Ensure fingerprint variable is initialized

During error handling, there were paths where fingerprint was needed, but not set. Fix this by getting fingerprint before raising the exceptions.
2024-11-22 17:43:14 +00:00 · 2018-01-23 14:34:06 -05:00 · 2018-01-23 14:34:06 -05:00 · 19e733f325
commit 19e733f325
parent eccc7803a9
1 changed files with 2 additions and 0 deletions
--- a/confluent_server/confluent/util.py
+++ b/confluent_server/confluent/util.py
@ -136,6 +136,7 @@ class TLSCertVerifier(object):
                    newpolicy[self.node]['pubkeys.addpolicy']['value'] == 'manual'):
                # manual policy means always raise unless a match is set
                # manually
+                fingerprint = get_fingerprint(certificate, 'sha256')
                raise cexc.PubkeyInvalid('New certificate detected',
                                         certificate, fingerprint,
                                         self.fieldname, 'newkey')
@ -151,6 +152,7 @@ class TLSCertVerifier(object):
        elif cert_matches(storedprint[self.node][self.fieldname]['value'],
                          certificate):
            return True
+        fingerprint = get_fingerprint(certificate, 'sha256')
        raise cexc.PubkeyInvalid(
            'Mismatched certificate detected', certificate, fingerprint,
            self.fieldname, 'mismatch')