mirror of
https://github.com/xcat2/confluent.git
synced 2024-11-26 11:30:23 +00:00
Ensure fingerprint variable is initialized
During error handling, there were paths where fingerprint was needed, but not set. Fix this by getting fingerprint before raising the exceptions.
This commit is contained in:
parent
eccc7803a9
commit
19e733f325
@ -136,6 +136,7 @@ class TLSCertVerifier(object):
|
||||
newpolicy[self.node]['pubkeys.addpolicy']['value'] == 'manual'):
|
||||
# manual policy means always raise unless a match is set
|
||||
# manually
|
||||
fingerprint = get_fingerprint(certificate, 'sha256')
|
||||
raise cexc.PubkeyInvalid('New certificate detected',
|
||||
certificate, fingerprint,
|
||||
self.fieldname, 'newkey')
|
||||
@ -151,6 +152,7 @@ class TLSCertVerifier(object):
|
||||
elif cert_matches(storedprint[self.node][self.fieldname]['value'],
|
||||
certificate):
|
||||
return True
|
||||
fingerprint = get_fingerprint(certificate, 'sha256')
|
||||
raise cexc.PubkeyInvalid(
|
||||
'Mismatched certificate detected', certificate, fingerprint,
|
||||
self.fieldname, 'mismatch')
|
||||
|
Loading…
Reference in New Issue
Block a user