From 19e733f3256c92479962638f91360df629d79fc4 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Tue, 23 Jan 2018 14:34:06 -0500
Subject: [PATCH] Ensure fingerprint variable is initialized

During error handling, there were paths where fingerprint was
needed, but not set.  Fix this by getting fingerprint before raising
the exceptions.
---
 confluent_server/confluent/util.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/confluent_server/confluent/util.py b/confluent_server/confluent/util.py
index d717ea00..6da69603 100644
--- a/confluent_server/confluent/util.py
+++ b/confluent_server/confluent/util.py
@@ -136,6 +136,7 @@ class TLSCertVerifier(object):
                     newpolicy[self.node]['pubkeys.addpolicy']['value'] == 'manual'):
                 # manual policy means always raise unless a match is set
                 # manually
+                fingerprint = get_fingerprint(certificate, 'sha256')
                 raise cexc.PubkeyInvalid('New certificate detected',
                                          certificate, fingerprint,
                                          self.fieldname, 'newkey')
@@ -151,6 +152,7 @@ class TLSCertVerifier(object):
         elif cert_matches(storedprint[self.node][self.fieldname]['value'],
                           certificate):
             return True
+        fingerprint = get_fingerprint(certificate, 'sha256')
         raise cexc.PubkeyInvalid(
             'Mismatched certificate detected', certificate, fingerprint,
             self.fieldname, 'mismatch')