there's more to prevent than an errant split

Author: jettero

hubblestack/utils/signing.py

@@ -467,7 +467,11 @@ def verify_signature(fname, sfname, public_crt='public.crt', ca_crt='ca-root.crt
         return STATUS.VERIFIED if both the signature and the CA sig match
     """
     log_level = log.debug
-    short_fname = fname.split('/')[-1] if fname else 'n/a'
+    if fname is None or sfname is None:
+        status = STATUS.UNKNOWN
+        log_level('fname=%s or sfname=%s is Nones => status=%s', fname, sfname, status)
+        return status
+    short_fname = fname.split('/')[-1]
     try:
         with open(sfname, 'r') as fh:
             sig,_,_ = PEM.decode(fh.read()) # also returns header and decrypted-status
@@ -477,7 +481,7 @@ def verify_signature(fname, sfname, public_crt='public.crt', ca_crt='ca-root.crt
         if check_verif_timestamp(verif_key):
             log_level = log.error
         log_level('%s | file "%s" | status: %s ', short_fname, fname, status)
-        return STATUS.UNKNOWN
+        return status
     x509 = X509AwareCertBucket(public_crt, ca_crt)
     hasher, chosen_hash = hash_target(fname, obj_mode=True)
     digest = hasher.finalize()