Actions
Issue #1667
closedrepo protection is not properling looking for client cert (causing ISE 500)
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Master
Platform Release:
2.8.0
OS:
CentOS 7
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:
Description
This line here
https://github.com/pulp/pulp/blob/master/oid_validation/pulp/oid_validation/oid_validation.py#L32
seems to be not looking up the SSL client certificate properly. It throws an exception:
Exception Type: KeyError
Exception Value:
'mod_ssl.var_lookup'
on that line. This is through apache.
Actions
Use SSL_CLIENT_CERT and fall back to mod_ssl.var_lookup.
Depending on how a request arrives and who is performing the authentication,
mod_ssl.var_lookup
may not be present andSSL_CLIENT_CERT
is. This commit causes the authenticator to look in both locations for the certificate and if neither can be found, it returnsFalse
. Previously, it would cause an HTTP 500 by raising a KeyError.closes #1667