From 02e9eb07a87220fd4b0f40a2a0a9da86c2726786 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Mon, 23 Jun 2025 22:28:42 +0200 Subject: pki: T7573: fix TypeError when HAProxy is not in use Commit 59d86826a2f ("haproxy: T7122: add ACME/certbot bootstrap support") introduced a regression where a None value was inadvertently iterated over. This patch prevents the invalid access by verifying that all required keys are present in the dictionary before proceeding. --- src/conf_mode/pki.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/conf_mode/pki.py') diff --git a/src/conf_mode/pki.py b/src/conf_mode/pki.py index 7d01b6642..6522a3897 100755 --- a/src/conf_mode/pki.py +++ b/src/conf_mode/pki.py @@ -144,7 +144,7 @@ def certbot_request(name: str, config: dict, dry_run: bool=True): # When ACME is used behind a reverse proxy, we always bind to localhost # whatever the CLI listen-address is configured for. - if ('haproxy' in dict_search('used_by', config) and + if ('used_by' in config and 'haproxy' in config['used_by'] and is_systemd_service_running(systemd_services['haproxy']) and not check_port_availability(listen_address, 80)): tmp += f' --http-01-address 127.0.0.1 --http-01-port {internal_ports["certbot_haproxy"]}' @@ -551,7 +551,7 @@ def generate(pki): if not ca_cert_present: tmp = dict_search_args(pki, 'ca', f'{autochain_prefix}{cert}', 'certificate') if not bool(tmp) or tmp != cert_chain_base64: - Message(f'Add/replace automatically imported CA certificate for "{cert}"...') + Message(f'Add/replace automatically imported CA certificate for "{cert}" ...') add_cli_node(['pki', 'ca', f'{autochain_prefix}{cert}', 'certificate'], value=cert_chain_base64) return None -- cgit v1.2.3