File: fix_cms_verify_when_input_files_not_exists.patch

package info (click to toggle)
python-keystoneclient 1%3A3.2.0-4
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 2,192 kB
  • ctags: 2,743
  • sloc: python: 19,347; sh: 192; xml: 149; makefile: 119
file content (56 lines) | stat: -rw-r--r-- 2,476 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
Description: Workaround for FTBFS with OpenSSL >= 1.1.0
 OpenSSL1.1 returns exit code 1 if certfile or CAfile not exists.
 This is possibly OpenSSL bug
 https://www.openssl.org/docs/man1.1.0/apps/cms.html#EXIT-CODES
Author: Ondřej Kobližek <koblizeko@gmail.com>
Forwarded: https://bugs.launchpad.net/python-keystoneclient/+bug/1646858

--- a/keystoneclient/common/cms.py
+++ b/keystoneclient/common/cms.py
@@ -42,9 +42,10 @@
 
 
 # The openssl cms command exits with these status codes.
-# See https://www.openssl.org/docs/apps/cms.html#EXIT_CODES
+# See https://www.openssl.org/docs/man1.1.0/apps/cms.html#EXIT-CODES
 class OpensslCmsExitStatus(object):
     SUCCESS = 0
+    COMMAND_OPTIONS_PARSING_ERROR = 1
     INPUT_FILE_READ_ERROR = 2
     CREATE_CMS_READ_MIME_ERROR = 3
 
@@ -180,21 +181,31 @@
     # Do not log errors, as some happen in the positive thread
     # instead, catch them in the calling code and log them there.
 
-    # When invoke the openssl with not exist file, return code 2
-    # and error msg will be returned.
+    # When invoke the openssl >= 1.1.0 with not exist file, return code should
+    # be 2 instead of 1 and error msg will be returned.
     # You can get more from
-    # http://www.openssl.org/docs/apps/cms.html#EXIT_CODES
+    # https://www.openssl.org/docs/man1.1.0/apps/cms.html#EXIT-CODES
     #
     # $ openssl cms -verify -certfile not_exist_file -CAfile
     #       not_exist_file -inform PEM -nosmimecap -nodetach
     #       -nocerts -noattr
+    # openssl < 1.1.0 returns
     # Error opening certificate file not_exist_file
+    # openssl >= 1.1.0 returns
+    # cms: Cannot open input file not_exist_file, No such file or directory
     #
     if retcode == OpensslCmsExitStatus.INPUT_FILE_READ_ERROR:
         if err.startswith('Error reading S/MIME message'):
             raise exceptions.CMSError(err)
         else:
             raise exceptions.CertificateConfigError(err)
+    # workaround for OpenSSL >= 1.1.0,
+    # should return OpensslCmsExitStatus.INPUT_FILE_READ_ERROR
+    elif retcode == OpensslCmsExitStatus.COMMAND_OPTIONS_PARSING_ERROR:
+        if err.startswith('cms: Cannot open input file'):
+            raise exceptions.CertificateConfigError(err)
+        else:
+            raise subprocess.CalledProcessError(retcode, 'openssl', output=err)
     elif retcode != OpensslCmsExitStatus.SUCCESS:
         raise subprocess.CalledProcessError(retcode, 'openssl', output=err)
     return output