Auto sync2gitlab import of certmonger-0.79.17-2.el8.src.rpm
This commit is contained in:
parent
de55387977
commit
5b195a5aee
1
.gitignore
vendored
1
.gitignore
vendored
@ -1 +1,2 @@
|
|||||||
/certmonger-0.79.13.tar.gz
|
/certmonger-0.79.13.tar.gz
|
||||||
|
/certmonger-0.79.17.tar.gz
|
||||||
|
@ -1,38 +0,0 @@
|
|||||||
From a176d474644e0f1f2ce520ed69b04dc649ed2bed Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Thu, 29 Oct 2020 10:13:08 -0400
|
|
||||||
Subject: [PATCH] Don't run the 002-keygen-* tests when root
|
|
||||||
|
|
||||||
The permissions tests will fail.
|
|
||||||
---
|
|
||||||
tests/002-keygen-dbm/prequal.sh | 5 +++++
|
|
||||||
tests/002-keygen-sql/prequal.sh | 5 +++++
|
|
||||||
2 files changed, 10 insertions(+)
|
|
||||||
create mode 100755 tests/002-keygen-dbm/prequal.sh
|
|
||||||
create mode 100755 tests/002-keygen-sql/prequal.sh
|
|
||||||
|
|
||||||
diff --git a/tests/002-keygen-dbm/prequal.sh b/tests/002-keygen-dbm/prequal.sh
|
|
||||||
new file mode 100755
|
|
||||||
index 00000000..d146a650
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/tests/002-keygen-dbm/prequal.sh
|
|
||||||
@@ -0,0 +1,5 @@
|
|
||||||
+#!/bin/sh
|
|
||||||
+if test `id -u` -eq 0 ; then
|
|
||||||
+ echo "This test won't work right if run as root."
|
|
||||||
+ exit 1
|
|
||||||
+fi
|
|
||||||
diff --git a/tests/002-keygen-sql/prequal.sh b/tests/002-keygen-sql/prequal.sh
|
|
||||||
new file mode 100755
|
|
||||||
index 00000000..d146a650
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/tests/002-keygen-sql/prequal.sh
|
|
||||||
@@ -0,0 +1,5 @@
|
|
||||||
+#!/bin/sh
|
|
||||||
+if test `id -u` -eq 0 ; then
|
|
||||||
+ echo "This test won't work right if run as root."
|
|
||||||
+ exit 1
|
|
||||||
+fi
|
|
||||||
--
|
|
||||||
2.25.4
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
|||||||
From 73b1729b9ca740174ef2fa14332f890c5cd17a26 Mon Sep 17 00:00:00 2001
|
From 14d1b5f9a482a4740706dc1cb86c454662f48d4c Mon Sep 17 00:00:00 2001
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
From: Rob Crittenden <rcritten@redhat.com>
|
||||||
Date: Tue, 10 Nov 2020 18:48:05 -0500
|
Date: Wed, 7 Dec 2022 10:09:55 -0500
|
||||||
Subject: [PATCH] Revert "Remove the certmaster CA from the 028-dbus test"
|
Subject: [PATCH] Revert "Remove the certmaster CA from the 028-dbus test"
|
||||||
|
|
||||||
This reverts commit dd8dcb899e0a159d1141b713993805565ffb6d28.
|
This reverts commit dd8dcb899e0a159d1141b713993805565ffb6d28.
|
||||||
@ -9,10 +9,10 @@ This reverts commit dd8dcb899e0a159d1141b713993805565ffb6d28.
|
|||||||
1 file changed, 124 insertions(+), 6 deletions(-)
|
1 file changed, 124 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
diff --git a/tests/028-dbus/expected.out b/tests/028-dbus/expected.out
|
diff --git a/tests/028-dbus/expected.out b/tests/028-dbus/expected.out
|
||||||
index ca7de34f..4d6a9a59 100644
|
index 86cba02..544ebd7 100644
|
||||||
--- a/tests/028-dbus/expected.out
|
--- a/tests/028-dbus/expected.out
|
||||||
+++ b/tests/028-dbus/expected.out
|
+++ b/tests/028-dbus/expected.out
|
||||||
@@ -34,6 +34,10 @@ CA 'IPA':
|
@@ -35,6 +35,10 @@ CA 'IPA':
|
||||||
is-default: no
|
is-default: no
|
||||||
ca-type: EXTERNAL
|
ca-type: EXTERNAL
|
||||||
helper-location: $libexecdir/ipa-submit
|
helper-location: $libexecdir/ipa-submit
|
||||||
@ -23,7 +23,7 @@ index ca7de34f..4d6a9a59 100644
|
|||||||
CA 'dogtag-ipa-renew-agent':
|
CA 'dogtag-ipa-renew-agent':
|
||||||
is-default: no
|
is-default: no
|
||||||
ca-type: EXTERNAL
|
ca-type: EXTERNAL
|
||||||
@@ -41,8 +45,8 @@ CA 'dogtag-ipa-renew-agent':
|
@@ -42,8 +46,8 @@ CA 'dogtag-ipa-renew-agent':
|
||||||
|
|
||||||
[[ API ]]
|
[[ API ]]
|
||||||
[ simpleprop.py ]
|
[ simpleprop.py ]
|
||||||
@ -34,7 +34,7 @@ index ca7de34f..4d6a9a59 100644
|
|||||||
: -> : -k admin@localhost -> :
|
: -> : -k admin@localhost -> :
|
||||||
0 -> 1 -> 0
|
0 -> 1 -> 0
|
||||||
[ walk.py ]
|
[ walk.py ]
|
||||||
@@ -178,7 +182,7 @@ OK
|
@@ -179,7 +183,7 @@ OK
|
||||||
OK
|
OK
|
||||||
|
|
||||||
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_known_cas ]
|
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_known_cas ]
|
||||||
@ -43,7 +43,7 @@ index ca7de34f..4d6a9a59 100644
|
|||||||
|
|
||||||
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_requests ]
|
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_requests ]
|
||||||
dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/requests/Request2')], signature=dbus.Signature('o'))
|
dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/requests/Request2')], signature=dbus.Signature('o'))
|
||||||
@@ -504,6 +508,7 @@ After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.Stri
|
@@ -507,6 +511,7 @@ After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.Stri
|
||||||
<node name="CA2"/>
|
<node name="CA2"/>
|
||||||
<node name="CA3"/>
|
<node name="CA3"/>
|
||||||
<node name="CA4"/>
|
<node name="CA4"/>
|
||||||
@ -51,7 +51,7 @@ index ca7de34f..4d6a9a59 100644
|
|||||||
</node>
|
</node>
|
||||||
|
|
||||||
[ /org/fedorahosted/certmonger/cas/CA1: org.freedesktop.DBus.Introspectable.Introspect ]
|
[ /org/fedorahosted/certmonger/cas/CA1: org.freedesktop.DBus.Introspectable.Introspect ]
|
||||||
@@ -937,10 +942,10 @@ dbus.Array([], signature=dbus.Signature('s'))
|
@@ -940,10 +945,10 @@ dbus.Array([], signature=dbus.Signature('s'))
|
||||||
</node>
|
</node>
|
||||||
|
|
||||||
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_config_file_path ]
|
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_config_file_path ]
|
||||||
@ -64,7 +64,7 @@ index ca7de34f..4d6a9a59 100644
|
|||||||
|
|
||||||
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_is_default ]
|
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_is_default ]
|
||||||
0
|
0
|
||||||
@@ -952,7 +957,7 @@ EXTERNAL
|
@@ -955,7 +960,7 @@ EXTERNAL
|
||||||
None
|
None
|
||||||
|
|
||||||
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_location ]
|
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_location ]
|
||||||
@ -73,7 +73,7 @@ index ca7de34f..4d6a9a59 100644
|
|||||||
|
|
||||||
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_issuer_names ]
|
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_issuer_names ]
|
||||||
dbus.Array([], signature=dbus.Signature('s'))
|
dbus.Array([], signature=dbus.Signature('s'))
|
||||||
@@ -960,3 +965,116 @@ dbus.Array([], signature=dbus.Signature('s'))
|
@@ -963,3 +968,116 @@ dbus.Array([], signature=dbus.Signature('s'))
|
||||||
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.refresh ]
|
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.refresh ]
|
||||||
1
|
1
|
||||||
|
|
||||||
@ -191,5 +191,5 @@ index ca7de34f..4d6a9a59 100644
|
|||||||
+1
|
+1
|
||||||
+
|
+
|
||||||
--
|
--
|
||||||
2.25.4
|
2.38.1
|
||||||
|
|
24
0002-Don-t-run-the-002-keygen-tests-when-root.patch
Normal file
24
0002-Don-t-run-the-002-keygen-tests-when-root.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
From 6224c3aa01665edddbda1ec7d1e35b03823eefcb Mon Sep 17 00:00:00 2001
|
||||||
|
From: root <root@ci-vm-10-0-137-168.hosted.upshift.rdu2.redhat.com>
|
||||||
|
Date: Wed, 7 Dec 2022 14:50:01 -0500
|
||||||
|
Subject: [PATCH] Don't run the 002-keygen-* tests when root
|
||||||
|
|
||||||
|
The permissions tests will fail.
|
||||||
|
---
|
||||||
|
tests/002-keygen-dbm/prequal.sh | 5 +++++
|
||||||
|
1 file changed, 5 insertions(+)
|
||||||
|
create mode 100755 tests/002-keygen-dbm/prequal.sh
|
||||||
|
|
||||||
|
diff --git a/tests/002-keygen-dbm/prequal.sh b/tests/002-keygen-dbm/prequal.sh
|
||||||
|
new file mode 100755
|
||||||
|
index 0000000..b6c16e0
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/tests/002-keygen-dbm/prequal.sh
|
||||||
|
@@ -0,0 +1,5 @@
|
||||||
|
+#!/bin/sh
|
||||||
|
+if test `id -u` -eq 0 ; then
|
||||||
|
+ echo "This test won't work right if run as root."
|
||||||
|
+ exit 1
|
||||||
|
+fi
|
||||||
|
--
|
||||||
|
2.31.1
|
@ -1,38 +0,0 @@
|
|||||||
From 62a6634867db5d9f79b613055b8788136d4cb41d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Ade Lee <alee@redhat.com>
|
|
||||||
Date: Wed, 14 Apr 2021 15:34:48 -0400
|
|
||||||
Subject: [PATCH] Fix local CA to work under FIPS
|
|
||||||
|
|
||||||
The PKCS12 file used for the local CA fails to be created because
|
|
||||||
it uses default OpenSSL encryption algorithms that are disallowed
|
|
||||||
under FIPS. This patch simply updates the PKCS12_create() command
|
|
||||||
to use allowed encryption algorithms.
|
|
||||||
---
|
|
||||||
src/local.c | 4 +++-
|
|
||||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/local.c b/src/local.c
|
|
||||||
index 92bea144..2f50ac77 100644
|
|
||||||
--- a/src/local.c
|
|
||||||
+++ b/src/local.c
|
|
||||||
@@ -39,6 +39,7 @@
|
|
||||||
|
|
||||||
#include <openssl/asn1.h>
|
|
||||||
#include <openssl/err.h>
|
|
||||||
+#include <openssl/obj_mac.h>
|
|
||||||
#include <openssl/pem.h>
|
|
||||||
#include <openssl/pkcs12.h>
|
|
||||||
#include <openssl/rand.h>
|
|
||||||
@@ -372,7 +373,8 @@ get_signer_info(void *parent, char *localdir, X509 ***roots,
|
|
||||||
return CM_SUBMIT_STATUS_UNREACHABLE;
|
|
||||||
}
|
|
||||||
p12 = PKCS12_create(NULL, CONSTANTCN, *signer_key, *signer_cert,
|
|
||||||
- cas, 0, 0, 0, 0, 0);
|
|
||||||
+ cas, NID_aes_128_cbc, NID_aes_128_cbc,
|
|
||||||
+ 0, 0, 0);
|
|
||||||
if (p12 != NULL) {
|
|
||||||
if (!i2d_PKCS12_fp(fp, p12)) {
|
|
||||||
fclose(fp);
|
|
||||||
--
|
|
||||||
2.26.3
|
|
||||||
|
|
@ -1,123 +0,0 @@
|
|||||||
From b38981c6e140ada6dd34bc817c508e8dd9714494 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Your Name <you@example.com>
|
|
||||||
Date: Fri, 9 Jul 2021 20:49:28 +0000
|
|
||||||
Subject: [PATCH] Add SCEP config option to treat the challenge password as an
|
|
||||||
OTP
|
|
||||||
|
|
||||||
SCEP RFC 8894 specifies that a challenge password SHOULD be
|
|
||||||
removed from subsequent requests but that it MAY be included.
|
|
||||||
|
|
||||||
This adds a new configuration option to treat the challenge password
|
|
||||||
as a one-time password (OTP) so that it will not be sent on
|
|
||||||
subsequent requests, like renewals, by removing it completely
|
|
||||||
from the tracking request.
|
|
||||||
|
|
||||||
This allows certmonger to be able to renew AD-issued SCEP certificates
|
|
||||||
if the AD registry entry DisableRenewalSubjectNameMatch is set to 1.
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1577570
|
|
||||||
|
|
||||||
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
---
|
|
||||||
src/certmonger.conf.5.in | 9 +++++++++
|
|
||||||
src/certsave.c | 13 +++++++++++++
|
|
||||||
src/prefs.c | 15 +++++++++++++++
|
|
||||||
src/prefs.h | 4 ++++
|
|
||||||
4 files changed, 41 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/certmonger.conf.5.in b/src/certmonger.conf.5.in
|
|
||||||
index 6a42d3cb..1b941b9d 100644
|
|
||||||
--- a/src/certmonger.conf.5.in
|
|
||||||
+++ b/src/certmonger.conf.5.in
|
|
||||||
@@ -126,6 +126,15 @@ If not set, the value of the \fIvalidity_period\fR setting from the
|
|
||||||
\fIselfsign\fR section, if one is set there, will be used. The default value
|
|
||||||
is \fI@CM_DEFAULT_CERT_LIFETIME@\fR.
|
|
||||||
|
|
||||||
+.SH SCEP
|
|
||||||
+Within the \fIscep\fR section, these variables and values are recognized:
|
|
||||||
+
|
|
||||||
+.IP challenge_password_otp
|
|
||||||
+This controls whether the SCEP challenge password is treated as a one-time
|
|
||||||
+password. If set to yes then the challenge password and/or challenge password
|
|
||||||
+file will be removed from the tracking request after the first certificate
|
|
||||||
+issuance so will not be sent with renewal requests. The default is no.
|
|
||||||
+
|
|
||||||
.SH BUGS
|
|
||||||
Please file tickets for any that you find at https://fedorahosted.org/certmonger/
|
|
||||||
|
|
||||||
diff --git a/src/certsave.c b/src/certsave.c
|
|
||||||
index 6eaafe59..f8503662 100644
|
|
||||||
--- a/src/certsave.c
|
|
||||||
+++ b/src/certsave.c
|
|
||||||
@@ -18,12 +18,25 @@
|
|
||||||
#include "config.h"
|
|
||||||
#include "certsave.h"
|
|
||||||
#include "certsave-int.h"
|
|
||||||
+#include "prefs.h"
|
|
||||||
#include "store-int.h"
|
|
||||||
+#include "talloc.h"
|
|
||||||
|
|
||||||
/* Start writing the certificate from the entry to the configured location. */
|
|
||||||
struct cm_certsave_state *
|
|
||||||
cm_certsave_start(struct cm_store_entry *entry)
|
|
||||||
{
|
|
||||||
+ /* If saving a SCEP certificate wipe out the challenge password */
|
|
||||||
+ if ((cm_prefs_scep_password_otp()) &&
|
|
||||||
+ (entry->cm_template_challenge_password != NULL) &&
|
|
||||||
+ (entry->cm_scep_nonce != NULL))
|
|
||||||
+ {
|
|
||||||
+ talloc_free(entry->cm_template_challenge_password);
|
|
||||||
+ entry->cm_template_challenge_password = NULL;
|
|
||||||
+ talloc_free(entry->cm_template_challenge_password_file);
|
|
||||||
+ entry->cm_template_challenge_password_file = NULL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
switch (entry->cm_cert_storage_type) {
|
|
||||||
#ifdef HAVE_OPENSSL
|
|
||||||
case cm_cert_storage_file:
|
|
||||||
diff --git a/src/prefs.c b/src/prefs.c
|
|
||||||
index 669e8f1f..52ffc908 100644
|
|
||||||
--- a/src/prefs.c
|
|
||||||
+++ b/src/prefs.c
|
|
||||||
@@ -595,3 +595,18 @@ prefs_max_key_use_count(void)
|
|
||||||
}
|
|
||||||
return count;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+int
|
|
||||||
+cm_prefs_scep_password_otp(void)
|
|
||||||
+{
|
|
||||||
+ static int populate = -1;
|
|
||||||
+ if (populate == -1) {
|
|
||||||
+ const char *val;
|
|
||||||
+ val = cm_prefs_config("scep", "challenge_password_otp");
|
|
||||||
+ if (val == NULL) {
|
|
||||||
+ val = "no";
|
|
||||||
+ }
|
|
||||||
+ populate = cm_prefs_yesno(val);
|
|
||||||
+ }
|
|
||||||
+ return populate != -1 ? populate : 0;
|
|
||||||
+}
|
|
||||||
diff --git a/src/prefs.h b/src/prefs.h
|
|
||||||
index 248e1016..a107fb6c 100644
|
|
||||||
--- a/src/prefs.h
|
|
||||||
+++ b/src/prefs.h
|
|
||||||
@@ -18,6 +18,8 @@
|
|
||||||
#ifndef cmprefs_h
|
|
||||||
#define cmprefs_h
|
|
||||||
|
|
||||||
+#include <time.h>
|
|
||||||
+
|
|
||||||
enum cm_prefs_cipher {
|
|
||||||
cm_prefs_aes128,
|
|
||||||
cm_prefs_aes192,
|
|
||||||
@@ -73,4 +75,6 @@ const char *cm_prefs_dogtag_sslpinfile(void);
|
|
||||||
long long prefs_key_end_of_life(time_t ref);
|
|
||||||
long prefs_max_key_use_count(void);
|
|
||||||
|
|
||||||
+int cm_prefs_scep_password_otp(void);
|
|
||||||
+
|
|
||||||
#endif
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,42 +0,0 @@
|
|||||||
From 0eec70b9dbd0a50a24fe173a68fd9ab72857e08d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Wed, 17 Feb 2021 13:40:52 -0500
|
|
||||||
Subject: [PATCH] Add NULL checks before string compares when analyzing a cert
|
|
||||||
|
|
||||||
A user reported a segfault which was due to a broken request.
|
|
||||||
How it got broken I have no idea but it was effectively empty.
|
|
||||||
|
|
||||||
It had everything as defaults: 0, -1, UNSPECIFIED or not
|
|
||||||
present at all.
|
|
||||||
|
|
||||||
So when trying to analyze the request it did a NULL compare.
|
|
||||||
|
|
||||||
https://pagure.io/certmonger/issue/191
|
|
||||||
---
|
|
||||||
src/tdbush.c | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/tdbush.c b/src/tdbush.c
|
|
||||||
index a10a1aff..fb81c477 100644
|
|
||||||
--- a/src/tdbush.c
|
|
||||||
+++ b/src/tdbush.c
|
|
||||||
@@ -678,14 +678,14 @@ base_add_request(DBusConnection *conn, DBusMessage *msg,
|
|
||||||
if (cert_storage != e->cm_cert_storage_type) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
- if (strcmp(cert_location, e->cm_cert_storage_location) != 0) {
|
|
||||||
+ if ((e->cm_cert_storage_location == NULL) || strcmp(cert_location, e->cm_cert_storage_location) != 0) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
switch (cert_storage) {
|
|
||||||
case cm_cert_storage_file:
|
|
||||||
break;
|
|
||||||
case cm_cert_storage_nssdb:
|
|
||||||
- if (strcmp(cert_nickname, e->cm_cert_nickname) != 0) {
|
|
||||||
+ if ((e->cm_cert_nickname == NULL) || strcmp(cert_nickname, e->cm_cert_nickname) != 0) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,386 +0,0 @@
|
|||||||
From 84d575da7516cae1ee94099317cf0f8fae2c7ea1 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Thu, 8 Apr 2021 14:07:22 -0400
|
|
||||||
Subject: [PATCH] Display not_before in getcert output
|
|
||||||
|
|
||||||
Including not_before can help with troubleshooting
|
|
||||||
renewal problems and if time needs to be reversed
|
|
||||||
helping identify the maximum one can go back.
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1940261
|
|
||||||
|
|
||||||
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
---
|
|
||||||
src/getcert.c | 21 ++++-
|
|
||||||
src/tdbush.c | 10 ++-
|
|
||||||
src/tdbusm-check.c | 32 ++++++++
|
|
||||||
src/tdbusm.c | 150 ++++++++++++++++++++++++++++++++++++
|
|
||||||
src/tdbusm.h | 9 +++
|
|
||||||
tests/028-dbus/expected.out | 4 +-
|
|
||||||
tests/028-dbus/run.sh | 1 +
|
|
||||||
7 files changed, 220 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/getcert.c b/src/getcert.c
|
|
||||||
index 078f5aa1..4afafcb1 100644
|
|
||||||
--- a/src/getcert.c
|
|
||||||
+++ b/src/getcert.c
|
|
||||||
@@ -3389,7 +3389,7 @@ list(const char *argv0, int argc, const char **argv)
|
|
||||||
const char *capath, *request;
|
|
||||||
dbus_bool_t b;
|
|
||||||
char *s1, *s2, *s3, *s4, *s5, *s6;
|
|
||||||
- long n1, n2;
|
|
||||||
+ long n1, n2, n3;
|
|
||||||
char **as, **as1, **as2, **as3, **as4, **as5, t[25];
|
|
||||||
int requests_only = 0, tracking_only = 0, verbose = 0, c, i, j;
|
|
||||||
unsigned int k;
|
|
||||||
@@ -3754,10 +3754,10 @@ list(const char *argv0, int argc, const char **argv)
|
|
||||||
/* Information from the certificate. */
|
|
||||||
rep = query_rep(bus, requests[i], CM_DBUS_REQUEST_INTERFACE,
|
|
||||||
"get_cert_info", verbose);
|
|
||||||
- if (cm_tdbusm_get_sssnasasasnas(rep, globals.tctx,
|
|
||||||
+ if (cm_tdbusm_get_sssnasasasnasn(rep, globals.tctx,
|
|
||||||
&s1, &s2, &s3, &n1,
|
|
||||||
&as1, &as2, &as3,
|
|
||||||
- &n2, &as4) != 0) {
|
|
||||||
+ &n2, &as4, &n3) != 0) {
|
|
||||||
printf(_("Error parsing server response.\n"));
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
@@ -3768,6 +3768,21 @@ list(const char *argv0, int argc, const char **argv)
|
|
||||||
printf(_("\tissuer: %s\n"), s1);
|
|
||||||
printf(_("\tsubject: %s\n"), s3);
|
|
||||||
when = _("unknown");
|
|
||||||
+ if (n3 != 0) {
|
|
||||||
+ if (force_utc) {
|
|
||||||
+ when = cm_store_timestamp_from_time_for_display(n3, t);
|
|
||||||
+ printf(_("\tissued: %s\n"), when);
|
|
||||||
+ } else {
|
|
||||||
+ when = cm_store_local_timestamp_from_time_for_display(n3);
|
|
||||||
+ if (when != NULL) {
|
|
||||||
+ printf(_("\tissued: %s\n"), when);
|
|
||||||
+ free(when);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ } else {
|
|
||||||
+ printf(_("\tissued: %s\n"), when);
|
|
||||||
+ }
|
|
||||||
+ when = _("unknown");
|
|
||||||
if (n1 != 0) {
|
|
||||||
if (force_utc) {
|
|
||||||
when = cm_store_timestamp_from_time_for_display(n1, t);
|
|
||||||
diff --git a/src/tdbush.c b/src/tdbush.c
|
|
||||||
index 3587f84f..6fc1b4be 100644
|
|
||||||
--- a/src/tdbush.c
|
|
||||||
+++ b/src/tdbush.c
|
|
||||||
@@ -2701,7 +2701,7 @@ request_get_cert_info(DBusConnection *conn, DBusMessage *msg,
|
|
||||||
rep = dbus_message_new_method_return(msg);
|
|
||||||
if (rep != NULL) {
|
|
||||||
eku = eku_splitv(entry, entry->cm_cert_eku);
|
|
||||||
- cm_tdbusm_set_sssnasasasnas(rep,
|
|
||||||
+ cm_tdbusm_set_sssnasasasnasn(rep,
|
|
||||||
entry->cm_cert_issuer,
|
|
||||||
entry->cm_cert_serial,
|
|
||||||
entry->cm_cert_subject,
|
|
||||||
@@ -2710,7 +2710,8 @@ request_get_cert_info(DBusConnection *conn, DBusMessage *msg,
|
|
||||||
(const char **) entry->cm_cert_hostname,
|
|
||||||
(const char **) entry->cm_cert_principal,
|
|
||||||
ku_from_string(entry->cm_cert_ku),
|
|
||||||
- (const char **) eku);
|
|
||||||
+ (const char **) eku,
|
|
||||||
+ entry->cm_cert_not_before);
|
|
||||||
dbus_connection_send(conn, rep, NULL);
|
|
||||||
dbus_message_unref(rep);
|
|
||||||
talloc_free(eku);
|
|
||||||
@@ -6563,7 +6564,10 @@ cm_tdbush_iface_request(void)
|
|
||||||
DBUS_TYPE_ARRAY_AS_STRING
|
|
||||||
DBUS_TYPE_STRING_AS_STRING,
|
|
||||||
cm_tdbush_method_arg_out,
|
|
||||||
- NULL))))))))),
|
|
||||||
+ make_method_arg("not_before",
|
|
||||||
+ DBUS_TYPE_INT64_AS_STRING,
|
|
||||||
+ cm_tdbush_method_arg_out,
|
|
||||||
+ NULL)))))))))),
|
|
||||||
NULL),
|
|
||||||
make_interface_item(cm_tdbush_interface_property,
|
|
||||||
make_property(CM_DBUS_PROP_CERT_ISSUER,
|
|
||||||
diff --git a/src/tdbusm-check.c b/src/tdbusm-check.c
|
|
||||||
index 385b1849..31880732 100644
|
|
||||||
--- a/src/tdbusm-check.c
|
|
||||||
+++ b/src/tdbusm-check.c
|
|
||||||
@@ -539,6 +539,38 @@ get_sssnasasasnas(DBusMessage *rep, int msgid)
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
static int
|
|
||||||
+get_sssnasasasnasn(DBusMessage *rep, int msgid)
|
|
||||||
+{
|
|
||||||
+ int ret, i;
|
|
||||||
+ long n1, n2, n3;
|
|
||||||
+ char *s1, *s2, *s3, **as1, **as2, **as3, **as4;
|
|
||||||
+
|
|
||||||
+ ret = cm_tdbusm_get_sssnasasasnasn(rep, NULL,
|
|
||||||
+ &s1, &s2, &s3, &n1,
|
|
||||||
+ &as1, &as2, &as3, &n2, &as4, &n3);
|
|
||||||
+ if (ret == 0) {
|
|
||||||
+ printf("Message %d - s:%s,s:%s,s:%s," "n:%ld,[",
|
|
||||||
+ msgid, s1, s2, s3, n1);
|
|
||||||
+ for (i = 0; (as1 != NULL) && (as1[i] != NULL); i++) {
|
|
||||||
+ printf("%ss:%s", i > 0 ? "," : "", as1[i]);
|
|
||||||
+ }
|
|
||||||
+ printf("],[");
|
|
||||||
+ for (i = 0; (as2 != NULL) && (as2[i] != NULL); i++) {
|
|
||||||
+ printf("%ss:%s", i > 0 ? "," : "", as2[i]);
|
|
||||||
+ }
|
|
||||||
+ printf("],[");
|
|
||||||
+ for (i = 0; (as3 != NULL) && (as3[i] != NULL); i++) {
|
|
||||||
+ printf("%ss:%s", i > 0 ? "," : "", as3[i]);
|
|
||||||
+ }
|
|
||||||
+ printf("],n:%ld,n:%ld,[", n2, n3);
|
|
||||||
+ for (i = 0; (as4 != NULL) && (as4[i] != NULL); i++) {
|
|
||||||
+ printf("%ss:%s", i > 0 ? "," : "", as4[i]);
|
|
||||||
+ }
|
|
||||||
+ printf("]\n");
|
|
||||||
+ }
|
|
||||||
+ return ret;
|
|
||||||
+}
|
|
||||||
+static int
|
|
||||||
get_sasasasnas(DBusMessage *rep, int msgid)
|
|
||||||
{
|
|
||||||
int ret, i;
|
|
||||||
diff --git a/src/tdbusm.c b/src/tdbusm.c
|
|
||||||
index bc39e1d4..24e03e4c 100644
|
|
||||||
--- a/src/tdbusm.c
|
|
||||||
+++ b/src/tdbusm.c
|
|
||||||
@@ -935,6 +935,105 @@ cm_tdbusm_get_sssnasasasnas(DBusMessage *msg, void *parent,
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
+int
|
|
||||||
+cm_tdbusm_get_sssnasasasnasn(DBusMessage *msg, void *parent,
|
|
||||||
+ char **s1, char **s2, char **s3, long *n1,
|
|
||||||
+ char ***as1, char ***as2, char ***as3,
|
|
||||||
+ long *n2, char ***as4, long *n3)
|
|
||||||
+{
|
|
||||||
+ DBusError err;
|
|
||||||
+ char **tmp1, **tmp2, **tmp3, **tmp4;
|
|
||||||
+ int64_t i641, i642, i643;
|
|
||||||
+ int32_t i321, i322, i323;
|
|
||||||
+ int16_t i161, i162, i163;
|
|
||||||
+ int i, j, k, l;
|
|
||||||
+ *s1 = NULL;
|
|
||||||
+ *s2 = NULL;
|
|
||||||
+ *s3 = NULL;
|
|
||||||
+ *as1 = NULL;
|
|
||||||
+ *as2 = NULL;
|
|
||||||
+ *as3 = NULL;
|
|
||||||
+ *as4 = NULL;
|
|
||||||
+ dbus_error_init(&err);
|
|
||||||
+ if (!dbus_message_get_args(msg, &err,
|
|
||||||
+ DBUS_TYPE_STRING, s1,
|
|
||||||
+ DBUS_TYPE_STRING, s2,
|
|
||||||
+ DBUS_TYPE_STRING, s3,
|
|
||||||
+ DBUS_TYPE_INT64, &i641,
|
|
||||||
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp1, &i,
|
|
||||||
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp2, &j,
|
|
||||||
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp3, &k,
|
|
||||||
+ DBUS_TYPE_INT64, &i642,
|
|
||||||
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp4, &l,
|
|
||||||
+ DBUS_TYPE_INT64, &i643,
|
|
||||||
+ DBUS_TYPE_INVALID)) {
|
|
||||||
+ if (dbus_error_is_set(&err)) {
|
|
||||||
+ dbus_error_free(&err);
|
|
||||||
+ dbus_error_init(&err);
|
|
||||||
+ }
|
|
||||||
+ if (!dbus_message_get_args(msg, &err,
|
|
||||||
+ DBUS_TYPE_STRING, s1,
|
|
||||||
+ DBUS_TYPE_STRING, s2,
|
|
||||||
+ DBUS_TYPE_STRING, s3,
|
|
||||||
+ DBUS_TYPE_INT32, &i321,
|
|
||||||
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,
|
|
||||||
+ &tmp1, &i,
|
|
||||||
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,
|
|
||||||
+ &tmp2, &j,
|
|
||||||
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,
|
|
||||||
+ &tmp3, &k,
|
|
||||||
+ DBUS_TYPE_INT32, &i322,
|
|
||||||
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,
|
|
||||||
+ &tmp4, &l,
|
|
||||||
+ DBUS_TYPE_INT32, &i323,
|
|
||||||
+ DBUS_TYPE_INVALID)) {
|
|
||||||
+ if (dbus_error_is_set(&err)) {
|
|
||||||
+ dbus_error_free(&err);
|
|
||||||
+ dbus_error_init(&err);
|
|
||||||
+ }
|
|
||||||
+ if (!dbus_message_get_args(msg, &err,
|
|
||||||
+ DBUS_TYPE_STRING, s1,
|
|
||||||
+ DBUS_TYPE_STRING, s2,
|
|
||||||
+ DBUS_TYPE_STRING, s3,
|
|
||||||
+ DBUS_TYPE_INT16, &i161,
|
|
||||||
+ DBUS_TYPE_ARRAY,
|
|
||||||
+ DBUS_TYPE_STRING, &tmp1, &i,
|
|
||||||
+ DBUS_TYPE_ARRAY,
|
|
||||||
+ DBUS_TYPE_STRING, &tmp2, &j,
|
|
||||||
+ DBUS_TYPE_ARRAY,
|
|
||||||
+ DBUS_TYPE_STRING, &tmp3, &k,
|
|
||||||
+ DBUS_TYPE_INT16, &i162,
|
|
||||||
+ DBUS_TYPE_ARRAY,
|
|
||||||
+ DBUS_TYPE_STRING, &tmp4, &l,
|
|
||||||
+ DBUS_TYPE_INT16, &i163,
|
|
||||||
+ DBUS_TYPE_INVALID)) {
|
|
||||||
+ if (dbus_error_is_set(&err)) {
|
|
||||||
+ dbus_error_free(&err);
|
|
||||||
+ dbus_error_init(&err);
|
|
||||||
+ }
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+ i321 = i161;
|
|
||||||
+ i322 = i162;
|
|
||||||
+ i323 = i163;
|
|
||||||
+ }
|
|
||||||
+ i641 = i321;
|
|
||||||
+ i642 = i322;
|
|
||||||
+ i643 = i323;
|
|
||||||
+ }
|
|
||||||
+ *s1 = *s1 ? talloc_strdup(parent, *s1) : NULL;
|
|
||||||
+ *s2 = *s2 ? talloc_strdup(parent, *s2) : NULL;
|
|
||||||
+ *s3 = *s3 ? talloc_strdup(parent, *s3) : NULL;
|
|
||||||
+ *n1 = i641;
|
|
||||||
+ *n2 = i642;
|
|
||||||
+ *n3 = i643;
|
|
||||||
+ *as1 = cm_tdbusm_take_dbus_string_array(parent, tmp1, i);
|
|
||||||
+ *as2 = cm_tdbusm_take_dbus_string_array(parent, tmp2, j);
|
|
||||||
+ *as3 = cm_tdbusm_take_dbus_string_array(parent, tmp3, k);
|
|
||||||
+ *as4 = cm_tdbusm_take_dbus_string_array(parent, tmp4, l);
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
int
|
|
||||||
cm_tdbusm_get_sasasasnas(DBusMessage *msg, void *parent, char **s,
|
|
||||||
char ***as1, char ***as2, char ***as3,
|
|
||||||
@@ -1856,6 +1955,57 @@ cm_tdbusm_set_sssnasasasnas(DBusMessage *msg,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+int
|
|
||||||
+cm_tdbusm_set_sssnasasasnasn(DBusMessage *msg,
|
|
||||||
+ const char *s1, const char *s2, const char *s3,
|
|
||||||
+ long n1, const char **as1, const char **as2,
|
|
||||||
+ const char **as3, long n2, const char **as4,
|
|
||||||
+ long n3)
|
|
||||||
+{
|
|
||||||
+ int64_t i1 = n1, i2 = n2, i3 = n3;
|
|
||||||
+ if (s1 == NULL) {
|
|
||||||
+ s1 = empty_string;
|
|
||||||
+ }
|
|
||||||
+ if (s2 == NULL) {
|
|
||||||
+ s2 = empty_string;
|
|
||||||
+ }
|
|
||||||
+ if (s3 == NULL) {
|
|
||||||
+ s3 = empty_string;
|
|
||||||
+ }
|
|
||||||
+ if (as1 == NULL) {
|
|
||||||
+ as1 = empty_string_array;
|
|
||||||
+ }
|
|
||||||
+ if (as2 == NULL) {
|
|
||||||
+ as2 = empty_string_array;
|
|
||||||
+ }
|
|
||||||
+ if (as3 == NULL) {
|
|
||||||
+ as3 = empty_string_array;
|
|
||||||
+ }
|
|
||||||
+ if (as4 == NULL) {
|
|
||||||
+ as4 = empty_string_array;
|
|
||||||
+ }
|
|
||||||
+ if (dbus_message_append_args(msg,
|
|
||||||
+ DBUS_TYPE_STRING, &s1,
|
|
||||||
+ DBUS_TYPE_STRING, &s2,
|
|
||||||
+ DBUS_TYPE_STRING, &s3,
|
|
||||||
+ DBUS_TYPE_INT64, &i1,
|
|
||||||
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,
|
|
||||||
+ &as1, cm_tdbusm_array_length(as1),
|
|
||||||
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,
|
|
||||||
+ &as2, cm_tdbusm_array_length(as2),
|
|
||||||
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,
|
|
||||||
+ &as3, cm_tdbusm_array_length(as3),
|
|
||||||
+ DBUS_TYPE_INT64, &i2,
|
|
||||||
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,
|
|
||||||
+ &as4, cm_tdbusm_array_length(as4),
|
|
||||||
+ DBUS_TYPE_INT64, &i3,
|
|
||||||
+ DBUS_TYPE_INVALID)) {
|
|
||||||
+ return 0;
|
|
||||||
+ } else {
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
int
|
|
||||||
cm_tdbusm_set_sasasasnas(DBusMessage *msg, const char *s,
|
|
||||||
const char **as1, const char **as2,
|
|
||||||
diff --git a/src/tdbusm.h b/src/tdbusm.h
|
|
||||||
index fe021eff..250a9b0a 100644
|
|
||||||
--- a/src/tdbusm.h
|
|
||||||
+++ b/src/tdbusm.h
|
|
||||||
@@ -55,6 +55,10 @@ int cm_tdbusm_get_sssnasasasnas(DBusMessage *msg, void *parent,
|
|
||||||
char **s1, char **s2, char **s3, long *n1,
|
|
||||||
char ***as1, char ***as2,
|
|
||||||
char ***as3, long *n2, char ***as4);
|
|
||||||
+int cm_tdbusm_get_sssnasasasnasn(DBusMessage *msg, void *parent,
|
|
||||||
+ char **s1, char **s2, char **s3, long *n1,
|
|
||||||
+ char ***as1, char ***as2,
|
|
||||||
+ char ***as3, long *n2, char ***as4, long *n3);
|
|
||||||
int cm_tdbusm_get_sasasasnas(DBusMessage *msg, void *parent,
|
|
||||||
char **s,
|
|
||||||
char ***as1, char ***as2,
|
|
||||||
@@ -124,6 +128,11 @@ int cm_tdbusm_set_sssnasasasnas(DBusMessage *msg,
|
|
||||||
const char *s3, long n1,
|
|
||||||
const char **as1, const char **as2,
|
|
||||||
const char **as3, long n2, const char **as4);
|
|
||||||
+int cm_tdbusm_set_sssnasasasnasn(DBusMessage *msg,
|
|
||||||
+ const char *s1, const char *s2,
|
|
||||||
+ const char *s3, long n1,
|
|
||||||
+ const char **as1, const char **as2,
|
|
||||||
+ const char **as3, long n2, const char **as4, long n3);
|
|
||||||
int cm_tdbusm_set_sasasasnas(DBusMessage *msg,
|
|
||||||
const char *s,
|
|
||||||
const char **as1, const char **as2,
|
|
||||||
diff --git a/tests/028-dbus/expected.out b/tests/028-dbus/expected.out
|
|
||||||
index ca7de34f..4cecbe15 100644
|
|
||||||
--- a/tests/028-dbus/expected.out
|
|
||||||
+++ b/tests/028-dbus/expected.out
|
|
||||||
@@ -11,6 +11,7 @@ Request ID 'Buddy':
|
|
||||||
CA: local
|
|
||||||
issuer: CN=$UUID,CN=Local Signing Authority
|
|
||||||
subject: CN=localhost
|
|
||||||
+ issued: sometime
|
|
||||||
expires: sometime
|
|
||||||
dns: localhost
|
|
||||||
principal name: host/localhost@LOCALHOST
|
|
||||||
@@ -269,6 +270,7 @@ OK
|
|
||||||
<arg name="principal_names" type="as" direction="out"/>
|
|
||||||
<arg name="key_usage" type="x" direction="out"/>
|
|
||||||
<arg name="extended_key_usage" type="as" direction="out"/>
|
|
||||||
+ <arg name="not_before" type="x" direction="out"/>
|
|
||||||
</method>
|
|
||||||
<property name="issuer" type="s" access="read"/>
|
|
||||||
<property name="serial" type="s" access="read"/>
|
|
||||||
@@ -430,7 +432,7 @@ Buddy
|
|
||||||
|
|
||||||
|
|
||||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_info ]
|
|
||||||
-(dbus.String('CN=$UUID,CN=Local Signing Authority'), dbus.String('$UUID'), dbus.String('CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s')))
|
|
||||||
+(dbus.String('CN=$UUID,CN=Local Signing Authority'), dbus.String('$UUID'), dbus.String('CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s')), dbus.Int64(recently))
|
|
||||||
|
|
||||||
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_last_checked ]
|
|
||||||
recently
|
|
||||||
diff --git a/tests/028-dbus/run.sh b/tests/028-dbus/run.sh
|
|
||||||
index d0be6ad8..a457834f 100755
|
|
||||||
--- a/tests/028-dbus/run.sh
|
|
||||||
+++ b/tests/028-dbus/run.sh
|
|
||||||
@@ -42,5 +42,6 @@ sed -r -e 's,CN=........-........-........-........,CN=$UUID,g' \
|
|
||||||
-e '/^-----BEGIN/,/^-----END/d' \
|
|
||||||
-e "s|$libexecdir|\$libexecdir|g" \
|
|
||||||
-e "s|$tmpdir|\$tmpdir|g" \
|
|
||||||
+ -e "s|issued:.*|issued: sometime|g" \
|
|
||||||
-e "s|expires:.*|expires: sometime|g" \
|
|
||||||
-e "s|'(00)?[0-9a-fA-F]{32}|'"'$UUID|g' \
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,40 +0,0 @@
|
|||||||
From f9c774f737a060b355533c215d7443b9865992a0 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
Date: Thu, 12 Aug 2021 16:26:09 -0400
|
|
||||||
Subject: [PATCH] Fix file descriptor leak when executing CA helpers
|
|
||||||
|
|
||||||
cm_cadata_start_generic() creates a pipe. One half is passed
|
|
||||||
to fetch(), the function that does all helper calls,
|
|
||||||
via the cm_cadata_state variable ret. The other half is the
|
|
||||||
reader and is used to detect execution errors. There is a pair
|
|
||||||
of write/read on this descriptor which on error would be the
|
|
||||||
errno.
|
|
||||||
|
|
||||||
This second half wasn't being closed after reading to test for
|
|
||||||
errors.
|
|
||||||
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1992439
|
|
||||||
|
|
||||||
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
|
|
||||||
---
|
|
||||||
src/cadata.c | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/cadata.c b/src/cadata.c
|
|
||||||
index 3e916c9..d851b9e 100644
|
|
||||||
--- a/src/cadata.c
|
|
||||||
+++ b/src/cadata.c
|
|
||||||
@@ -772,8 +772,10 @@ cm_cadata_start_generic(struct cm_store_ca *ca, const char *op,
|
|
||||||
cm_log(1, "Error running enrollment helper \"%s\": %s.\n",
|
|
||||||
ca->cm_ca_external_helper, strerror(u));
|
|
||||||
talloc_free(ret);
|
|
||||||
+ close(error_fd[0]);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
+ close(error_fd[0]);
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,80 +0,0 @@
|
|||||||
From 9312d1892c611d9f0e814cb915488182da2b76cc Mon Sep 17 00:00:00 2001
|
|
||||||
From: Christian Heimes <cheimes@redhat.com>
|
|
||||||
Date: Mon, 4 Oct 2021 15:55:44 +0200
|
|
||||||
Subject: [PATCH] Use extensions template from NSS
|
|
||||||
|
|
||||||
Drop certmonger's custom extension template and use the sequence of X509v3
|
|
||||||
extensions template from NSS.
|
|
||||||
|
|
||||||
The certmonger template had a bug that caused certmonger to create CSRs
|
|
||||||
with invalid DER. It was encoding extension's critical element even for
|
|
||||||
default value FALSE.
|
|
||||||
|
|
||||||
Fixes: https://pagure.io/certmonger/issue/223
|
|
||||||
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
|
||||||
---
|
|
||||||
src/certext.c | 41 +----------------------------------------
|
|
||||||
1 file changed, 1 insertion(+), 40 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/certext.c b/src/certext.c
|
|
||||||
index be536987..0d66971e 100644
|
|
||||||
--- a/src/certext.c
|
|
||||||
+++ b/src/certext.c
|
|
||||||
@@ -203,45 +203,6 @@ cm_ms_template_template[] = {
|
|
||||||
{0, 0, NULL, 0},
|
|
||||||
};
|
|
||||||
|
|
||||||
-/* RFC 5280, 4.1 */
|
|
||||||
-const SEC_ASN1Template
|
|
||||||
-cm_certext_cert_extension_template[] = {
|
|
||||||
- {
|
|
||||||
- .kind = SEC_ASN1_SEQUENCE,
|
|
||||||
- .offset = 0,
|
|
||||||
- .sub = NULL,
|
|
||||||
- .size = sizeof(CERTCertExtension),
|
|
||||||
- },
|
|
||||||
- {
|
|
||||||
- .kind = SEC_ASN1_OBJECT_ID,
|
|
||||||
- .offset = offsetof(CERTCertExtension, id),
|
|
||||||
- .sub = NULL,
|
|
||||||
- .size = sizeof(SECItem),
|
|
||||||
- },
|
|
||||||
- {
|
|
||||||
- .kind = SEC_ASN1_BOOLEAN,
|
|
||||||
- .offset = offsetof(CERTCertExtension, critical),
|
|
||||||
- .sub = NULL,
|
|
||||||
- .size = sizeof(SECItem),
|
|
||||||
- },
|
|
||||||
- {
|
|
||||||
- .kind = SEC_ASN1_OCTET_STRING,
|
|
||||||
- .offset = offsetof(CERTCertExtension, value),
|
|
||||||
- .sub = NULL,
|
|
||||||
- .size = sizeof(SECItem),
|
|
||||||
- },
|
|
||||||
- {0, 0, NULL, 0},
|
|
||||||
-};
|
|
||||||
-const SEC_ASN1Template
|
|
||||||
-cm_certext_sequence_of_cert_extension_template[] = {
|
|
||||||
- {
|
|
||||||
- .kind = SEC_ASN1_SEQUENCE_OF,
|
|
||||||
- .offset = 0,
|
|
||||||
- .sub = cm_certext_cert_extension_template,
|
|
||||||
- .size = sizeof(CERTCertExtension **),
|
|
||||||
- },
|
|
||||||
-};
|
|
||||||
-
|
|
||||||
/* Windows 2000-style UPN */
|
|
||||||
static unsigned char oid_ms_upn_name_bytes[] = {0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x03};
|
|
||||||
static const SECOidData oid_ms_upn_name = {
|
|
||||||
@@ -1960,7 +1921,7 @@ cm_certext_build_csr_extensions(struct cm_store_entry *entry,
|
|
||||||
/* Encode the sequence. */
|
|
||||||
memset(&encoded, 0, sizeof(encoded));
|
|
||||||
if (i > 1) {
|
|
||||||
- template = cm_certext_sequence_of_cert_extension_template;
|
|
||||||
+ template = CERT_SequenceOfCertExtensionTemplate;
|
|
||||||
if (SEC_ASN1EncodeItem(arena, &encoded, &exts_ptr,
|
|
||||||
template) == &encoded) {
|
|
||||||
*extensions = talloc_memdup(entry, encoded.data,
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -1,280 +0,0 @@
|
|||||||
From e3e4679693efc60bc7a25983909ddfa6883ab2ec Mon Sep 17 00:00:00 2001
|
|
||||||
From: Christian Heimes <cheimes@redhat.com>
|
|
||||||
Date: Mon, 4 Oct 2021 18:52:53 +0200
|
|
||||||
Subject: [PATCH] Use implicit, empty FALSE for extensions
|
|
||||||
|
|
||||||
Cemplate had a bug that caused certmonger to create CSRs with invalid DER.
|
|
||||||
It was encoding extension's critical element even for default value FALSE.
|
|
||||||
|
|
||||||
Fixes: https://pagure.io/certmonger/issue/223
|
|
||||||
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
|
||||||
---
|
|
||||||
src/certext.c | 7 +-
|
|
||||||
tests/003-csrgen-rsa/expected.out | 82 ++++++++++------------
|
|
||||||
tests/003-csrgen/expected.out | 110 +++++++++++++-----------------
|
|
||||||
3 files changed, 91 insertions(+), 108 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/certext.c b/src/certext.c
|
|
||||||
index 0d66971e..e5e0b4dc 100644
|
|
||||||
--- a/src/certext.c
|
|
||||||
+++ b/src/certext.c
|
|
||||||
@@ -1706,9 +1706,12 @@ cm_certext_build_csr_extensions(struct cm_store_entry *entry,
|
|
||||||
CERTCertExtension ext[13], *exts[14], **exts_ptr;
|
|
||||||
SECOidData *oid;
|
|
||||||
SECItem *item, encoded;
|
|
||||||
+ /* X509v3 extension's critical element has an implicit default,
|
|
||||||
+ * see https://pagure.io/certmonger/issue/223
|
|
||||||
+ */
|
|
||||||
SECItem der_false = {
|
|
||||||
- .len = 1,
|
|
||||||
- .data = (unsigned char *) "\000",
|
|
||||||
+ .len = 0,
|
|
||||||
+ .data = NULL,
|
|
||||||
};
|
|
||||||
SECItem der_true = {
|
|
||||||
.len = 1,
|
|
||||||
diff --git a/tests/003-csrgen-rsa/expected.out b/tests/003-csrgen-rsa/expected.out
|
|
||||||
index def53fe4..0fb88323 100644
|
|
||||||
--- a/tests/003-csrgen-rsa/expected.out
|
|
||||||
+++ b/tests/003-csrgen-rsa/expected.out
|
|
||||||
@@ -8,8 +8,8 @@ pk12util: PKCS12 EXPORT SUCCESSFUL
|
|
||||||
4096 OK.
|
|
||||||
Signature OK
|
|
||||||
The last CSR (the one with everything) was:
|
|
||||||
- 0:d=0 hl=4 l=1413 cons: SEQUENCE
|
|
||||||
- 4:d=1 hl=4 l=1133 cons: SEQUENCE
|
|
||||||
+ 0:d=0 hl=4 l=1389 cons: SEQUENCE
|
|
||||||
+ 4:d=1 hl=4 l=1109 cons: SEQUENCE
|
|
||||||
8:d=2 hl=2 l= 1 prim: INTEGER :00
|
|
||||||
11:d=2 hl=2 l= 22 cons: SEQUENCE
|
|
||||||
13:d=3 hl=2 l= 20 cons: SET
|
|
||||||
@@ -21,7 +21,7 @@ The last CSR (the one with everything) was:
|
|
||||||
41:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
|
|
||||||
52:d=4 hl=2 l= 0 prim: NULL
|
|
||||||
54:d=3 hl=4 l= 271 prim: BIT STRING
|
|
||||||
- 329:d=2 hl=4 l= 808 cons: cont [ 0 ]
|
|
||||||
+ 329:d=2 hl=4 l= 784 cons: cont [ 0 ]
|
|
||||||
333:d=3 hl=2 l= 52 cons: SEQUENCE
|
|
||||||
335:d=4 hl=2 l= 9 prim: OBJECT :challengePassword
|
|
||||||
346:d=4 hl=2 l= 39 cons: SET
|
|
||||||
@@ -30,48 +30,40 @@ The last CSR (the one with everything) was:
|
|
||||||
389:d=4 hl=2 l= 9 prim: OBJECT :friendlyName
|
|
||||||
400:d=4 hl=2 l= 48 cons: SET
|
|
||||||
402:d=5 hl=2 l= 46 prim: BMPSTRING
|
|
||||||
- 450:d=3 hl=4 l= 687 cons: SEQUENCE
|
|
||||||
+ 450:d=3 hl=4 l= 663 cons: SEQUENCE
|
|
||||||
454:d=4 hl=2 l= 9 prim: OBJECT :Extension Request
|
|
||||||
- 465:d=4 hl=4 l= 672 cons: SET
|
|
||||||
- 469:d=5 hl=4 l= 668 cons: SEQUENCE
|
|
||||||
- 473:d=6 hl=2 l= 14 cons: SEQUENCE
|
|
||||||
+ 465:d=4 hl=4 l= 648 cons: SET
|
|
||||||
+ 469:d=5 hl=4 l= 644 cons: SEQUENCE
|
|
||||||
+ 473:d=6 hl=2 l= 11 cons: SEQUENCE
|
|
||||||
475:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
|
|
||||||
- 480:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 483:d=7 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205E0
|
|
||||||
- 489:d=6 hl=4 l= 264 cons: SEQUENCE
|
|
||||||
- 493:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
|
|
||||||
- 498:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 501:d=7 hl=3 l= 253 prim: OCTET STRING [HEX DUMP]:3081FA82096C6F63616C686F737482156C6F63616C686F73742E6C6F63616C646F6D61696E810E726F6F74406C6F63616C686F7374811A726F6F74406C6F63616C686F73742E6C6F63616C646F6D61696EA020060A2B060104018237140203A0120C10726F6F74404558414D504C452E434F4DA02E06062B0601050202A0243022A00D1B0B4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74A024060A2B060104018237140203A0160C14726F6F7440464F4F2E4558414D504C452E434F4DA03206062B0601050202A0283026A0111B0F464F4F2E4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74
|
|
||||||
- 757:d=6 hl=2 l= 32 cons: SEQUENCE
|
|
||||||
- 759:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
|
|
||||||
- 764:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 767:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030206082B06010505070304
|
|
||||||
- 791:d=6 hl=2 l= 18 cons: SEQUENCE
|
|
||||||
- 793:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
|
|
||||||
- 798:d=7 hl=2 l= 1 prim: BOOLEAN :255
|
|
||||||
- 801:d=7 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:30060101FF020103
|
|
||||||
- 811:d=6 hl=2 l= 34 cons: SEQUENCE
|
|
||||||
- 813:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
|
|
||||||
- 818:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 821:d=7 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014A9993E364706816ABA3E25717850C26C9CD0D89D
|
|
||||||
- 847:d=6 hl=2 l= 32 cons: SEQUENCE
|
|
||||||
- 849:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
|
|
||||||
- 854:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 857:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A9993E364706816ABA3E25717850C26C9CD0D89D
|
|
||||||
- 881:d=6 hl=2 l= 107 cons: SEQUENCE
|
|
||||||
- 883:d=7 hl=2 l= 8 prim: OBJECT :Authority Information Access
|
|
||||||
- 893:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 896:d=7 hl=2 l= 92 prim: OCTET STRING [HEX DUMP]:305A302B06082B06010505073001861F687474703A2F2F6F6373702D312E6578616D706C652E636F6D3A3132333435302B06082B06010505073001861F687474703A2F2F6F6373702D322E6578616D706C652E636F6D3A3132333435
|
|
||||||
- 990:d=6 hl=2 l= 96 cons: SEQUENCE
|
|
||||||
- 992:d=7 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
|
|
||||||
- 997:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 1000:d=7 hl=2 l= 86 prim: OCTET STRING [HEX DUMP]:30543028A026A0248622687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F6765743028A026A0248622687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F676574
|
|
||||||
- 1088:d=6 hl=2 l= 51 cons: SEQUENCE
|
|
||||||
- 1090:d=7 hl=2 l= 9 prim: OBJECT :Netscape Comment
|
|
||||||
- 1101:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 1104:d=7 hl=2 l= 35 prim: OCTET STRING [HEX DUMP]:1621636572746D6F6E6765722067656E65726174656420746869732072657175657374
|
|
||||||
- 1141:d=1 hl=2 l= 13 cons: SEQUENCE
|
|
||||||
- 1143:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
|
|
||||||
- 1154:d=2 hl=2 l= 0 prim: NULL
|
|
||||||
- 1156:d=1 hl=4 l= 257 prim: BIT STRING
|
|
||||||
+ 480:d=7 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205E0
|
|
||||||
+ 486:d=6 hl=4 l= 261 cons: SEQUENCE
|
|
||||||
+ 490:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
|
|
||||||
+ 495:d=7 hl=3 l= 253 prim: OCTET STRING [HEX DUMP]:3081FA82096C6F63616C686F737482156C6F63616C686F73742E6C6F63616C646F6D61696E810E726F6F74406C6F63616C686F7374811A726F6F74406C6F63616C686F73742E6C6F63616C646F6D61696EA020060A2B060104018237140203A0120C10726F6F74404558414D504C452E434F4DA02E06062B0601050202A0243022A00D1B0B4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74A024060A2B060104018237140203A0160C14726F6F7440464F4F2E4558414D504C452E434F4DA03206062B0601050202A0283026A0111B0F464F4F2E4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74
|
|
||||||
+ 751:d=6 hl=2 l= 29 cons: SEQUENCE
|
|
||||||
+ 753:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
|
|
||||||
+ 758:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030206082B06010505070304
|
|
||||||
+ 782:d=6 hl=2 l= 18 cons: SEQUENCE
|
|
||||||
+ 784:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
|
|
||||||
+ 789:d=7 hl=2 l= 1 prim: BOOLEAN :255
|
|
||||||
+ 792:d=7 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:30060101FF020103
|
|
||||||
+ 802:d=6 hl=2 l= 31 cons: SEQUENCE
|
|
||||||
+ 804:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
|
|
||||||
+ 809:d=7 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014A9993E364706816ABA3E25717850C26C9CD0D89D
|
|
||||||
+ 835:d=6 hl=2 l= 29 cons: SEQUENCE
|
|
||||||
+ 837:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
|
|
||||||
+ 842:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A9993E364706816ABA3E25717850C26C9CD0D89D
|
|
||||||
+ 866:d=6 hl=2 l= 104 cons: SEQUENCE
|
|
||||||
+ 868:d=7 hl=2 l= 8 prim: OBJECT :Authority Information Access
|
|
||||||
+ 878:d=7 hl=2 l= 92 prim: OCTET STRING [HEX DUMP]:305A302B06082B06010505073001861F687474703A2F2F6F6373702D312E6578616D706C652E636F6D3A3132333435302B06082B06010505073001861F687474703A2F2F6F6373702D322E6578616D706C652E636F6D3A3132333435
|
|
||||||
+ 972:d=6 hl=2 l= 93 cons: SEQUENCE
|
|
||||||
+ 974:d=7 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
|
|
||||||
+ 979:d=7 hl=2 l= 86 prim: OCTET STRING [HEX DUMP]:30543028A026A0248622687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F6765743028A026A0248622687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F676574
|
|
||||||
+ 1067:d=6 hl=2 l= 48 cons: SEQUENCE
|
|
||||||
+ 1069:d=7 hl=2 l= 9 prim: OBJECT :Netscape Comment
|
|
||||||
+ 1080:d=7 hl=2 l= 35 prim: OCTET STRING [HEX DUMP]:1621636572746D6F6E6765722067656E65726174656420746869732072657175657374
|
|
||||||
+ 1117:d=1 hl=2 l= 13 cons: SEQUENCE
|
|
||||||
+ 1119:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
|
|
||||||
+ 1130:d=2 hl=2 l= 0 prim: NULL
|
|
||||||
+ 1132:d=1 hl=4 l= 257 prim: BIT STRING
|
|
||||||
Test complete (32 combinations).
|
|
||||||
diff --git a/tests/003-csrgen/expected.out b/tests/003-csrgen/expected.out
|
|
||||||
index 46e010cf..1081a678 100644
|
|
||||||
--- a/tests/003-csrgen/expected.out
|
|
||||||
+++ b/tests/003-csrgen/expected.out
|
|
||||||
@@ -11,8 +11,8 @@ Signature OK
|
|
||||||
minicert.openssl.4096.pem: OK
|
|
||||||
4096 OK.
|
|
||||||
The last CSR (the one with everything) was:
|
|
||||||
- 0:d=0 hl=4 l=1635 cons: SEQUENCE
|
|
||||||
- 4:d=1 hl=4 l=1355 cons: SEQUENCE
|
|
||||||
+ 0:d=0 hl=4 l=1599 cons: SEQUENCE
|
|
||||||
+ 4:d=1 hl=4 l=1319 cons: SEQUENCE
|
|
||||||
8:d=2 hl=2 l= 1 prim: INTEGER :00
|
|
||||||
11:d=2 hl=2 l= 22 cons: SEQUENCE
|
|
||||||
13:d=3 hl=2 l= 20 cons: SET
|
|
||||||
@@ -24,7 +24,7 @@ The last CSR (the one with everything) was:
|
|
||||||
41:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
|
|
||||||
52:d=4 hl=2 l= 0 prim: NULL
|
|
||||||
54:d=3 hl=4 l= 271 prim: BIT STRING
|
|
||||||
- 329:d=2 hl=4 l=1030 cons: cont [ 0 ]
|
|
||||||
+ 329:d=2 hl=4 l= 994 cons: cont [ 0 ]
|
|
||||||
333:d=3 hl=2 l= 52 cons: SEQUENCE
|
|
||||||
335:d=4 hl=2 l= 9 prim: OBJECT :challengePassword
|
|
||||||
346:d=4 hl=2 l= 39 cons: SET
|
|
||||||
@@ -33,64 +33,52 @@ The last CSR (the one with everything) was:
|
|
||||||
389:d=4 hl=2 l= 9 prim: OBJECT :friendlyName
|
|
||||||
400:d=4 hl=2 l= 48 cons: SET
|
|
||||||
402:d=5 hl=2 l= 46 prim: BMPSTRING
|
|
||||||
- 450:d=3 hl=4 l= 909 cons: SEQUENCE
|
|
||||||
+ 450:d=3 hl=4 l= 873 cons: SEQUENCE
|
|
||||||
454:d=4 hl=2 l= 9 prim: OBJECT :Extension Request
|
|
||||||
- 465:d=4 hl=4 l= 894 cons: SET
|
|
||||||
- 469:d=5 hl=4 l= 890 cons: SEQUENCE
|
|
||||||
- 473:d=6 hl=2 l= 14 cons: SEQUENCE
|
|
||||||
+ 465:d=4 hl=4 l= 858 cons: SET
|
|
||||||
+ 469:d=5 hl=4 l= 854 cons: SEQUENCE
|
|
||||||
+ 473:d=6 hl=2 l= 11 cons: SEQUENCE
|
|
||||||
475:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Key Usage
|
|
||||||
- 480:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 483:d=7 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205E0
|
|
||||||
- 489:d=6 hl=4 l= 290 cons: SEQUENCE
|
|
||||||
- 493:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
|
|
||||||
- 498:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 501:d=7 hl=4 l= 278 prim: OCTET STRING [HEX DUMP]:3082011282096C6F63616C686F737482156C6F63616C686F73742E6C6F63616C646F6D61696E810E726F6F74406C6F63616C686F7374811A726F6F74406C6F63616C686F73742E6C6F63616C646F6D61696EA020060A2B060104018237140203A0120C10726F6F74404558414D504C452E434F4DA02E06062B0601050202A0243022A00D1B0B4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74A024060A2B060104018237140203A0160C14726F6F7440464F4F2E4558414D504C452E434F4DA03206062B0601050202A0283026A0111B0F464F4F2E4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F7487047F000001871000000000000000000000000000000001
|
|
||||||
- 783:d=6 hl=2 l= 32 cons: SEQUENCE
|
|
||||||
- 785:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
|
|
||||||
- 790:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 793:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030206082B06010505070304
|
|
||||||
- 817:d=6 hl=2 l= 18 cons: SEQUENCE
|
|
||||||
- 819:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
|
|
||||||
- 824:d=7 hl=2 l= 1 prim: BOOLEAN :255
|
|
||||||
- 827:d=7 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:30060101FF020103
|
|
||||||
- 837:d=6 hl=2 l= 34 cons: SEQUENCE
|
|
||||||
- 839:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
|
|
||||||
- 844:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 847:d=7 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014A9993E364706816ABA3E25717850C26C9CD0D89D
|
|
||||||
- 873:d=6 hl=2 l= 32 cons: SEQUENCE
|
|
||||||
- 875:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
|
|
||||||
- 880:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 883:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A9993E364706816ABA3E25717850C26C9CD0D89D
|
|
||||||
- 907:d=6 hl=2 l= 107 cons: SEQUENCE
|
|
||||||
- 909:d=7 hl=2 l= 8 prim: OBJECT :Authority Information Access
|
|
||||||
- 919:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 922:d=7 hl=2 l= 92 prim: OCTET STRING [HEX DUMP]:305A302B06082B06010505073001861F687474703A2F2F6F6373702D312E6578616D706C652E636F6D3A3132333435302B06082B06010505073001861F687474703A2F2F6F6373702D322E6578616D706C652E636F6D3A3132333435
|
|
||||||
- 1016:d=6 hl=2 l= 96 cons: SEQUENCE
|
|
||||||
- 1018:d=7 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
|
|
||||||
- 1023:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 1026:d=7 hl=2 l= 86 prim: OCTET STRING [HEX DUMP]:30543028A026A0248622687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F6765743028A026A0248622687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F676574
|
|
||||||
- 1114:d=6 hl=2 l= 106 cons: SEQUENCE
|
|
||||||
- 1116:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Freshest CRL
|
|
||||||
- 1121:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 1124:d=7 hl=2 l= 96 prim: OCTET STRING [HEX DUMP]:305E302DA02BA0298627687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F67657464656C7461302DA02BA0298627687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F67657464656C7461
|
|
||||||
- 1222:d=6 hl=2 l= 51 cons: SEQUENCE
|
|
||||||
- 1224:d=7 hl=2 l= 9 prim: OBJECT :Netscape Comment
|
|
||||||
- 1235:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 1238:d=7 hl=2 l= 35 prim: OCTET STRING [HEX DUMP]:1621636572746D6F6E6765722067656E65726174656420746869732072657175657374
|
|
||||||
- 1275:d=6 hl=2 l= 18 cons: SEQUENCE
|
|
||||||
- 1277:d=7 hl=2 l= 9 prim: OBJECT :OCSP No Check
|
|
||||||
- 1288:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 1291:d=7 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:0500
|
|
||||||
- 1295:d=6 hl=2 l= 44 cons: SEQUENCE
|
|
||||||
- 1297:d=7 hl=2 l= 9 prim: OBJECT :1.3.6.1.4.1.311.20.2
|
|
||||||
- 1308:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 1311:d=7 hl=2 l= 28 prim: OCTET STRING [HEX DUMP]:1E1A006300610041007700650073006F006D00650043006500720074
|
|
||||||
- 1341:d=6 hl=2 l= 20 cons: SEQUENCE
|
|
||||||
- 1343:d=7 hl=2 l= 9 prim: OBJECT :Netscape Cert Type
|
|
||||||
- 1354:d=7 hl=2 l= 1 prim: BOOLEAN :0
|
|
||||||
- 1357:d=7 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
|
|
||||||
- 1363:d=1 hl=2 l= 13 cons: SEQUENCE
|
|
||||||
- 1365:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
|
|
||||||
- 1376:d=2 hl=2 l= 0 prim: NULL
|
|
||||||
- 1378:d=1 hl=4 l= 257 prim: BIT STRING
|
|
||||||
+ 480:d=7 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205E0
|
|
||||||
+ 486:d=6 hl=4 l= 287 cons: SEQUENCE
|
|
||||||
+ 490:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Alternative Name
|
|
||||||
+ 495:d=7 hl=4 l= 278 prim: OCTET STRING [HEX DUMP]:3082011282096C6F63616C686F737482156C6F63616C686F73742E6C6F63616C646F6D61696E810E726F6F74406C6F63616C686F7374811A726F6F74406C6F63616C686F73742E6C6F63616C646F6D61696EA020060A2B060104018237140203A0120C10726F6F74404558414D504C452E434F4DA02E06062B0601050202A0243022A00D1B0B4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F74A024060A2B060104018237140203A0160C14726F6F7440464F4F2E4558414D504C452E434F4DA03206062B0601050202A0283026A0111B0F464F4F2E4558414D504C452E434F4DA111300FA003020101A10830061B04726F6F7487047F000001871000000000000000000000000000000001
|
|
||||||
+ 777:d=6 hl=2 l= 29 cons: SEQUENCE
|
|
||||||
+ 779:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Extended Key Usage
|
|
||||||
+ 784:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:301406082B0601050507030206082B06010505070304
|
|
||||||
+ 808:d=6 hl=2 l= 18 cons: SEQUENCE
|
|
||||||
+ 810:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
|
|
||||||
+ 815:d=7 hl=2 l= 1 prim: BOOLEAN :255
|
|
||||||
+ 818:d=7 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:30060101FF020103
|
|
||||||
+ 828:d=6 hl=2 l= 31 cons: SEQUENCE
|
|
||||||
+ 830:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
|
|
||||||
+ 835:d=7 hl=2 l= 24 prim: OCTET STRING [HEX DUMP]:30168014A9993E364706816ABA3E25717850C26C9CD0D89D
|
|
||||||
+ 861:d=6 hl=2 l= 29 cons: SEQUENCE
|
|
||||||
+ 863:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
|
|
||||||
+ 868:d=7 hl=2 l= 22 prim: OCTET STRING [HEX DUMP]:0414A9993E364706816ABA3E25717850C26C9CD0D89D
|
|
||||||
+ 892:d=6 hl=2 l= 104 cons: SEQUENCE
|
|
||||||
+ 894:d=7 hl=2 l= 8 prim: OBJECT :Authority Information Access
|
|
||||||
+ 904:d=7 hl=2 l= 92 prim: OCTET STRING [HEX DUMP]:305A302B06082B06010505073001861F687474703A2F2F6F6373702D312E6578616D706C652E636F6D3A3132333435302B06082B06010505073001861F687474703A2F2F6F6373702D322E6578616D706C652E636F6D3A3132333435
|
|
||||||
+ 998:d=6 hl=2 l= 93 cons: SEQUENCE
|
|
||||||
+ 1000:d=7 hl=2 l= 3 prim: OBJECT :X509v3 CRL Distribution Points
|
|
||||||
+ 1005:d=7 hl=2 l= 86 prim: OCTET STRING [HEX DUMP]:30543028A026A0248622687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F6765743028A026A0248622687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F676574
|
|
||||||
+ 1093:d=6 hl=2 l= 103 cons: SEQUENCE
|
|
||||||
+ 1095:d=7 hl=2 l= 3 prim: OBJECT :X509v3 Freshest CRL
|
|
||||||
+ 1100:d=7 hl=2 l= 96 prim: OCTET STRING [HEX DUMP]:305E302DA02BA0298627687474703A2F2F63726C2D312E6578616D706C652E636F6D3A31323334352F67657464656C7461302DA02BA0298627687474703A2F2F63726C2D322E6578616D706C652E636F6D3A31323334352F67657464656C7461
|
|
||||||
+ 1198:d=6 hl=2 l= 48 cons: SEQUENCE
|
|
||||||
+ 1200:d=7 hl=2 l= 9 prim: OBJECT :Netscape Comment
|
|
||||||
+ 1211:d=7 hl=2 l= 35 prim: OCTET STRING [HEX DUMP]:1621636572746D6F6E6765722067656E65726174656420746869732072657175657374
|
|
||||||
+ 1248:d=6 hl=2 l= 15 cons: SEQUENCE
|
|
||||||
+ 1250:d=7 hl=2 l= 9 prim: OBJECT :OCSP No Check
|
|
||||||
+ 1261:d=7 hl=2 l= 2 prim: OCTET STRING [HEX DUMP]:0500
|
|
||||||
+ 1265:d=6 hl=2 l= 41 cons: SEQUENCE
|
|
||||||
+ 1267:d=7 hl=2 l= 9 prim: OBJECT :1.3.6.1.4.1.311.20.2
|
|
||||||
+ 1278:d=7 hl=2 l= 28 prim: OCTET STRING [HEX DUMP]:1E1A006300610041007700650073006F006D00650043006500720074
|
|
||||||
+ 1308:d=6 hl=2 l= 17 cons: SEQUENCE
|
|
||||||
+ 1310:d=7 hl=2 l= 9 prim: OBJECT :Netscape Cert Type
|
|
||||||
+ 1321:d=7 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:030205A0
|
|
||||||
+ 1327:d=1 hl=2 l= 13 cons: SEQUENCE
|
|
||||||
+ 1329:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
|
|
||||||
+ 1340:d=2 hl=2 l= 0 prim: NULL
|
|
||||||
+ 1342:d=1 hl=4 l= 257 prim: BIT STRING
|
|
||||||
Test complete (69 combinations).
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -10,24 +10,18 @@
|
|||||||
%bcond_without xmlrpc
|
%bcond_without xmlrpc
|
||||||
|
|
||||||
Name: certmonger
|
Name: certmonger
|
||||||
Version: 0.79.13
|
Version: 0.79.17
|
||||||
Release: 5%{?dist}
|
Release: 2%{?dist}
|
||||||
Summary: Certificate status monitor and PKI enrollment client
|
Summary: Certificate status monitor and PKI enrollment client
|
||||||
|
|
||||||
Group: System Environment/Daemons
|
Group: System Environment/Daemons
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
URL: http://pagure.io/certmonger/
|
URL: http://pagure.io/certmonger/
|
||||||
Source0: http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz
|
Source0: http://releases.pagure.org/certmonger/certmonger-%{version}.tar.gz
|
||||||
|
#Source1: http://releases.pagure.org/certmonger/certmonger-%%{version}.tar.gz.sig
|
||||||
|
|
||||||
Patch0001: 0001-Don-t-run-the-002-keygen-tests-when-root.patch
|
Patch0001: 0001-Revert-Remove-the-certmaster-CA-from-the-028-dbus-te.patch
|
||||||
Patch0002: 0002-Revert-Remove-the-certmaster-CA-from-the-028-dbus-te.patch
|
Patch0002: 0002-Don-t-run-the-002-keygen-tests-when-root.patch
|
||||||
Patch0003: 0003-Fix-local-CA-to-work-under-FIPS.patch
|
|
||||||
Patch0004: 0004-Add-SCEP-config-option-to-treat-the-challenge-passwo.patch
|
|
||||||
Patch0005: 0005-Add-NULL-checks-before-string-compares-when-analyzin.patch
|
|
||||||
Patch0006: 0006-Display-not_before-in-getcert-output.patch
|
|
||||||
Patch0007: 0007-Fix-file-descriptor-leak-when-executing-CA-helpers.patch
|
|
||||||
Patch0008: 0008-Use-extensions-template-from-NSS.patch
|
|
||||||
Patch0009: 0009-Use-implicit-empty-FALSE-for-extensions.patch
|
|
||||||
|
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
@ -242,6 +236,15 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Dec 7 2022 Rob Crittenden <rcritten@redhat.com> - 0.79.17-2
|
||||||
|
- Skip the keygen tests when executed as root.
|
||||||
|
|
||||||
|
* Tue Dec 6 2022 Rob Crittenden <rcritten@redhat.com> - 0.79.17-1
|
||||||
|
- Update to upstream 0.79.17 (#2139523)
|
||||||
|
- Certificate format validation when adding the SCEP server's CA (#2150025)
|
||||||
|
- Certmonger SCEP renewal should not use old challenges (#2150030)
|
||||||
|
- certmonger SEGV during rekey in FIPS mode (#2150070)
|
||||||
|
|
||||||
* Mon Oct 18 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.13-5
|
* Mon Oct 18 2021 Rob Crittenden <rcritten@redhat.com> - 0.79.13-5
|
||||||
- certmonger creates CSRs with invalid DER syntax for X509v3 extensions
|
- certmonger creates CSRs with invalid DER syntax for X509v3 extensions
|
||||||
with critical=FALSE (#2012258)
|
with critical=FALSE (#2012258)
|
||||||
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (certmonger-0.79.13.tar.gz) = 4d7f8e1e001991886c4f5d999a906d3adb3900c3667c6a1c808f1f9baaf297693e0d85e25a0ff44e1c7a0eac9495ae346dd1bcd45e823582c9f18cab14ccdc9f
|
SHA512 (certmonger-0.79.17.tar.gz) = ed631cbfc0a757143af912549cecf65346994107f27651022ada8c70f0ed1bac7ee053a99b9a13290b844999710a3207aa0e7718428f3a3b6e5dd0d5db3a88a9
|
||||||
|
Loading…
Reference in New Issue
Block a user