Commit 541d9252 authored by Joshua Tauberer's avatar Joshua Tauberer

allow PEM files to have non-Unix line endings

parent cbbbb117
...@@ -746,7 +746,7 @@ def check_certificate(domain, ssl_certificate, ssl_private_key, warn_if_expiring ...@@ -746,7 +746,7 @@ def check_certificate(domain, ssl_certificate, ssl_private_key, warn_if_expiring
def load_cert_chain(pemfile): def load_cert_chain(pemfile):
# A certificate .pem file may contain a chain of certificates. # A certificate .pem file may contain a chain of certificates.
# Load the file and split them apart. # Load the file and split them apart.
re_pem = rb"(-+BEGIN (?:.+)-+[\r\n](?:[A-Za-z0-9+/=]{1,64}[\r\n])+-+END (?:.+)-+[\r\n])" re_pem = rb"(-+BEGIN (?:.+)-+[\r\n]+(?:[A-Za-z0-9+/=]{1,64}[\r\n]+)+-+END (?:.+)-+[\r\n]+)"
with open(pemfile, "rb") as f: with open(pemfile, "rb") as f:
pem = f.read() + b"\n" # ensure trailing newline pem = f.read() + b"\n" # ensure trailing newline
pemblocks = re.findall(re_pem, pem) pemblocks = re.findall(re_pem, pem)
...@@ -760,7 +760,7 @@ def load_pem(pem): ...@@ -760,7 +760,7 @@ def load_pem(pem):
from cryptography.x509 import load_pem_x509_certificate from cryptography.x509 import load_pem_x509_certificate
from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends import default_backend
pem_type = re.match(b"-+BEGIN (.*?)-+\n", pem) pem_type = re.match(b"-+BEGIN (.*?)-+[\r\n]", pem)
if pem_type is None: if pem_type is None:
raise ValueError("File is not a valid PEM-formatted file.") raise ValueError("File is not a valid PEM-formatted file.")
pem_type = pem_type.group(1) pem_type = pem_type.group(1)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment