[Yum-devel] [PATCH] Do basename checking of ssl cert. files.

James Antill james at and.org
Mon Apr 11 17:23:24 UTC 2011


---
 yum/__init__.py |   16 ++++++++++++++++
 1 files changed, 16 insertions(+), 0 deletions(-)

diff --git a/yum/__init__.py b/yum/__init__.py
index cf4d827..1b0e5ba 100644
--- a/yum/__init__.py
+++ b/yum/__init__.py
@@ -597,6 +597,22 @@ class YumBase(depsolve.Depsolve):
 
 
         if doSetup:
+            if (hasattr(urlgrabber, 'grabber') and
+                hasattr(urlgrabber.grabber, 'pycurl')):
+                # Must do basename checking, on cert. files...
+                cert_basenames = {}
+                for repo in self._repos:
+                    bn = os.path.basename(repo.sslclientcert)
+                    if bn not in cert_basenames:
+                        cert_basenames[bn] = repo
+                        continue
+                    if repo.sslclientcert == cert_basenames[bn].sslclientcert:
+                        # Exactly the same path is fine too
+                        continue
+
+                    msg = 'sslclientcert basename shared between %s and %s'
+                    raise Errors.ConfigError, msg % (repo, cert_basenames[bn])
+
             repo_st = time.time()        
             self._repos.doSetup(thisrepo)
             self.verbose_logger.debug('repo time: %0.3f' % (time.time() - repo_st))        
-- 
1.7.3.4



More information about the Yum-devel mailing list