From ba9ea1acd8f83104dca195a94f010ec226029fe7 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Thu, 20 Jul 2017 10:20:22 -0400
Subject: [PATCH] Treat empty string same as undefined

If an administrator clears the cert fingerprint, they will
likely set it to ''.  In such a case, go down the 'no fingerprint'
path rather than reject it.
---
 confluent_server/confluent/util.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/confluent_server/confluent/util.py b/confluent_server/confluent/util.py
index 5e2d6e1e..3e41bd86 100644
--- a/confluent_server/confluent/util.py
+++ b/confluent_server/confluent/util.py
@@ -121,8 +121,9 @@ class TLSCertVerifier(object):
         fingerprint = get_fingerprint(certificate)
         storedprint = self.cfm.get_node_attributes(self.node, (self.fieldname,)
                                                    )
-        if self.fieldname not in storedprint[self.node]:  # no stored value, check
-                                                   # policy for next action
+        if (self.fieldname not in storedprint[self.node] or
+                storedprint[self.node][self.fieldname]['value'] == ''):
+            # no stored value, check policy for next action
             newpolicy = self.cfm.get_node_attributes(self.node,
                                                      ('pubkeys.addpolicy',))
             if ('pubkeys.addpolicy' in newpolicy[self.node] and