diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-05-25 21:53:19 +0200 |
|---|---|---|
| committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-05-26 12:03:57 +0000 |
| commit | b0c2698aeff5497c96485101fdfffcde895a41f2 (patch) | |
| tree | cb20ce5905b85f28618731ed30d89273c70eb2e4 /src/op_mode | |
| parent | 4a9befb92550ae9abd5cf687208fdb09838ccc9d (diff) | |
| download | vyos-1x-b0c2698aeff5497c96485101fdfffcde895a41f2.tar.gz vyos-1x-b0c2698aeff5497c96485101fdfffcde895a41f2.zip | |
op-mode: T6400: pki: unable to generate fingerprint for ACME issued certificates
This fixes (for and ACME generated certificate)
vyos@vyos:~$ show pki certificate vyos fingerprint sha512
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/pki.py", line 1081, in <module>
show_certificate_fingerprint(args.certificate, args.fingerprint)
File "/usr/libexec/vyos/op_mode/pki.py", line 934, in show_certificate_fingerprint
print(get_certificate_fingerprint(cert, hash))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/pki.py", line 76, in get_certificate_fingerprint
fp = cert.fingerprint(hash_algorithm)
^^^^^^^^^^^^^^^^
AttributeError: 'bool' object has no attribute 'fingerprint'
After the fix:
vyos@vyos# run show pki certificate vyos fingerprint sha256
10:2C:EF:2C:DA:7A:EE:C6:D7:8E:53:12:F0:F5:DE:B9:E9:D0:6C:B4:49:1C:8B:70:2B:D9:AF:FC:9B:75:A3:D2
(cherry picked from commit b6ee07c7efbb818787deba20116f4289853fb5c9)
Diffstat (limited to 'src/op_mode')
| -rwxr-xr-x | src/op_mode/pki.py | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/src/op_mode/pki.py b/src/op_mode/pki.py index ad2c1ada0..4490e609c 100755 --- a/src/op_mode/pki.py +++ b/src/op_mode/pki.py @@ -876,7 +876,7 @@ def show_certificate_authority(name=None, pem=False): print("Certificate Authorities:") print(tabulate.tabulate(data, headers)) -def show_certificate(name=None, pem=False): +def show_certificate(name=None, pem=False, fingerprint_hash=None): headers = ['Name', 'Type', 'Subject CN', 'Issuer CN', 'Issued', 'Expiry', 'Revoked', 'Private Key', 'CA Present'] data = [] certs = get_config_certificate() @@ -897,6 +897,9 @@ def show_certificate(name=None, pem=False): if name and pem: print(encode_certificate(cert)) return + elif name and fingerprint_hash: + print(get_certificate_fingerprint(cert, fingerprint_hash)) + return ca_name = get_certificate_ca(cert, ca_certs) cert_subject_cn = cert.subject.rfc4514_string().split(",")[0] @@ -923,12 +926,6 @@ def show_certificate(name=None, pem=False): print("Certificates:") print(tabulate.tabulate(data, headers)) -def show_certificate_fingerprint(name, hash): - cert = get_config_certificate(name=name) - cert = load_certificate(cert['certificate']) - - print(get_certificate_fingerprint(cert, hash)) - def show_crl(name=None, pem=False): headers = ['CA Name', 'Updated', 'Revokes'] data = [] @@ -1074,7 +1071,7 @@ if __name__ == '__main__': if args.fingerprint is None: show_certificate(None if args.certificate == 'all' else args.certificate, args.pem) else: - show_certificate_fingerprint(args.certificate, args.fingerprint) + show_certificate(args.certificate, fingerprint_hash=args.fingerprint) elif args.crl: show_crl(None if args.crl == 'all' else args.crl, args.pem) else: |