# the public key contained in it's parent. The chain is recursed
# until a certificate is found that is signed by a trusted root.
- logger.debug("Certificate.verify_chain {}".format(self.pretty_name()))
# verify expiration time
if self.x509.has_expired():
if debug_verify_chain:
# if this cert is signed by a trusted_cert, then we are set
for i, trusted_cert in enumerate(trusted_certs, 1):
- logger.debug("Certificate.verify_chain - trying trusted #{} : {}"
+ logger.debug(5*'-' +
+ " Certificate.verify_chain - trying trusted #{} : {}"
.format(i, trusted_cert.pretty_name()))
if self.is_signed_by_cert(trusted_cert):
# verify expiration of trusted_cert ?
# planetlab.us.arizona cannot sign a GID for planetlab.us.princeton.foo.
def verify_chain(self, trusted_certs=None):
- logger.debug("GID.verify_chain with {} trusted certs".format(len(trusted_certs)))
+ logger.debug(10*'=' + " GID.verify_chain with {} trusted certs"
+ .format(len(trusted_certs)))
+ logger.debug("on {}".format(self.pretty_name()))
# do the normal certificate verification stuff
trusted_root = Certificate.verify_chain(self, trusted_certs)
if context == 'server':
handlername = 'file'
filename = '/var/log/sfa.log'
- level = 'INFO'
+ level = 'DEBUG'
elif context == 'import':
handlername = 'file'
filename = '/var/log/sfa-import.log'
'level': level,
'formatter': 'standard',
'class': 'logging.StreamHandler',
- }
+ }
else:
config['handlers']['file'] = {
'filename': filename,
'when': 'w0',
'interval': 1,
'backupCount': 12,
- }
+ }
return config