Skip to main content

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

  • From: Yiteng Zhang < >
  • To:
  • Cc: Erik Trauschke < >
  • Subject: [pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e
  • Date: Fri, 25 Oct 2013 13:31:42 -0700

On 10/24/13 08:49 AM, Erik Trauschke wrote:


On 10/23/13 03:52 PM, Yiteng Zhang wrote:
The webrev can be seen at:
https://ips.java.net/webrev/yitezhan/15507548_3/

This still needs some work.

You don't want to generate the error messages in image.py:check_cert_validity(). That is the job of the exception.
You also don't need to modify misc.py:validate_ssl_cert().

How this should look like is, that ExpiredCertificates() includes a list of ExpiredCertificate() objects. And the str() method of this Exception just prints the generic header ("One or more client key and certificates ...") and then cycles through each ExpiredCertificate exceptions in the list and extracts the information needed for the message (everything you need is in the 'uri' property.

Then, in image.py, you leave the code mainly as is but put in a try/except statement which checks for an ExpiredCertificate exception when misc.validate_ssl_cert() is called. If that happens you add it to your ExpiredCertificates exception.

At the end of the loop you check if your ExpiredCertificates exception contains any ExpiredCertificate exceptions and if so you raise it.

Erik


Ok, a new webrev can be seen at
https://ips.java.net/webrev/yitezhan/15507548_4

Sorry that I dont add a comment to the new webrev.

Please let me know your comments.

Thanks,
Yiteng Zhang

One thing to mention is that when I create two pairs of valid
certificates and keys for two repositories of the same publisher, it
seems that the pkg system can only use one pair of certificate and key
(seen from the [authority_solaris] section of pkg5.image file). Is that
true?

I have to try but it could be that we still have some issues with that. Nevertheless, if you fix your exception issue it will work as soon as this would be fixed.

Erik




[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Yiteng Zhang 10/21/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Erik Trauschke 10/21/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Yiteng Zhang 10/21/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Erik Trauschke 10/21/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Erik Trauschke 10/21/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Yiteng Zhang 10/23/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Xiaobo Shen 10/24/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Erik Trauschke 10/24/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Yiteng Zhang 10/25/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Erik Trauschke 10/29/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Yiteng Zhang 10/30/2013
 
 
Close
loading
Please Confirm
Close