptions and if so you raise it.
One thing to mention is that when I create two pairs of valid
certificates and keys for two repositories of the same publisher, it
seems that the pkg system can only use one pair of certificate and key
(seen from the [authority_solaris] section of pkg5.image file). Is that
I have to try but it could be that we still have some issues with that. Nevertheless, if you fix your exception issue it will work as soon as this would be fixed.
[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e