Merge branch 'geni-v3' into pep8

* geni-v3:
  more, and more legible, debug messages in the cert verification area
  sfax509 will run openssl x509 on all parts of a gid
  ignore html and pdf files when doing stuff like make tags
  bugfix in sfi when running the discover subcommand

# Conflicts:
#	sfa/trust/certificate.py
#	sfa/trust/gid.py

diff --cc clientbin/sfadump.py
index 4a9316d,d325bdd..c87d193
--- 1/clientbin/sfadump.py
--- 2/clientbin/sfadump.py
+++ b/clientbin/sfadump.py
@@@ -1,9 -1,7 +1,8 @@@
  #! /usr/bin/env python
- from __future__ import with_statement
  
  import sys
 -import os, os.path
 +import os
 +import os.path
  import tempfile
  from argparse import ArgumentParser
  

diff --cc sfa/client/sfi.py
index c32669c,bfff3d3..b94dcf6
--- 1/sfa/client/sfi.py
--- 2/sfa/client/sfi.py
+++ b/sfa/client/sfi.py
@@@ -1261,10 -1186,9 +1261,10 @@@ use this if you mean an authority inste
  
          server = self.sliceapi()
          # set creds
-         creds = [self.my_credential]
+         creds = [self.my_credential_string]
          if options.delegate:
 -            creds.append(self.delegate_cred(cred, get_authority(self.authority)))
 +            creds.append(self.delegate_cred(
 +                cred, get_authority(self.authority)))
          if options.show_credential:
              show_credentials(creds)
  

diff --cc sfa/trust/certificate.py
index 55d46d3,5c0a278..9e0f82b
--- 1/sfa/trust/certificate.py
--- 2/sfa/trust/certificate.py
+++ b/sfa/trust/certificate.py
@@@ -809,9 -809,12 +831,12 @@@ class Certificate
                      if debug_verify_chain:
                          logger.debug("verify_chain: NO. Cert {} is signed by trusted_cert {}, "
                                       "but that signer is expired..."
 -                                     .format(self.pretty_name(),trusted_cert.pretty_name()))
 +                                     .format(self.pretty_cert(), trusted_cert.pretty_cert()))
                      raise CertExpired("{} signer trusted_cert {}"
-                                       .format(self.pretty_cert(), trusted_cert.pretty_cert()))
+                                       .format(self.pretty_name(), trusted_cert.pretty_name()))
+             else:
+                 logger.debug("verify_chain: not a direct descendant of a trusted root".
+                              format(self.pretty_name(), trusted_cert))
  
          # if there is no parent, then no way to verify the chain
          if not self.parent:

diff --cc sfa/trust/credential.py
Simple merge

diff --cc sfa/trust/gid.py
index b490060,ad991c1..5d7ce57
--- 1/sfa/trust/gid.py
--- 2/sfa/trust/gid.py
+++ b/sfa/trust/gid.py
@@@ -231,10 -230,11 +231,11 @@@ class GID(Certificate)
      # for a principal that is not a member of that authority. For example,
      # planetlab.us.arizona cannot sign a GID for planetlab.us.princeton.foo.
  
 -    def verify_chain(self, trusted_certs = None):
 +    def verify_chain(self, trusted_certs=None):
+         logger.debug("GID.verify_chain with {} trusted certs".format(len(trusted_certs)))
          # do the normal certificate verification stuff
 -        trusted_root = Certificate.verify_chain(self, trusted_certs)        
 -       
 +        trusted_root = Certificate.verify_chain(self, trusted_certs)
 +
          if self.parent:
              # make sure the parent's hrn is a prefix of the child's hrn
              if not hrn_authfor_hrn(self.parent.get_hrn(), self.get_hrn()):