diff options
| -rw-r--r-- | keystoneclient/common/cms.py | 8 | ||||
| -rw-r--r-- | keystoneclient/middleware/auth_token.py | 1 |
2 files changed, 7 insertions, 2 deletions
diff --git a/keystoneclient/common/cms.py b/keystoneclient/common/cms.py index 26f9795..e07dbcf 100644 --- a/keystoneclient/common/cms.py +++ b/keystoneclient/common/cms.py @@ -25,7 +25,10 @@ def _ensure_subprocess(): def cms_verify(formatted, signing_cert_file_name, ca_file_name): - """Verifies the signature of the contents IAW CMS syntax.""" + """Verifies the signature of the contents IAW CMS syntax. + + :raises: subprocess.CalledProcessError + """ _ensure_subprocess() process = subprocess.Popen(["openssl", "cms", "-verify", "-certfile", signing_cert_file_name, @@ -39,7 +42,8 @@ def cms_verify(formatted, signing_cert_file_name, ca_file_name): output, err = process.communicate(formatted) retcode = process.poll() if retcode: - LOG.warning('Verify error: %s' % err) + # Do not log errors, as some happen in the positive thread + # instead, catch them in the calling code and log them there. # NOTE(dmllr): Python 2.6 compatibility: # CalledProcessError did not have output keyword argument e = subprocess.CalledProcessError(retcode, "openssl") diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py index 6537a67..658cce5 100644 --- a/keystoneclient/middleware/auth_token.py +++ b/keystoneclient/middleware/auth_token.py @@ -1047,6 +1047,7 @@ class AuthProtocol(object): if self.cert_file_missing(err.output, self.ca_file_name): self.fetch_ca_cert() continue + self.LOG.warning('Verify error: %s' % err) raise err return output |