From 64ff3430b5d20575cd2da4572a2541f98c7ba335 Mon Sep 17 00:00:00 2001
From: Dave McCowan <dmccowan@cisco.com>
Date: Fri, 24 Apr 2015 08:50:09 -0400
Subject: [PATCH] Fix call to load_privatekey() when passphrase is None

The original code worked, but breaks with PyOpenSSL 0.15.1,
the version currently used by the gate.

Closes-Bug: #1448193
Change-Id: Iae44f08fa6442e3463e6b552955229f3fd36fbde
---
 barbican/tasks/certificate_resources.py | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/barbican/tasks/certificate_resources.py b/barbican/tasks/certificate_resources.py
index 65ad03d4b..7d9abfcbe 100644
--- a/barbican/tasks/certificate_resources.py
+++ b/barbican/tasks/certificate_resources.py
@@ -321,11 +321,17 @@ def _generate_csr(order_model, project_model):
     if not private_key:
         raise excep.StoredKeyPrivateKeyNotFound(container_id)
 
-    pkey = crypto.load_privatekey(
-        crypto.FILETYPE_PEM,
-        private_key,
-        passphrase
-    )
+    if passphrase is None:
+        pkey = crypto.load_privatekey(
+            crypto.FILETYPE_PEM,
+            private_key
+        )
+    else:
+        pkey = crypto.load_privatekey(
+            crypto.FILETYPE_PEM,
+            private_key,
+            passphrase
+        )
 
     subject_name = order_model.meta.get('subject_dn')
     subject_name_dns = ldap.dn.str2dn(subject_name)