Command "ipa certmap-match <crt.pem>" throwing "ipa: ERROR: an internal error has occurred"
[root@master ~]# ipa certmap-match cert.pem ipa: ERROR: non-public: TypeError: initializer for ctype 'char[]' must be a bytes or list or tuple, not str Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/ipalib/backend.py", line 141, in execute return self.Command[_name](*args, **options) File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in __call__ return self.__do_call(*args, **options) File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in __do_call ret = self.run(*args, **options) File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 801, in run return self.forward(*args, **options) File "/usr/lib/python3.6/site-packages/ipaclient/plugins/certmap.py", line 43, in forward args = [x509.load_unknown_x509_certificate(args[0])] File "/usr/lib/python3.6/site-packages/ipalib/x509.py", line 419, in load_unknown_x509_certificate return load_pem_x509_certificate(data) File "/usr/lib/python3.6/site-packages/ipalib/x509.py", line 394, in load_pem_x509_certificate crypto_x509.load_pem_x509_certificate(data, backend=default_backend()) File "/usr/lib64/python3.6/site-packages/cryptography/x509/base.py", line 43, in load_pem_x509_certificate return backend.load_pem_x509_certificate(data) File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1132, in load_pem_x509_certificate mem_bio = self._bytes_to_bio(data) File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 436, in _bytes_to_bio data_char_p = self._ffi.new("char[]", data) TypeError: initializer for ctype 'char[]' must be a bytes or list or tuple, not str ipa: ERROR: an internal error has occurred
Command works and show users matching the provided certificate.
[root@master ~]# rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server freeipa-server-4.6.90.pre1.dev201804270736+git994f71ac8-0.fc28.x86_64 freeipa-client-4.6.90.pre1.dev201804270736+git994f71ac8-0.fc28.x86_64 389-ds-base-1.4.0.8-1.fc28.x86_64 pki-ca-10.6.0-1.fc28.noarch krb5-server-1.16-24.fc28.x86_64
cert data must be bytes, even for PEM encoded ASCII data.
Other commands are affected, too
# ipa cert_find --file=/etc/ipa/ca.crt ipa: ERROR: non-public: TypeError: initializer for ctype 'char[]' must be a bytes or list or tuple, not str
Metadata Update from @cheimes: - Issue assigned to cheimes
Metadata Update from @cheimes: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/1867
Metadata Update from @cheimes: - Issue tagged with: py3
TODO, add tests for cert APIs with calling the actual ipa client command.
ipa
ipa cert-find --cert $CERT
ipa certmap-match --cert $CERT
ipa certmap-match $CERT
Metadata Update from @cheimes: - Issue tagged with: tests
Metadata Update from @cheimes: - Issue priority set to: important - Issue set to the milestone: FreeIPA 4.6.4
master:
ipa-4-6:
Metadata Update from @cheimes: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.