Fix bug where CGI breaks with no client cert

This is a quick and dirty fix, but it gets the job done.

diff --git a/cbs-srv.py b/cbs-srv.py
index e252ad9e348df0195cc00bb719ad1e9d89b508c9..c21b28dc39e0c9252b132d71f8fea0665c68a416 100755 (executable)
--- a/cbs-srv.py
+++ b/cbs-srv.py
@@ -126,9 +126,14 @@ def serve_cgi(conn: SSL.Connection, addr, req_path, extra_path, url, conf: dict)
     extra_trans, _ = translate_path(extra_path, conf['servedir'], check_existence=False, allow_extra=False)
 
     # TODO: properly escape characters in DNs, see RFC 2253
-    issuer_dn = b','.join([n+b'='+v for n, v in cert.get_issuer().get_components()]).decode('utf-8')
-    subject_dn = b','.join([n+b'='+v for n, v in cert.get_subject().get_components()]).decode('utf-8')
-    pubkey = cert.get_pubkey().to_cryptography_key().public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo).decode('utf-8')
+    if cert is None:
+        issuer_dn = ''
+        subject_dn = ''
+        pubkey = ''
+    else:
+        issuer_dn = b','.join([n+b'='+v for n, v in cert.get_issuer().get_components()]).decode('utf-8')
+        subject_dn = b','.join([n+b'='+v for n, v in cert.get_subject().get_components()]).decode('utf-8')
+        pubkey = cert.get_pubkey().to_cryptography_key().public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo).decode('utf-8')
     # TODO: validate cert valid dates
     # TODO: does the handshake still check the CertificateVerify message if the set_verify callback returns true?
 
@@ -154,15 +159,15 @@ def serve_cgi(conn: SSL.Connection, addr, req_path, extra_path, url, conf: dict)
 
     env['TLS_CIPHER'] = conn.get_cipher_name()
     env['TLS_VERSION'] = conn.get_cipher_version()
-    env['TLS_CLIENT_HASH'] = cert.digest('sha256')  # TODO: compare format to other servers
+    env['TLS_CLIENT_HASH'] = cert.digest('sha256') if cert is not None else ''  # TODO: compare format to other servers
     env['TLS_CLIENT_ISSUER'] = issuer_dn
     env['TLS_CLIENT_ISSUER_DN'] = issuer_dn
-    env['TLS_CLIENT_ISSUER_CN'] = cert.get_issuer().CN
+    env['TLS_CLIENT_ISSUER_CN'] = cert.get_issuer().CN if cert is not None else ''
     env['TLS_CLIENT_SUBJECT'] = subject_dn
     env['TLS_CLIENT_SUBJECT_DN'] = subject_dn
-    env['TLS_CLIENT_SUBJECT_CN'] = cert.get_subject().CN
+    env['TLS_CLIENT_SUBJECT_CN'] = cert.get_subject().CN if cert is not None else ''
     env['TLS_CLIENT_PUBKEY'] = pubkey  # TODO: does this or something similar already exist in other servers?
-    env['TLS_CLIENT_SERIAL_NUMBER'] = str(cert.get_serial_number())  # TODO: compare format to other servers
+    env['TLS_CLIENT_SERIAL_NUMBER'] = str(cert.get_serial_number()) if cert is not None else ''  # TODO: compare format to other servers
 
     env['GEMINI_URL'] = ''