When cert-find comes in contact with an invalid certificate data (be it from command line or LDAP), it crashes with internal error:
cert-find
$ ipa cert-find --certificate=bougscrt ipa: ERROR: an internal error has occurred [Mon Aug 01 09:44:26.024346 2016] [wsgi:error] [pid 121350] ipa: ERROR: non-public: NSPRError: (SEC_ERROR_LIBRARY_FAILURE) security library failure. [Mon Aug 01 09:44:26.024383 2016] [wsgi:error] [pid 121350] Traceback (most recent call last): [Mon Aug 01 09:44:26.024387 2016] [wsgi:error] [pid 121350] File "/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py", line 352, in wsgi_execute [Mon Aug 01 09:44:26.024390 2016] [wsgi:error] [pid 121350] result = self.Command[name](*args, **options) [Mon Aug 01 09:44:26.024393 2016] [wsgi:error] [pid 121350] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 447, in __call__ [Mon Aug 01 09:44:26.024395 2016] [wsgi:error] [pid 121350] return self.__do_call(*args, **options) [Mon Aug 01 09:44:26.024398 2016] [wsgi:error] [pid 121350] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 475, in __do_call [Mon Aug 01 09:44:26.024400 2016] [wsgi:error] [pid 121350] ret = self.run(*args, **options) [Mon Aug 01 09:44:26.024403 2016] [wsgi:error] [pid 121350] File "/usr/lib/python2.7/site-packages/ipalib/frontend.py", line 797, in run [Mon Aug 01 09:44:26.024405 2016] [wsgi:error] [pid 121350] return self.execute(*args, **options) [Mon Aug 01 09:44:26.024408 2016] [wsgi:error] [pid 121350] File "/usr/lib/python2.7/site-packages/ipaserver/plugins/cert.py", line 1145, in execute [Mon Aug 01 09:44:26.024410 2016] [wsgi:error] [pid 121350] self.obj._parse(obj) [Mon Aug 01 09:44:26.024412 2016] [wsgi:error] [pid 121350] File "/usr/lib/python2.7/site-packages/ipaserver/plugins/cert.py", line 299, in _parse [Mon Aug 01 09:44:26.024415 2016] [wsgi:error] [pid 121350] cert = x509.load_certificate(obj['certificate']) [Mon Aug 01 09:44:26.024435 2016] [wsgi:error] [pid 121350] File "/usr/lib/python2.7/site-packages/ipalib/x509.py", line 125, in load_certificate [Mon Aug 01 09:44:26.024439 2016] [wsgi:error] [pid 121350] return nss.Certificate(buffer(data)) # pylint: disable=buffer-builtin [Mon Aug 01 09:44:26.024441 2016] [wsgi:error] [pid 121350] NSPRError: (SEC_ERROR_LIBRARY_FAILURE) security library failure.
Fix the command not to crash on invalid data.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1366604
master:
Metadata Update from @jcholast: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 4.4.1
Login to comment on this ticket.