Merge pull request #9 from jsuchome/Code-11-SP3

- added simple check for certificates (bnc#792413)

VERSION

@@ -1 +1 @@
-2.17.36
+2.17.37

package/yast2-ldap-client.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Jan  4 11:46:40 CET 2013 - jsuchome@suse.cz
+
+- added simple check for certificates (bnc#792413)
+- 2.17.37 
+
 -------------------------------------------------------------------
 Tue Oct 16 09:37:53 CEST 2012 - jsuchome@suse.cz
 

src/ui.ycp

@@ -166,6 +166,33 @@
 	return ret == `ok ? servers : "";
     }
 
+    /**
+     * Try to check if certificate file has a valid format (bnc#792413)
+     * (Just a simple check, for a warning that something might be wrong)
+     * Return the check result
+     */
+    boolean check_certificate (string file) {
+
+      // first, check for DER encoded certificate
+      if (FileUtils::Exists ("/usr/bin/openssl") &&
+          SCR::Execute (.target.bash, sformat ("/usr/bin/openssl x509 -in %1 -inform der", file)) == 0
+      )
+      {
+        return true;
+      }
+
+      // check the contents of possible plain text certificates
+      map out = (map) SCR::Execute (.target.bash_output, sformat (
+        "grep -I '\\-----BEGIN CERTIFICATE' %1 && grep -I '\\-----END CERTIFICATE' %1", file));
+      if (out["exit"]:1 != 0)
+      {
+        // warning popup
+        Popup::Warning (_("The certificate file does not seem to have valid format."));
+        return false;
+      }
+      return true;
+    }
+
     /**
      * The main dialog for ldap-client configuration
      * @return	`back, `next or `abort
@@ -1202,6 +1229,7 @@ user home directories.</p>
 	    string file = UI::AskForExistingFile (tls_cacertfile, "*.pem *.crt", _("Choose the certificate file"));
 	    if (file != nil)
 	    {
+		check_certificate (file);
 		tls_cacertfile	= file;
 		UI::ChangeWidget (`id (`tls_cacertfile), `Value, file);
 	    }