Merge pull request #54 from netfoundry/bugfix/certificate_check_errors

added error capturing for certificate check
netfoundry · Jul 11, 2024 · 94153ce · 94153ce
2 parents 9a06b3c + a879262
commit 94153ce
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 3 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -2,9 +2,15 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.5.2] - 2024-07-11
+
+### Added
+
+- Added additional error capturing for certificate check
+
 ## [1.5.1] - 2024-05-09
 
-## Added
+### Added
 
 - MOP callback with status
 

diff --git a/router_registration.py b/router_registration.py
@@ -54,7 +54,14 @@ def check_controller_certificate(controller_host):
             or IP address otherwise exit with an error.
     """
     logging.debug("Starting controller certificate check for host %s", controller_host)
-    certificate = ssl.get_server_certificate((controller_host, 443)).encode('utf-8')
+    try:
+        certificate = ssl.get_server_certificate((controller_host, 443)).encode('utf-8')
+    except ssl.SSLEOFError:
+        logging.error("Unable to retrieve certificate due to SSL Error")
+        sys.exit(1)
+    except TimeoutError:
+        logging.error("Unable to retrieve certificate due to timeout.")
+        sys.exit(1)
     loaded_cert = x509.load_pem_x509_certificate(certificate, default_backend())
     san = loaded_cert.extensions.get_extension_for_class(x509.SubjectAlternativeName)
     san_dns_names = san.value.get_values_for_type(x509.DNSName)
@@ -295,7 +302,7 @@ def create_parser():
 
     :return: A Namespace containing arguments
     """
-    __version__ = '1.5.1'
+    __version__ = '1.5.2'
     parser = argparse.ArgumentParser()
 
     mgroup = parser.add_mutually_exclusive_group(required=True)