Commit 3a723c37 authored by Andrii Salnikov's avatar Andrii Salnikov

newer openssl output DN in the different format by default

parent bb0138a0
from __future__ import absolute_import
import sys
import os
import logging
import datetime
import argparse
......@@ -183,13 +183,15 @@ class ThirdPartyControl(ComponentControl):
return vomses
def __get_ssl_cert_openssl(self, url):
def __get_ssl_cert_openssl(self, url, compat=False):
# parse connection parameters
(hostname, port) = self.__get_socket_from_url(url)
# try to connect using openssl
s_client = subprocess.Popen(['openssl', 's_client', '-connect'] + ['{0}:{1}'.format(hostname, port)],
stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
cmd = ['openssl', 's_client', '-connect'] + ['{0}:{1}'.format(hostname, port)]
if compat:
cmd += ['-nameopt', 'compat']
s_client = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
dn = None
ca = None
for line in iter(s_client.stdout.readline, ''):
......@@ -200,7 +202,11 @@ class ThirdPartyControl(ComponentControl):
ca = line.replace('issuer=', '')
if dn and ca:
return {hostname: {'dn': dn.rstrip(), 'ca': ca.rstrip()}}
if dn.startswith('/'):
return {hostname: {'dn': dn.rstrip(), 'ca': ca.rstrip()}}
elif not compat:
self.logger.debug('Seams we are on the newer OpenSSL version, retrying with compat DN output')
return self.__get_ssl_cert_openssl(url, compat=True)
self.logger.error('Failed to get DN and CA with OpenSSL SSL/TLS bind to %s:%s.', hostname, port)
except OSError:
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment