diff --git a/.github/workflows/basic-python3.yml b/.github/workflows/basic-python3.yml index b765ead3052..b55587a03da 100644 --- a/.github/workflows/basic-python3.yml +++ b/.github/workflows/basic-python3.yml @@ -23,7 +23,7 @@ jobs: # gracefully, make them non-daemonic and use a suitable # signalling mechanism such as an Event." - pytest --no-cov -k 'not test_BaseType_Unicode and not test_nestedStructure and not testLockedClass' - # - pytest --no-cov src/DIRAC/Core/Security/test + - pytest --no-cov src/DIRAC/Core/Security/test steps: - uses: actions/checkout@v2 diff --git a/src/DIRAC/Core/Security/m2crypto/X509Request.py b/src/DIRAC/Core/Security/m2crypto/X509Request.py index 3db1134d0c4..bfaf95d67fa 100644 --- a/src/DIRAC/Core/Security/m2crypto/X509Request.py +++ b/src/DIRAC/Core/Security/m2crypto/X509Request.py @@ -88,7 +88,7 @@ def getPKey(self): def dumpPKey(self): """ - Get the pkey as a string + Get the private as a string :returns: S_OK(PEM encoded PKey) """ @@ -168,6 +168,7 @@ def checkChain(self, chain): :param chain: :py:class:`X509Chain` object """ + if not self.__valid: return S_ERROR(DErrno.ENOCERT) retVal = chain.getCertInChain() @@ -177,8 +178,11 @@ def checkChain(self, chain): chainPubKey = lastCert.getPublicKey() if not chainPubKey['OK']: return chainPubKey - chainPubKey = chainPubKey['Value'].as_pem(cipher=None, callback=M2Crypto.util.no_passphrase_callback) - reqPubKey = self.__reqObj.get_pubkey().as_pem(cipher=None, callback=M2Crypto.util.no_passphrase_callback) + + # as_der will dump public key info, while as_pem + # dumps private key. + chainPubKey = chainPubKey['Value'].as_der() + reqPubKey = self.__reqObj.get_pubkey().as_der() if not chainPubKey == reqPubKey: return S_ERROR(DErrno.EX509, "Public keys do not match")