2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-12-25 12:41:39 +00:00

Ensure fingerprint variable is initialized

During error handling, there were paths where fingerprint was
needed, but not set.  Fix this by getting fingerprint before raising
the exceptions.
This commit is contained in:
Jarrod Johnson 2018-01-23 14:34:06 -05:00
parent eccc7803a9
commit 19e733f325

View File

@ -136,6 +136,7 @@ class TLSCertVerifier(object):
newpolicy[self.node]['pubkeys.addpolicy']['value'] == 'manual'):
# manual policy means always raise unless a match is set
# manually
fingerprint = get_fingerprint(certificate, 'sha256')
raise cexc.PubkeyInvalid('New certificate detected',
certificate, fingerprint,
self.fieldname, 'newkey')
@ -151,6 +152,7 @@ class TLSCertVerifier(object):
elif cert_matches(storedprint[self.node][self.fieldname]['value'],
certificate):
return True
fingerprint = get_fingerprint(certificate, 'sha256')
raise cexc.PubkeyInvalid(
'Mismatched certificate detected', certificate, fingerprint,
self.fieldname, 'mismatch')