Read Fulcio certificate chain as bytes in verify command (#796)

* Read Fulcio certificate chain as bytes Signed-off-by: Maya Costantini <maya.costantini@protonmail.com> * Add changelog entry for certificate chain loading fix Signed-off-by: Maya Costantini <maya.costantini@protonmail.com> * Update CHANGELOG.md Signed-off-by: William Woodruff <william@yossarian.net> --------- Signed-off-by: Maya Costantini <maya.costantini@protonmail.com> Signed-off-by: William Woodruff <william@yossarian.net> Co-authored-by: Maya Costantini <maya.costantini@protonmail.com> Co-authored-by: William Woodruff <william@yossarian.net>
sigstore · Oct 17, 2023 · ee3d313 · ee3d313
1 parent 5420a8d
commit ee3d313
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,11 @@ All versions prior to 0.9.0 are untracked.
 
 ## [Unreleased]
 
+### Fixed
+
+* CLI: When using `--certificate-chain`, read as `bytes` instead of `str`
+  as expected by the underlying API ([#796](https://github.com/sigstore/sigstore-python/pull/796))
+
 ## [2.0.0]
 
 ### Added

diff --git a/sigstore/_cli.py b/sigstore/_cli.py
@@ -422,7 +422,7 @@ def _parser() -> argparse.ArgumentParser:
     instance_options.add_argument(
         "--certificate-chain",
         metavar="FILE",
-        type=argparse.FileType("r"),
+        type=argparse.FileType("rb"),
         help=(
             "Path to a list of CA certificates in PEM format which will be needed when building "
             "the certificate chain for the Fulcio signing certificate"
@@ -488,7 +488,7 @@ def _parser() -> argparse.ArgumentParser:
     instance_options.add_argument(
         "--certificate-chain",
         metavar="FILE",
-        type=argparse.FileType("r"),
+        type=argparse.FileType("rb"),
         help=(
             "Path to a list of CA certificates in PEM format which will be needed when building "
             "the certificate chain for the Fulcio signing certificate"