From eb3faf8c1c539f727559ca5cc5f77b8edb87af2e Mon Sep 17 00:00:00 2001 From: Zenon Mousmoulas Date: Sun, 19 May 2024 16:18:06 +0300 Subject: [PATCH] crypto._cert_fingerprint: pass bytes to load_pem_x509_certificate crypto._cert_fingerprint must ensure first parameter to load_pem_x509_certificate is bytes, as there are code paths which pass this as a string, such as crypto.from_keyspec -> crypto._load_keyspec -> crypto.XMLSecCryptoFromXML.__init__ -> crypto._cert_fingerprint --- src/xmlsec/crypto.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/xmlsec/crypto.py b/src/xmlsec/crypto.py index 0e47c10..af3fd18 100644 --- a/src/xmlsec/crypto.py +++ b/src/xmlsec/crypto.py @@ -358,6 +358,8 @@ def _get_cert_by_fp(self, fp): def _cert_fingerprint(cert_pem): if "-----BEGIN CERTIFICATE" in cert_pem: + if isinstance(cert_pem, six.text_type): + cert_pem = cert_pem.encode() cert = load_pem_x509_certificate(cert_pem, backend=default_backend()) else: cert = load_der_x509_certificate(base64.standard_b64decode(cert_pem), backend=default_backend())