rpms
/
certmonger
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import certmonger-0.79.7-3.el8

This commit is contained in:
CentOS Sources 2019-08-02 01:29:55 -04:00 committed by Stepan Oksanichenko
commit aad6b1eaa9
13 changed files with 2957 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.certmonger.metadata Normal file
View File

@ -0,0 +1 @@
f73818aec2b6e1d9765af188547e2c82e644209c SOURCES/certmonger-0.79.7.tar.gz

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/certmonger-0.79.7.tar.gz

293
SOURCES/0001-NSS-crypto-policy-sets-minimum-RSA-and-DSA-key-size-.patch Normal file
View File

@ -0,0 +1,293 @@
From fd17f002b2f4150a1fddc2582a21c6c03933a28a Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 23 Feb 2018 10:43:44 -0500
Subject: [PATCH] NSS crypto policy sets minimum RSA and DSA key size to 2048
Remove keys < 2048 for the NSS tests. This affects some of the
OpenSSL tests as well where they run in a combined loop.
Where it was not invasive to do I left the 1024/1536 for OpenSSL.
---
tests/001-keyiread-dsa/expected.out | 6 +++---
tests/001-keyiread-dsa/run.sh | 2 +-
tests/001-keyiread-rsa/expected.out | 2 --
tests/001-keyiread-rsa/run.sh | 2 +-
tests/001-keyiread/expected.out | 2 --
tests/001-keyiread/run.sh | 2 +-
tests/002-keygen-rsa/expected.out | 6 ------
tests/002-keygen-rsa/run.sh | 2 +-
tests/002-keygen/expected.out | 18 ------------------
tests/002-keygen/run.sh | 2 +-
tests/003-csrgen-rsa/expected.out | 6 ------
tests/003-csrgen-rsa/run.sh | 4 ++--
tests/003-csrgen/expected.out | 8 --------
tests/003-csrgen/run.sh | 4 ++--
tests/004-selfsign-rsa/expected.out | 2 --
tests/004-selfsign-rsa/run.sh | 2 +-
tests/004-selfsign/expected.out | 2 --
tests/004-selfsign/run.sh | 2 +-
18 files changed, 14 insertions(+), 60 deletions(-)
diff --git a/tests/001-keyiread-dsa/expected.out b/tests/001-keyiread-dsa/expected.out
index b09db0ae..50643176 100644
--- a/tests/001-keyiread-dsa/expected.out
+++ b/tests/001-keyiread-dsa/expected.out
@@ -1,4 +1,4 @@
-OK (DSA:1024).
-OK (DSA:1024).
-OK (DSA:1024).
+OK (DSA:2048).
+OK (DSA:2048).
+OK (DSA:2048).
Test complete.
diff --git a/tests/001-keyiread-dsa/run.sh b/tests/001-keyiread-dsa/run.sh
index 9f96b3bc..68f6d1c3 100755
--- a/tests/001-keyiread-dsa/run.sh
+++ b/tests/001-keyiread-dsa/run.sh
@@ -5,7 +5,7 @@ cd "$tmpdir"
source "$srcdir"/functions
initnssdb "$tmpdir"
-for size in 1024 ; do
+for size in 2048 ; do
# Generate a self-signed cert.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
diff --git a/tests/001-keyiread-rsa/expected.out b/tests/001-keyiread-rsa/expected.out
index 727897d1..3daa51f2 100644
--- a/tests/001-keyiread-rsa/expected.out
+++ b/tests/001-keyiread-rsa/expected.out
@@ -1,5 +1,3 @@
-OK (RSA:1024).
-OK (RSA:1536).
OK (RSA:2048).
OK (RSA:3072).
OK (RSA:4096).
diff --git a/tests/001-keyiread-rsa/run.sh b/tests/001-keyiread-rsa/run.sh
index c7b77686..ec31c7c7 100755
--- a/tests/001-keyiread-rsa/run.sh
+++ b/tests/001-keyiread-rsa/run.sh
@@ -5,7 +5,7 @@ cd "$tmpdir"
source "$srcdir"/functions
initnssdb "$tmpdir"
-for size in 1024 1536 2048 3072 4096 ; do
+for size in 2048 3072 4096 ; do
# Generate a self-signed cert.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
diff --git a/tests/001-keyiread/expected.out b/tests/001-keyiread/expected.out
index 727897d1..3daa51f2 100644
--- a/tests/001-keyiread/expected.out
+++ b/tests/001-keyiread/expected.out
@@ -1,5 +1,3 @@
-OK (RSA:1024).
-OK (RSA:1536).
OK (RSA:2048).
OK (RSA:3072).
OK (RSA:4096).
diff --git a/tests/001-keyiread/run.sh b/tests/001-keyiread/run.sh
index ce1428ed..0b31df95 100755
--- a/tests/001-keyiread/run.sh
+++ b/tests/001-keyiread/run.sh
@@ -5,7 +5,7 @@ cd "$tmpdir"
source "$srcdir"/functions
initnssdb "$tmpdir"
-for size in 1024 1536 2048 3072 4096 ; do
+for size in 2048 3072 4096 ; do
# Generate a self-signed cert.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
diff --git a/tests/002-keygen-rsa/expected.out b/tests/002-keygen-rsa/expected.out
index 3e6e9f3c..f7c146d0 100644
--- a/tests/002-keygen-rsa/expected.out
+++ b/tests/002-keygen-rsa/expected.out
@@ -1,9 +1,3 @@
-[nss:1024]
-OK.
-OK (RSA:1024).
-[nss:1536]
-OK.
-OK (RSA:1536).
[nss:2048]
OK.
OK (RSA:2048).
diff --git a/tests/002-keygen-rsa/run.sh b/tests/002-keygen-rsa/run.sh
index 476f4127..c0c59249 100755
--- a/tests/002-keygen-rsa/run.sh
+++ b/tests/002-keygen-rsa/run.sh
@@ -5,7 +5,7 @@ cd "$tmpdir"
source "$srcdir"/functions
initnssdb "$tmpdir"
-for size in 1024 1536 2048 3072 4096 ; do
+for size in 2048 3072 4096 ; do
echo "[nss:$size]"
# Generate a key.
cat > entry.$size <<- EOF
diff --git a/tests/002-keygen/expected.out b/tests/002-keygen/expected.out
index dcd1af06..b8fbea56 100644
--- a/tests/002-keygen/expected.out
+++ b/tests/002-keygen/expected.out
@@ -1,21 +1,3 @@
-[nss:1024]
-OK.
-OK (RSA:1024).
-OK.
-OK (RSA:1024 after RSA:1024).
-OK.
-OK (RSA:1024 after RSA:1024).
-keyi1024
-keyi1024 (candidate (next))
-[nss:1536]
-OK.
-OK (RSA:1536).
-OK.
-OK (RSA:1536 after RSA:1536).
-OK.
-OK (RSA:1536 after RSA:1536).
-keyi1536
-keyi1536 (candidate (next))
[nss:2048]
OK.
OK (RSA:2048).
diff --git a/tests/002-keygen/run.sh b/tests/002-keygen/run.sh
index 08af1523..94230e6f 100755
--- a/tests/002-keygen/run.sh
+++ b/tests/002-keygen/run.sh
@@ -7,7 +7,7 @@ scheme="${scheme:-dbm:}"
source "$srcdir"/functions
initnssdb "$scheme$tmpdir"
-for size in 1024 1536 2048 3072 4096 ; do
+for size in 2048 3072 4096 ; do
echo "[nss:$size]"
# Generate a key.
cat > entry.$size <<- EOF
diff --git a/tests/003-csrgen-rsa/expected.out b/tests/003-csrgen-rsa/expected.out
index c9dec729..def53fe4 100644
--- a/tests/003-csrgen-rsa/expected.out
+++ b/tests/003-csrgen-rsa/expected.out
@@ -1,10 +1,4 @@
pk12util: PKCS12 EXPORT SUCCESSFUL
-1024 OK.
-Signature OK
-pk12util: PKCS12 EXPORT SUCCESSFUL
-1536 OK.
-Signature OK
-pk12util: PKCS12 EXPORT SUCCESSFUL
2048 OK.
Signature OK
pk12util: PKCS12 EXPORT SUCCESSFUL
diff --git a/tests/003-csrgen-rsa/run.sh b/tests/003-csrgen-rsa/run.sh
index 4cd84084..bb8ebecb 100755
--- a/tests/003-csrgen-rsa/run.sh
+++ b/tests/003-csrgen-rsa/run.sh
@@ -5,7 +5,7 @@ cd "$tmpdir"
source "$srcdir"/functions
initnssdb "$tmpdir"
-for size in 1024 1536 2048 3072 4096 ; do
+for size in 2048 3072 4096 ; do
# Build a self-signed certificate.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
@@ -147,7 +147,7 @@ iterate() {
iteration=1
-for size in 1024 ; do
+for size in 2048 ; do
iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment"
done
diff --git a/tests/003-csrgen/expected.out b/tests/003-csrgen/expected.out
index 8e6cac6e..04342c0f 100644
--- a/tests/003-csrgen/expected.out
+++ b/tests/003-csrgen/expected.out
@@ -1,13 +1,5 @@
pk12util: PKCS12 EXPORT SUCCESSFUL
Signature OK
-minicert.openssl.1024.pem: OK
-1024 OK.
-pk12util: PKCS12 EXPORT SUCCESSFUL
-Signature OK
-minicert.openssl.1536.pem: OK
-1536 OK.
-pk12util: PKCS12 EXPORT SUCCESSFUL
-Signature OK
minicert.openssl.2048.pem: OK
2048 OK.
pk12util: PKCS12 EXPORT SUCCESSFUL
diff --git a/tests/003-csrgen/run.sh b/tests/003-csrgen/run.sh
index 7c169ed9..31466b5c 100755
--- a/tests/003-csrgen/run.sh
+++ b/tests/003-csrgen/run.sh
@@ -5,7 +5,7 @@ cd "$tmpdir"
source "$srcdir"/functions
initnssdb "$tmpdir"
-for size in 1024 1536 2048 3072 4096 ; do
+for size in 2048 3072 4096 ; do
# Build a self-signed certificate.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
@@ -199,7 +199,7 @@ iterate() {
iteration=1
-for size in 1024 ; do
+for size in 2048 ; do
iterate "$size" "$subject" "$hostname" "$email" "$principal" "$ku" "$eku" "$challengepassword" "$certfname" "$ca" "$capathlen" "$crldp" "$ocsp" "$nscomment" "$subjectder" "$ipaddress" "$freshestcrl" "$no_ocsp_check" "$profile" "$ns_certtype"
done
diff --git a/tests/004-selfsign-rsa/expected.out b/tests/004-selfsign-rsa/expected.out
index dd5029ec..0eb84ef1 100644
--- a/tests/004-selfsign-rsa/expected.out
+++ b/tests/004-selfsign-rsa/expected.out
@@ -1,5 +1,3 @@
-1024 OK.
-1536 OK.
2048 OK.
3072 OK.
4096 OK.
diff --git a/tests/004-selfsign-rsa/run.sh b/tests/004-selfsign-rsa/run.sh
index 6f9285b6..c1dd4c80 100755
--- a/tests/004-selfsign-rsa/run.sh
+++ b/tests/004-selfsign-rsa/run.sh
@@ -33,7 +33,7 @@ function setupca() {
EOF
}
-for size in 1024 1536 2048 3072 4096 ; do
+for size in 2048 3072 4096 ; do
# Build a self-signed certificate.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
diff --git a/tests/004-selfsign/expected.out b/tests/004-selfsign/expected.out
index dd5029ec..0eb84ef1 100644
--- a/tests/004-selfsign/expected.out
+++ b/tests/004-selfsign/expected.out
@@ -1,5 +1,3 @@
-1024 OK.
-1536 OK.
2048 OK.
3072 OK.
4096 OK.
diff --git a/tests/004-selfsign/run.sh b/tests/004-selfsign/run.sh
index 7bb368ec..eb1df4ee 100755
--- a/tests/004-selfsign/run.sh
+++ b/tests/004-selfsign/run.sh
@@ -43,7 +43,7 @@ function setupca() {
EOF
}
-for size in 1024 1536 2048 3072 4096 ; do
+for size in 2048 3072 4096 ; do
# Build a self-signed certificate.
run_certutil -d "$tmpdir" -S -g $size -n keyi$size \
-s "cn=T$size" -c "cn=T$size" \
--
2.16.2

788
SOURCES/0002-Convert-tests-to-use-python3.patch Normal file
View File

@ -0,0 +1,788 @@
From 653cd0571fe92c9fd4323f93ff23b9720c00fd5f Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 31 Jul 2018 13:09:02 -0400
Subject: [PATCH] Convert tests to use python3
---
tests/028-dbus/expected.out | 32 +-
tests/028-dbus/expected.out.nodsa | 22 +-
tests/028-dbus/prequal.sh | 8 +-
tests/028-dbus/run.sh | 9 +-
tests/028-dbus/runsub.sh | 2 +-
tests/028-dbus/simpleprop.py | 14 +-
tests/028-dbus/walk.py | 392 ++++++++++----------
tests/038-ms-v2-template/extract-extdata.py | 5 +-
8 files changed, 243 insertions(+), 241 deletions(-)
diff --git a/tests/028-dbus/expected.out b/tests/028-dbus/expected.out
index ca3179e..1d8bec4 100644
--- a/tests/028-dbus/expected.out
+++ b/tests/028-dbus/expected.out
@@ -1,5 +1,3 @@
-Certificate in file "${tmpdir}/test.crt" issued by CA and saved.
-Certificate in file "${tmpdir}/test.crt" issued by CA and saved.
[[ getcert ]]
State MONITORING, stuck: no.
Number of certificates and requests being tracked: 1.
@@ -187,13 +185,13 @@ dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA1'), dbus.Object
dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/requests/Request2')], signature=dbus.Signature('o'))
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_key_types ]
-dbus.Array([dbus.String(u'RSA'), dbus.String(u'DSA'), dbus.String(u'EC')], signature=dbus.Signature('s'))
+dbus.Array([dbus.String('RSA'), dbus.String('DSA'), dbus.String('EC')], signature=dbus.Signature('s'))
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_key_storage ]
-dbus.Array([dbus.String(u'NSSDB'), dbus.String(u'FILE')], signature=dbus.Signature('s'))
+dbus.Array([dbus.String('NSSDB'), dbus.String('FILE')], signature=dbus.Signature('s'))
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_cert_storage ]
-dbus.Array([dbus.String(u'NSSDB'), dbus.String(u'FILE')], signature=dbus.Signature('s'))
+dbus.Array([dbus.String('NSSDB'), dbus.String('FILE')], signature=dbus.Signature('s'))
[ /org/fedorahosted/certmonger : org.fedorahosted.certmonger.remove_known_ca ]
OK
@@ -433,19 +431,19 @@ Buddy
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_info ]
-(dbus.String(u'CN=$UUID,CN=Local Signing Authority'), dbus.String(u'$UUID'), dbus.String(u'CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9L), dbus.Array([dbus.String(u'1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s')))
+(dbus.String('CN=$UUID,CN=Local Signing Authority'), dbus.String('$UUID'), dbus.String('CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s')))
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_last_checked ]
recently
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_storage_info ]
-(dbus.String(u'FILE'), dbus.String(u'$tmpdir/test.crt'))
+(dbus.String('FILE'), dbus.String('$tmpdir/test.crt'))
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_csr_data ]
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_csr_info ]
-(dbus.String(u'CN=localhost'), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9L), dbus.Array([dbus.String(u'id-kp-serverAuth')], signature=dbus.Signature('s')))
+(dbus.String('CN=localhost'), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('id-kp-serverAuth')], signature=dbus.Signature('s')))
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_pin ]
@@ -454,19 +452,19 @@ recently
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_storage_info ]
-(dbus.String(u'FILE'), dbus.String(u'$tmpdir/test.key'))
+(dbus.String('FILE'), dbus.String('$tmpdir/test.key'))
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_type_and_size ]
-(dbus.String(u'RSA'), dbus.Int64(512L))
+(dbus.String('RSA'), dbus.Int64(512))
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_monitoring ]
1
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_notification_info ]
-(dbus.String(u'stdout'), dbus.String(u'daemon.notice'))
+(dbus.String('stdout'), dbus.String('daemon.notice'))
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_status ]
-(dbus.String(u'MONITORING'), dbus.Boolean(False))
+(dbus.String('MONITORING'), dbus.Boolean(False))
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_ca ]
/org/fedorahosted/certmonger/cas/CA1
@@ -482,7 +480,7 @@ recently
[ /org/fedorahosted/certmonger/requests/Request2 : org.fedorahosted.certmonger.request.modify ]
1 on /org/fedorahosted/certmonger/requests/Request2
-After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.String(u'1.2.3.4.5.6.7.8.9.10')], signature=dbus.Signature('s'), variant_level=1)
+After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.String('1.2.3.4.5.6.7.8.9.10')], signature=dbus.Signature('s'), variant_level=1)
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.rekey ]
1
@@ -713,7 +711,7 @@ dbus.Array([], signature=dbus.Signature('s'))
</node>
[ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_config_file_path ]
-$tmpdir/cas/20180327134236
+$tmpdir/cas/date
[ /org/fedorahosted/certmonger/cas/CA2: org.fedorahosted.certmonger.ca.get_nickname ]
SelfSign
@@ -828,7 +826,7 @@ dbus.Array([], signature=dbus.Signature('s'))
</node>
[ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_config_file_path ]
-$tmpdir/cas/20180327134236-1
+$tmpdir/cas/date-1
[ /org/fedorahosted/certmonger/cas/CA3: org.fedorahosted.certmonger.ca.get_nickname ]
IPA
@@ -941,7 +939,7 @@ dbus.Array([], signature=dbus.Signature('s'))
</node>
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_config_file_path ]
-$tmpdir/cas/20180327134236-2
+$tmpdir/cas/date-2
[ /org/fedorahosted/certmonger/cas/CA4: org.fedorahosted.certmonger.ca.get_nickname ]
certmaster
@@ -1054,7 +1052,7 @@ dbus.Array([], signature=dbus.Signature('s'))
</node>
[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_config_file_path ]
-$tmpdir/cas/20180327134236-3
+$tmpdir/cas/date-3
[ /org/fedorahosted/certmonger/cas/CA5: org.fedorahosted.certmonger.ca.get_nickname ]
dogtag-ipa-renew-agent
diff --git a/tests/028-dbus/expected.out.nodsa b/tests/028-dbus/expected.out.nodsa
index a23af40..5082ee0 100644
--- a/tests/028-dbus/expected.out.nodsa
+++ b/tests/028-dbus/expected.out.nodsa
@@ -187,13 +187,13 @@ dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/cas/CA1'), dbus.Object
dbus.Array([dbus.ObjectPath('/org/fedorahosted/certmonger/requests/Request2')], signature=dbus.Signature('o'))
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_key_types ]
-dbus.Array([dbus.String(u'RSA'), dbus.String(u'EC')], signature=dbus.Signature('s'))
+dbus.Array([dbus.String('RSA'), dbus.String('EC')], signature=dbus.Signature('s'))
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_key_storage ]
-dbus.Array([dbus.String(u'NSSDB'), dbus.String(u'FILE')], signature=dbus.Signature('s'))
+dbus.Array([dbus.String('NSSDB'), dbus.String('FILE')], signature=dbus.Signature('s'))
[ /org/fedorahosted/certmonger: org.fedorahosted.certmonger.get_supported_cert_storage ]
-dbus.Array([dbus.String(u'NSSDB'), dbus.String(u'FILE')], signature=dbus.Signature('s'))
+dbus.Array([dbus.String('NSSDB'), dbus.String('FILE')], signature=dbus.Signature('s'))
[ /org/fedorahosted/certmonger : org.fedorahosted.certmonger.remove_known_ca ]
OK
@@ -432,19 +432,19 @@ Buddy
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_info ]
-(dbus.String(u'CN=$UUID,CN=Local Signing Authority'), dbus.String(u'$UUID'), dbus.String(u'CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9L), dbus.Array([dbus.String(u'1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s')))
+(dbus.String('CN=$UUID,CN=Local Signing Authority'), dbus.String('$UUID'), dbus.String('CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s')))
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_last_checked ]
recently
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_storage_info ]
-(dbus.String(u'FILE'), dbus.String(u'$tmpdir/test.crt'))
+(dbus.String('FILE'), dbus.String('$tmpdir/test.crt'))
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_csr_data ]
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_csr_info ]
-(dbus.String(u'CN=localhost'), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String(u'host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9L), dbus.Array([dbus.String(u'id-kp-serverAuth')], signature=dbus.Signature('s')))
+(dbus.String('CN=localhost'), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('id-kp-serverAuth')], signature=dbus.Signature('s')))
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_pin ]
@@ -453,19 +453,19 @@ recently
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_storage_info ]
-(dbus.String(u'FILE'), dbus.String(u'$tmpdir/test.key'))
+(dbus.String('FILE'), dbus.String('$tmpdir/test.key'))
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_key_type_and_size ]
-(dbus.String(u'RSA'), dbus.Int64(512L))
+(dbus.String('RSA'), dbus.Int64(512))
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_monitoring ]
1
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_notification_info ]
-(dbus.String(u'stdout'), dbus.String(u'daemon.notice'))
+(dbus.String('stdout'), dbus.String('daemon.notice'))
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_status ]
-(dbus.String(u'MONITORING'), dbus.Boolean(False))
+(dbus.String('MONITORING'), dbus.Boolean(False))
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_ca ]
/org/fedorahosted/certmonger/cas/CA1
@@ -481,7 +481,7 @@ recently
[ /org/fedorahosted/certmonger/requests/Request2 : org.fedorahosted.certmonger.request.modify ]
1 on /org/fedorahosted/certmonger/requests/Request2
-After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.String(u'1.2.3.4.5.6.7.8.9.10')], signature=dbus.Signature('s'), variant_level=1)
+After setting template-eku to 1.2.3.4.5.6.7.8.9.10, we got dbus.Array([dbus.String('1.2.3.4.5.6.7.8.9.10')], signature=dbus.Signature('s'), variant_level=1)
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.rekey ]
1
diff --git a/tests/028-dbus/prequal.sh b/tests/028-dbus/prequal.sh
index e645c19..4fe79c8 100755
--- a/tests/028-dbus/prequal.sh
+++ b/tests/028-dbus/prequal.sh
@@ -9,19 +9,19 @@ if test -z "$DBUSDAEMON" ; then
echo dbus-daemon not found
exit 1
fi
-if ! python -c 'import os' 2> /dev/null ; then
+if ! python3 -c 'import os' 2> /dev/null ; then
echo python not found
exit 1
fi
-if ! python -c 'import dbus' 2> /dev/null ; then
+if ! python3 -c 'import dbus' 2> /dev/null ; then
echo python-dbus not found
exit 1
fi
-if ! python -c 'import xml' 2> /dev/null ; then
+if ! python3 -c 'import xml' 2> /dev/null ; then
echo python-xml not found
exit 1
fi
-if ! python -c 'import xml.etree.ElementTree' 2> /dev/null ; then
+if ! python3 -c 'import xml.etree.ElementTree' 2> /dev/null ; then
echo python-xml does not include etree.ElementTree
exit 1
fi
diff --git a/tests/028-dbus/run.sh b/tests/028-dbus/run.sh
index c468d51..ee90875 100755
--- a/tests/028-dbus/run.sh
+++ b/tests/028-dbus/run.sh
@@ -23,7 +23,7 @@ EOF
$DBUSDAEMON --session --print-address=3 --print-pid=4 --fork 3> $tmpdir/address 4> $tmpdir/pid
if test -s $tmpdir/pid ; then
env DBUS_SESSION_BUS_ADDRESS=`cat $tmpdir/address` \
- $toolsdir/../../src/certmonger-session -n -c $tmpdir/runsub.sh
+ $toolsdir/../../src/certmonger-session -n -c $tmpdir/runsub.sh > /dev/null
fi
kill `cat $tmpdir/pid`
@@ -33,8 +33,8 @@ now=`date +%s`
for i in `seq 240` ; do
recently=$(($now-$i))
tomorrow=$(($now-$i+24*60*60))
- sed -i -e s/^$recently'$/recently/g' -e s/"("$recently"L)"/'(recently)'/g \
- -e s/^$tomorrow'$/tomorrow/g' -e s/"("$tomorrow"L)"/'(tomorrow)'/g $tmpdir/runsub.out
+ sed -i -e s/^$recently'$/recently/g' -e s/"("$recently")"/'(recently)'/g \
+ -e s/^$tomorrow'$/tomorrow/g' -e s/"("$tomorrow")"/'(tomorrow)'/g $tmpdir/runsub.out
done
cat $tmpdir/runsub.out | \
@@ -43,4 +43,5 @@ sed -r -e 's,CN=........-........-........-........,CN=$UUID,g' \
-e "s|$libexecdir|\$libexecdir|g" \
-e "s|$tmpdir|\$tmpdir|g" \
-e "s|expires:.*|expires: sometime|g" \
- -e "s|u'(00)?[0-9a-fA-F]{32}|u'"'$UUID|g'
+ -e "s|'(00)?[0-9a-fA-F]{32}|'"'$UUID|g' \
+ -e "s|cas\/[0-9]{14}|cas\/date|g"
diff --git a/tests/028-dbus/runsub.sh b/tests/028-dbus/runsub.sh
index 3510d79..fe6766c 100755
--- a/tests/028-dbus/runsub.sh
+++ b/tests/028-dbus/runsub.sh
@@ -22,5 +22,5 @@ echo ""
echo "[[ API ]]"
for i in ./*.py ; do
echo "[" `basename "$i"` "]"
- python $i
+ python3 $i
done
diff --git a/tests/028-dbus/simpleprop.py b/tests/028-dbus/simpleprop.py
index e4f937e..35d9591 100644
--- a/tests/028-dbus/simpleprop.py
+++ b/tests/028-dbus/simpleprop.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
import dbus
# Get a handle for the main certmonger interface.
@@ -19,7 +19,7 @@ ca = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
# Toggle the helper a couple of times.
ca_ext_h = o.Get('org.fedorahosted.certmonger.ca', 'external-helper')
-print ca_ext_h, "->",
+print(ca_ext_h, "-> ", end='')
if ca_ext_h.split()[0] == ca_ext_h:
ca_ext_h += ' -k admin@localhost'
@@ -28,7 +28,7 @@ else:
ca.Set('org.fedorahosted.certmonger.ca', 'external-helper', ca_ext_h)
ca_ext_h = o.Get('org.fedorahosted.certmonger.ca', 'external-helper')
-print ca_ext_h, "->",
+print(ca_ext_h, "-> ", end='')
if ca_ext_h.split()[0] == ca_ext_h:
ca_ext_h += ' -k admin@localhost'
@@ -37,20 +37,20 @@ else:
ca.Set('org.fedorahosted.certmonger.ca', 'external-helper', ca_ext_h)
ca_ext_h = o.Get('org.fedorahosted.certmonger.ca', 'external-helper')
-print ca_ext_h
+print(ca_ext_h)
# Toggle the "is-default" value a couple of times.
isdef = ca.Get('org.fedorahosted.certmonger.ca', 'is-default')
-print isdef, "->",
+print(isdef, "-> ", end='')
ca.Set('org.fedorahosted.certmonger.ca', 'is-default', not isdef)
isdef = ca.Get('org.fedorahosted.certmonger.ca', 'is-default')
-print isdef, "->",
+print(isdef, "-> ", end='')
ca.Set('org.fedorahosted.certmonger.ca', 'is-default', not isdef)
isdef = ca.Get('org.fedorahosted.certmonger.ca', 'is-default')
-print isdef
+print(isdef)
cm.remove_known_ca(path)
diff --git a/tests/028-dbus/walk.py b/tests/028-dbus/walk.py
index f60ca93..683d94e 100644
--- a/tests/028-dbus/walk.py
+++ b/tests/028-dbus/walk.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
import dbus
import xml.etree.ElementTree
import os
@@ -9,217 +9,219 @@ bus = dbus.SessionBus()
# Check that reading a property directly produces the same value as reading it via GetAll().
def check_props(objpath, interface):
- o = bus.get_object('org.fedorahosted.certmonger', objpath)
- i = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
- props = i.GetAll(interface)
- for prop in props.keys():
- value = props[prop]
- if value != i.Get(interface, prop):
- print("%s: property %s.%s mismatch (%s, %s)" % (objpath, interface, prop, value, i.Get(interface, prop)))
- return False
- return True
+ o = bus.get_object('org.fedorahosted.certmonger', objpath)
+ i = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
+ props = i.GetAll(interface)
+ for prop in props.keys():
+ value = props[prop]
+ if value != i.Get(interface, prop):
+ print("%s: property %s.%s mismatch (%s, %s)" % (objpath, interface, prop, value, i.Get(interface, prop)))
+ return False
+ return True
# Try to call the method.
def examine_method(objpath, interface, method, idata):
- in_args = 0
- out_args = 0
- o = bus.get_object('org.fedorahosted.certmonger', objpath)
- i = dbus.Interface(o, interface)
- for child in idata.getchildren():
- if child.tag == 'arg':
- if child.get('direction') != 'out':
- in_args = in_args + 1
- else:
- out_args = out_args + 1
- if in_args == 0:
- # Takes no inputs, so just call it.
- m = i.get_dbus_method(method)
- if out_args == 0:
- m()
- print("[ %s: %s.%s ]\n" % (objpath, interface, method))
- elif out_args == 1:
- result = m()
- print("[ %s: %s.%s ]\n%s\n" % (objpath, interface, method, result))
- else:
- result = m()
- print("[ %s: %s.%s ]\n%s\n" % (objpath, interface, method, result))
- elif method == 'Get' or method == 'Set' or method == 'GetAll':
- # We check on properties elsewhere.
- return True
- # Per-method exercise.
- elif method == 'add_known_ca' or method == 'remove_known_ca':
- (result, path) = i.add_known_ca('Test CA', '/usr/bin/env', [])
- if not result:
- print("[ %s : %s.%s ]: add_known_ca error\n" % (objpath, interface, method))
- return False
- result = i.remove_known_ca(path)
- if not result:
- print("[ %s : %s.%s ]: remove_known_ca error\n" % (objpath, interface, method))
- return False
- print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method))
- elif method == 'add_request' or method == 'remove_request':
- tmpdir = os.getenv('TMPDIR')
- if not tmpdir or tmpdir == '':
- tmpdir = '/tmp'
- properties = {
- 'nickname': 'foo',
- 'cert-storage': 'file',
- 'cert-file': tmpdir + "/028-certfile",
- 'key-storage': 'file',
- 'key-file': tmpdir + "/028-keyfile",
- 'template-email': ['root@localhost', 'toor@localhost'],
- }
- (result, path) = i.add_request(properties)
- if not result:
- print("[ %s : %s.%s ]: add_request error\n" % (objpath, interface, method))
- return False
- result = i.remove_request(path)
- if not result:
- print("[ %s : %s.%s ]: remove_request error\n" % (objpath, interface, method))
- return False
- print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method))
- elif method == 'find_ca_by_nickname':
- capath = i.find_ca_by_nickname('local')
- o = bus.get_object('org.fedorahosted.certmonger', capath)
- i = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
- if i.Get('org.fedorahosted.certmonger.ca', 'nickname') != 'local':
- print("[ %s : %s.%s ] error: %s\n" % (objpath, interface, method, i.Get('org.fedorahosted.certmonger.ca', 'nickname')))
- return False
- print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method))
- elif method == 'find_request_by_nickname':
- reqpath = i.find_request_by_nickname('Buddy')
- o = bus.get_object('org.fedorahosted.certmonger', reqpath)
- i = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
- if i.Get('org.fedorahosted.certmonger.request', 'nickname') != 'Buddy':
- print("[ %s : %s.%s ] error: %s\n" % (objpath, interface, method, i.Get('org.fedorahosted.certmonger.request', 'nickname')))
- return False
- print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method))
- elif method == 'modify':
- mods = {}
- propname = "template-eku"
- propval = '1.2.3.4.5.6.7.8.9.10'
- mods[propname] = [propval,]
- status, path = i.modify(mods)
- if not status:
- print("[ %s : %s.%s ] error\n" % (objpath, interface, method))
- return False
- print("[ %s : %s.%s ]\n%d on %s" % (objpath, interface, method, status, path))
- props = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
- prop = props.Get(interface, 'template-eku')
- print("After setting %s to %s, we got %s\n" % (propname, propval, prop))
- else:
- # We're in FIXME territory.
- print('FIXME: need support for "%s"' % method)
- return False
- # If we caused things to start churning, wait for them to settle.
+ in_args = 0
+ out_args = 0
+ o = bus.get_object('org.fedorahosted.certmonger', objpath)
+ i = dbus.Interface(o, interface)
+ for child in idata.getchildren():
+ if child.tag == 'arg':
+ if child.get('direction') != 'out':
+ in_args = in_args + 1
+ else:
+ out_args = out_args + 1
+ if in_args == 0:
+ # Takes no inputs, so just call it.
+ m = i.get_dbus_method(method)
+ if out_args == 0:
+ m()
+ print("[ %s: %s.%s ]\n" % (objpath, interface, method))
+ elif out_args == 1:
+ result = m()
+ print("[ %s: %s.%s ]\n%s\n" % (objpath, interface, method, result))
+ else:
+ result = m()
+ print("[ %s: %s.%s ]\n%s\n" % (objpath, interface, method, result))
+ elif method == 'Get' or method == 'Set' or method == 'GetAll':
+ # We check on properties elsewhere.
+ return True
+ # Per-method exercise.
+ elif method == 'add_known_ca' or method == 'remove_known_ca':
+ (result, path) = i.add_known_ca('Test CA', '/usr/bin/env', [])
+ if not result:
+ print("[ %s : %s.%s ]: add_known_ca error\n" % (objpath, interface, method))
+ return False
+ result = i.remove_known_ca(path)
+ if not result:
+ print("[ %s : %s.%s ]: remove_known_ca error\n" % (objpath, interface, method))
+ return False
+ print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method))
+ elif method == 'add_request' or method == 'remove_request':
+ tmpdir = os.getenv('TMPDIR')
+ if not tmpdir or tmpdir == '':
+ tmpdir = '/tmp'
+ properties = {
+ 'nickname': 'foo',
+ 'cert-storage': 'file',
+ 'cert-file': tmpdir + "/028-certfile",
+ 'key-storage': 'file',
+ 'key-file': tmpdir + "/028-keyfile",
+ 'template-email': ['root@localhost', 'toor@localhost'],
+ }
+ (result, path) = i.add_request(properties)
+ if not result:
+ print("[ %s : %s.%s ]: add_request error\n" % (objpath, interface, method))
+ return False
+ result = i.remove_request(path)
+ if not result:
+ print("[ %s : %s.%s ]: remove_request error\n" % (objpath, interface, method))
+ return False
+ print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method))
+ elif method == 'find_ca_by_nickname':
+ capath = i.find_ca_by_nickname('local')
+ o = bus.get_object('org.fedorahosted.certmonger', capath)
+ i = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
+ if i.Get('org.fedorahosted.certmonger.ca', 'nickname') != 'local':
+ print("[ %s : %s.%s ] error: %s\n" % (objpath, interface, method, i.Get('org.fedorahosted.certmonger.ca', 'nickname')))
+ return False
+ print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method))
+ elif method == 'find_request_by_nickname':
+ reqpath = i.find_request_by_nickname('Buddy')
+ if not reqpath:
+ return False
+ o = bus.get_object('org.fedorahosted.certmonger', reqpath)
+ i = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
+ if i.Get('org.fedorahosted.certmonger.request', 'nickname') != 'Buddy':
+ print("[ %s : %s.%s ] error: %s\n" % (objpath, interface, method, i.Get('org.fedorahosted.certmonger.request', 'nickname')))
+ return False
+ print("[ %s : %s.%s ]\nOK\n" % (objpath, interface, method))
+ elif method == 'modify':
+ mods = {}
+ propname = "template-eku"
+ propval = '1.2.3.4.5.6.7.8.9.10'
+ mods[propname] = [propval,]
+ status, path = i.modify(mods)
+ if not status:
+ print("[ %s : %s.%s ] error\n" % (objpath, interface, method))
+ return False
+ print("[ %s : %s.%s ]\n%d on %s" % (objpath, interface, method, status, path))
+ props = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
+ prop = props.Get(interface, 'template-eku')
+ print("After setting %s to %s, we got %s\n" % (propname, propval, prop))
+ else:
+ # We're in FIXME territory.
+ print('FIXME: need support for "%s"' % method)
+ return False
+ # If we caused things to start churning, wait for them to settle.
if method == 'resubmit':
props = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
prop = props.Get(interface, 'status')
while prop != 'MONITORING':
time.sleep(1)
prop = props.Get(interface, 'status')
- return True
+ return True
def iget(child, proxy, interface, prop):
- value = proxy.Get(interface, prop)
- if not value:
- if child.get('type') == 'b':
- value = False
- elif child.get('type') == 'n' or child.get('type') == 'x':
- value = 0
- elif child.get('type') == 's':
- value = ''
- elif child.get('type') == 'as':
- value = ['']
- else:
- print("%s.%s: %s" % (interface, prop, child.get('type')))
- return False
- return value
+ value = proxy.Get(interface, prop)
+ if not value:
+ if child.get('type') == 'b':
+ value = False
+ elif child.get('type') == 'n' or child.get('type') == 'x':
+ value = 0
+ elif child.get('type') == 's':
+ value = ''
+ elif child.get('type') == 'as':
+ value = ['']
+ else:
+ print("%s.%s: %s" % (interface, prop, child.get('type')))
+ return False
+ return value
def examine_interface(objpath, interface, idata):
- o = bus.get_object('org.fedorahosted.certmonger', objpath)
- i = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
- for child in idata.getchildren():
- if child.tag == 'property':
- prop = child.get('name')
- if child.get('access') == 'read':
- # Check that we can read it.
- value = i.Get(interface, prop)
- elif child.get('access') == 'readwrite':
- if prop == 'external-helper' or prop == 'scep-ca-identifier':
- cai = dbus.Interface(o, 'org.fedorahosted.certmonger.ca')
- if cai.get_type() != 'EXTERNAL':
- print("%s: warning: property %s.%s not settable on this object" % (objpath, interface, prop))
- continue
- # Check that we can read it, tweak it, and then reset it.
- value = iget(child, i, interface, prop)
- i.Set(interface, prop, value)
- newvalue = None
- if child.get('type') == 'b':
- newvalue = not value
- elif child.get('type') == 'n' or child.get('type') == 'x':
- newvalue = value + 1
- elif child.get('type') == 's':
- newvalue = 'x' + value
- elif child.get('type') == 'as':
- newvalue = ['x'] + value
- else:
- print("%s.%s: %s" % (interface, prop, child.get('type')))
- return False
- if newvalue:
- if newvalue == value:
- print("%s: error determining new value: (%s, %s): %s" % (objpath, interface, prop, value))
- return False
- i.Set(interface, prop, newvalue)
- if newvalue != iget(child, i, interface, prop):
- print("%s: property %s.%s not set: (%s, %s)" % (objpath, interface, prop, value, newvalue))
- return False
- i.Set(interface, prop, value)
- if value != iget(child, i, interface, prop):
- print("%s: property %s.%s not reset: (%s, %s)" % (objpath, interface, prop, newvalue, value))
- return False
- elif child.tag == 'method':
- method = child.get('name')
- if not examine_method(objpath, interface, method, child):
- return False
- elif child.tag == 'signal':
- continue
- else:
- print "FIXME: handle child tag %s" % child.tag
- return False
- return True
+ o = bus.get_object('org.fedorahosted.certmonger', objpath)
+ i = dbus.Interface(o, 'org.freedesktop.DBus.Properties')
+ for child in idata.getchildren():
+ if child.tag == 'property':
+ prop = child.get('name')
+ if child.get('access') == 'read':
+ # Check that we can read it.
+ value = i.Get(interface, prop)
+ elif child.get('access') == 'readwrite':
+ if prop == 'external-helper' or prop == 'scep-ca-identifier':
+ cai = dbus.Interface(o, 'org.fedorahosted.certmonger.ca')
+ if cai.get_type() != 'EXTERNAL':
+ print("%s: warning: property %s.%s not settable on this object" % (objpath, interface, prop))
+ continue
+ # Check that we can read it, tweak it, and then reset it.
+ value = iget(child, i, interface, prop)
+ i.Set(interface, prop, value)
+ newvalue = None
+ if child.get('type') == 'b':
+ newvalue = not value
+ elif child.get('type') == 'n' or child.get('type') == 'x':
+ newvalue = value + 1
+ elif child.get('type') == 's':
+ newvalue = 'x' + value
+ elif child.get('type') == 'as':
+ newvalue = ['x'] + value
+ else:
+ print("%s.%s: %s" % (interface, prop, child.get('type')))
+ return False
+ if newvalue:
+ if newvalue == value:
+ print("%s: error determining new value: (%s, %s): %s" % (objpath, interface, prop, value))
+ return False
+ i.Set(interface, prop, newvalue)
+ if newvalue != iget(child, i, interface, prop):
+ print("%s: property %s.%s not set: (%s, %s)" % (objpath, interface, prop, value, newvalue))
+ return False
+ i.Set(interface, prop, value)
+ if value != iget(child, i, interface, prop):
+ print("%s: property %s.%s not reset: (%s, %s)" % (objpath, interface, prop, newvalue, value))
+ return False
+ elif child.tag == 'method':
+ method = child.get('name')
+ if not examine_method(objpath, interface, method, child):
+ return False
+ elif child.tag == 'signal':
+ continue
+ else:
+ print("FIXME: handle child tag %s" % child.tag)
+ return False
+ return True
def examine_object(objpath):
- o = bus.get_object('org.fedorahosted.certmonger', objpath)
- i = dbus.Interface(o, 'org.freedesktop.DBus.Introspectable')
- idata = i.Introspect()
- x = xml.etree.ElementTree.XML(idata)
+ o = bus.get_object('org.fedorahosted.certmonger', objpath)
+ i = dbus.Interface(o, 'org.freedesktop.DBus.Introspectable')
+ idata = i.Introspect()
+ x = xml.etree.ElementTree.XML(idata)
- # Check if the object supports properties interfaces.
- props = False
- for child in x.getchildren():
- if child.tag == 'interface':
- if child.get('name') == 'org.freedesktop.DBus.Properties':
- props = True
+ # Check if the object supports properties interfaces.
+ props = False
+ for child in x.getchildren():
+ if child.tag == 'interface':
+ if child.get('name') == 'org.freedesktop.DBus.Properties':
+ props = True
- # Look at the interfaces and child nodes.
- for child in x.getchildren():
- if child.tag == 'interface':
- if props and not check_props(objpath, child.get('name')):
- return False
- if not examine_interface(objpath, child.get('name'), child):
- return False
- elif child.tag == 'node':
- if objpath == '/':
- childpath = '/' + child.get('name')
- else:
- childpath = objpath + '/' + child.get('name')
- examine_object(childpath)
- else:
- print "FIXME: handle child tag %s" % child.tag
- return False
- return True
+ # Look at the interfaces and child nodes.
+ for child in x.getchildren():
+ if child.tag == 'interface':
+ if props and not check_props(objpath, child.get('name')):
+ return False
+ if not examine_interface(objpath, child.get('name'), child):
+ return False
+ elif child.tag == 'node':
+ if objpath == '/':
+ childpath = '/' + child.get('name')
+ else:
+ childpath = objpath + '/' + child.get('name')
+ examine_object(childpath)
+ else:
+ print("FIXME: handle child tag %s" % child.tag)
+ return False
+ return True
if not examine_object('/'):
- sys.exit(1)
+ sys.exit(1)
sys.exit(0)
diff --git a/tests/038-ms-v2-template/extract-extdata.py b/tests/038-ms-v2-template/extract-extdata.py
index 1a845fd..9f9d910 100755
--- a/tests/038-ms-v2-template/extract-extdata.py
+++ b/tests/038-ms-v2-template/extract-extdata.py
@@ -1,10 +1,11 @@
-#!/usr/bin/python2
+#!/usr/bin/python3
# Given `openssl asn1parse` output of a CSR, look for the V2 Template
# extension and output its data if found. Nonzero exit status if
# not found.
import binascii
+import os
import re
import sys
@@ -21,7 +22,7 @@ for line in sys.stdin:
#
if state == STATE_FOUND and 'OCTET STRING' in line:
result = re.search(r'\[HEX DUMP\]:(\w*)', line)
- sys.stdout.write(binascii.unhexlify(result.group(1)))
+ os.write(1, binascii.unhexlify(result.group(1)))
state = STATE_DONE
break
--
2.17.0

41
SOURCES/0018-clang-more-Dead-assignment.patch Normal file
View File

@ -0,0 +1,41 @@
From 3dee8044adf134462fadb2b135cc965227f1fab9 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 8 Oct 2018 12:48:41 -0400
Subject: [PATCH 18/25] clang: more Dead assignment
---
src/submit-x.c | 5 ++---
src/tdbus.c | 1 -
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/src/submit-x.c b/src/submit-x.c
index fa81e9aa..abebc610 100644
--- a/src/submit-x.c
+++ b/src/submit-x.c
@@ -914,9 +914,8 @@ main(int argc, const char **argv)
/* Maybe we need a ccache. */
if (k5 || (kpname != NULL) || (ktname != NULL)) {
- if (!make_ccache ||
- (cm_submit_x_make_ccache(ktname, kpname, NULL) == 0)) {
- k5 = TRUE;
+ if (make_ccache) {
+ cm_submit_x_make_ccache(ktname, kpname, NULL);
}
}
diff --git a/src/tdbus.c b/src/tdbus.c
index cb0a8ad7..a81b5349 100644
--- a/src/tdbus.c
+++ b/src/tdbus.c
@@ -757,7 +757,6 @@ cm_tdbus_setup_public(struct tevent_context *ec, enum cm_tdbus_type bus_type,
/* Connect to the right bus. */
bus_desc = NULL;
conn = NULL;
- exit_on_disconnect = TRUE;
if (error != NULL) {
dbus_error_init(error);
}
--
2.21.0

321
SOURCES/0019-clang-more-Memory-leaks.patch Normal file
View File

@ -0,0 +1,321 @@
From 0dc90f1783981ac11c3c067c40df88d6315911a6 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 8 Oct 2018 12:53:57 -0400
Subject: [PATCH 19/25] clang: more Memory leaks
Fix leaks in tests/tools/addcinfo.c, dogtag.c and submit-x.c
---
src/dogtag.c | 17 +++++++++++++----
src/getcert.c | 3 ++-
src/store-files.c | 1 +
src/submit-d.c | 6 ++++++
src/submit-x.c | 39 ++++++++++-----------------------------
tests/tools/addcinfo.c | 8 +++++---
6 files changed, 37 insertions(+), 37 deletions(-)
diff --git a/src/dogtag.c b/src/dogtag.c
index 55607f3d..8e3890a5 100644
--- a/src/dogtag.c
+++ b/src/dogtag.c
@@ -117,7 +117,7 @@ main(int argc, const char **argv)
const char *ssldir = NULL, *cainfo = NULL, *capath = NULL;
const char *sslcert = NULL, *sslkey = NULL;
const char *sslpin = NULL, *sslpinfile = NULL;
- const char *csr = NULL, *serial = NULL, *template = NULL;
+ const char *csr = NULL, *csre = NULL, *serial = NULL, *template = NULL;
const char *uid = NULL, *pwd = NULL, *pwdfile = NULL;
const char *udn = NULL, *pin = NULL, *pinfile = NULL;
char *poptarg;
@@ -127,7 +127,7 @@ main(int argc, const char **argv)
} *aoptions = NULL, *soptions = NULL;
size_t num_aoptions = 0, num_soptions = 0, j;
char *savedstate = NULL;
- char *p, *q, *params = NULL, *params2 = NULL;
+ char *p = NULL, *q = NULL, *params = NULL, *params2 = NULL;
const char *lasturl = NULL, *lastparams = NULL;
const char *tmp = NULL, *results = NULL;
struct cm_submit_h_context *hctx;
@@ -537,16 +537,19 @@ main(int argc, const char **argv)
}
poptPrintUsage(pctx, stdout, 0);
free(csr);
+ free(p);
return CM_SUBMIT_STATUS_UNCONFIGURED;
}
- csr = cm_submit_u_url_encode(csr);
+ csre = cm_submit_u_url_encode(csr);
params = talloc_asprintf(ctx,
"profileId=%s&"
"cert_request_type=pkcs10&"
"cert_request=%s&"
"xml=true",
template,
- csr);
+ csre);
+ free(csr);
+ free(csre);
}
/* Check for creds specified as options. */
for (j = 0; j < num_soptions; j++) {
@@ -608,12 +611,16 @@ main(int argc, const char **argv)
printf(_("No agent URL (-A) given, and no default "
"known.\n"));
poptPrintUsage(pctx, stdout, 0);
+ free(p);
+ free(q);
return CM_SUBMIT_STATUS_UNCONFIGURED;
}
if ((sslcert == NULL) || (strlen(sslcert) == 0)) {
printf(_("No agent credentials (-n) given, but they "
"are needed.\n"));
poptPrintUsage(pctx, stdout, 0);
+ free(p);
+ free(q);
return CM_SUBMIT_STATUS_UNCONFIGURED;
}
/* Reading profile defaults for this certificate, then applying
@@ -778,12 +785,14 @@ main(int argc, const char **argv)
lasturl);
}
talloc_free(ctx);
+ free(p);
return CM_SUBMIT_STATUS_UNREACHABLE;
}
if (results == NULL) {
printf(_("Internal error: no response to \"%s?%s\".\n"),
lasturl, lastparams);
talloc_free(ctx);
+ free(p);
return CM_SUBMIT_STATUS_REJECTED;
}
switch (op) {
diff --git a/src/getcert.c b/src/getcert.c
index ddb28de2..0d527ab0 100644
--- a/src/getcert.c
+++ b/src/getcert.c
@@ -4042,11 +4042,12 @@ thumbprint(const char *s, SECOidTag tag, int bits)
}
u = malloc(length);
if (u == NULL) {
+ free(t);
goto done;
}
length = cm_store_base64_to_bin(t, -1, u, length);
+ free(t);
if (PK11_HashBuf(tag, digest, u, length) == SECSuccess) {
- free(t);
t = malloc(bits / 4 + howmany(bits, 32));
if (t != NULL) {
ret = t;
diff --git a/src/store-files.c b/src/store-files.c
index b97ba5ff..4e57ae16 100644
--- a/src/store-files.c
+++ b/src/store-files.c
@@ -573,6 +573,7 @@ cm_store_file_read_lines(void *parent, FILE *fp)
lines = tlines;
}
}
+ free(buf);
return lines;
}
diff --git a/src/submit-d.c b/src/submit-d.c
index 5a4edb3f..36cc9828 100644
--- a/src/submit-d.c
+++ b/src/submit-d.c
@@ -1204,6 +1204,9 @@ restart:
} else {
printf("Error %d.\n", c);
}
+ if (defaults != nodefault) {
+ free(defaults);
+ }
return 1;
}
result = cm_submit_h_results(hctx, NULL) ?: "";
@@ -1365,6 +1368,9 @@ restart:
/* never reached */
break;
}
+ if (defaults != nodefault) {
+ free(defaults);
+ }
return 0;
}
#endif
diff --git a/src/submit-x.c b/src/submit-x.c
index abebc610..58d007ef 100644
--- a/src/submit-x.c
+++ b/src/submit-x.c
@@ -45,14 +45,17 @@ get_error_message(krb5_context ctx, krb5_error_code kcode)
{
const char *ret;
#ifdef HAVE_KRB5_GET_ERROR_MESSAGE
- ret = ctx ? krb5_get_error_message(ctx, kcode) : NULL;
- if (ret == NULL) {
- ret = error_message(kcode);
+ if (ctx) {
+ const char *msg = krb5_get_error_message(ctx, kcode);
+ ret = strdup(msg);
+ krb5_free_error_message(ctx, msg);
+ } else {
+ ret = strdup(error_message(kcode));
}
#else
- ret = error_message(kcode);
+ ret = strdup(error_message(kcode));
#endif
- return strdup(ret);
+ return ret;
}
char *
@@ -75,8 +78,6 @@ cm_submit_x_ccache_realm(char **msg)
ret = get_error_message(ctx, kret));
if (msg != NULL) {
*msg = ret;
- } else {
- free(ret);
}
return NULL;
}
@@ -86,8 +87,6 @@ cm_submit_x_ccache_realm(char **msg)
ret = get_error_message(ctx, kret));
if (msg != NULL) {
*msg = ret;
- } else {
- free(ret);
}
return NULL;
}
@@ -97,8 +96,6 @@ cm_submit_x_ccache_realm(char **msg)
ret = get_error_message(ctx, kret));
if (msg != NULL) {
*msg = ret;
- } else {
- free(ret);
}
return NULL;
}
@@ -106,7 +103,7 @@ cm_submit_x_ccache_realm(char **msg)
if (data == NULL) {
fprintf(stderr, "Error retrieving principal realm.\n");
if (msg != NULL) {
- *msg = "Error retrieving principal realm.\n";
+ *msg = strdup("Error retrieving principal realm.\n");
}
return NULL;
}
@@ -114,7 +111,7 @@ cm_submit_x_ccache_realm(char **msg)
if (ret == NULL) {
fprintf(stderr, "Out of memory for principal realm.\n");
if (msg != NULL) {
- *msg = "Out of memory for principal realm.\n";
+ *msg = strdup("Out of memory for principal realm.\n");
}
return NULL;
}
@@ -145,8 +142,6 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
fprintf(stderr, "Error initializing Kerberos: %s.\n", ret);
if (msg != NULL) {
*msg = ret;
- } else {
- free(ret);
}
return kret;
}
@@ -160,8 +155,6 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
ret = get_error_message(ctx, kret));
if (msg != NULL) {
*msg = ret;
- } else {
- free(ret);
}
return kret;
}
@@ -173,8 +166,6 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
principal, ret = get_error_message(ctx, kret));
if (msg != NULL) {
*msg = ret;
- } else {
- free(ret);
}
return kret;
}
@@ -186,8 +177,6 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
ret = get_error_message(ctx, kret));
if (msg != NULL) {
*msg = ret;
- } else {
- free(ret);
}
return kret;
}
@@ -209,8 +198,6 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
ret = get_error_message(ctx, kret));
if (msg != NULL) {
*msg = ret;
- } else {
- free(ret);
}
return kret;
}
@@ -229,8 +216,6 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
ret = get_error_message(ctx, kret));
if (msg != NULL) {
*msg = ret;
- } else {
- free(ret);
}
return kret;
}
@@ -245,8 +230,6 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
ret = get_error_message(ctx, kret));
if (msg != NULL) {
*msg = ret;
- } else {
- free(ret);
}
return kret;
}
@@ -257,8 +240,6 @@ cm_submit_x_make_ccache(const char *ktname, const char *principal, char **msg)
ret = get_error_message(ctx, kret));
if (msg != NULL) {
*msg = ret;
- } else {
- free(ret);
}
return kret;
}
diff --git a/tests/tools/addcinfo.c b/tests/tools/addcinfo.c
index 939005c2..e34612a5 100644
--- a/tests/tools/addcinfo.c
+++ b/tests/tools/addcinfo.c
@@ -63,7 +63,7 @@ content_info_template[] = {
int
main(int argc, char **argv)
{
- unsigned char *buffer = NULL, buf[BUFSIZ];
+ unsigned char *buffer = NULL, *newbuffer = NULL, buf[BUFSIZ];
int i, n = 0;
unsigned int j;
SECItem encoded;
@@ -73,11 +73,13 @@ main(int argc, char **argv)
cm_log_set_method(cm_log_stderr);
cm_log_set_level(3);
while ((i = read(STDIN_FILENO, buf, sizeof(buf))) > 0) {
- buffer = realloc(buffer, n + i);
- if (buffer == NULL) {
+ newbuffer = realloc(buffer, n + i);
+ if (newbuffer == NULL) {
+ free(buffer);
cm_log(0, "Out of memory.\n");
return 1;
}
+ buffer = newbuffer;
memcpy(buffer + n, buf, i);
n += i;
}
--
2.21.0

29
SOURCES/0020-clang-Avoid-buffer-overflow.patch Normal file
View File

@ -0,0 +1,29 @@
From 6b14979cdb7a177e7c5567faa67449dd1365c1b9 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 8 Oct 2018 13:16:08 -0400
Subject: [PATCH 20/25] clang: Avoid buffer overflow
This shouldn't be possible because the caller would never allow
it all to be passed in but quiet static analyzers.
---
src/getcert.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/getcert.c b/src/getcert.c
index 0d527ab0..bbc45479 100644
--- a/src/getcert.c
+++ b/src/getcert.c
@@ -1839,8 +1839,8 @@ set_tracking(const char *argv0, const char *category,
enum cm_tdbus_type bus = CM_DBUS_DEFAULT_BUS;
DBusMessage *req, *rep;
const char *request, *capath;
- struct cm_tdbusm_dict param[28];
- const struct cm_tdbusm_dict *params[29];
+ struct cm_tdbusm_dict param[30];
+ const struct cm_tdbusm_dict *params[30];
char *nss_scheme, *dbdir = NULL, *token = NULL, *nickname = NULL;
char **anchor_dbs = NULL, **anchor_files = NULL;
char *id = NULL, *new_id = NULL, *new_request;
--
2.21.0

43
SOURCES/0021-clang-Garbage-value-possible.patch Normal file
View File

@ -0,0 +1,43 @@
From 3727376f8654f9e1dd88b1f9721124f9fc96ad0a Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 8 Oct 2018 14:44:05 -0400
Subject: [PATCH 21/25] clang: Garbage value possible
Need to add guard so that error was only considered if the
certificate was decodable and an import was attempted.
---
src/certsave-n.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/certsave-n.c b/src/certsave-n.c
index 972a1dfa..30e242c1 100644
--- a/src/certsave-n.c
+++ b/src/certsave-n.c
@@ -498,6 +498,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
}
}
/* Import the certificate. */
+ error = SECFailure;
newcert = CERT_DecodeCertFromPackage((char *)item->data, item->len);
if (newcert != NULL) {
error = PK11_ImportCert(sle->slot,
@@ -506,7 +507,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
entry->cm_cert_nickname,
PR_FALSE);
}
- if (error == SECSuccess) {
+ if ((newcert != NULL) && (error == SECSuccess)) {
cm_log(1, "Imported certificate with "
"nickname \"%s\".\n",
entry->cm_cert_nickname);
@@ -581,6 +582,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
CERT_DestroyCertList(certlist);
}
} else {
+ ec = PORT_GetError();
if (ec != 0) {
es = PR_ErrorToName(ec);
} else {
--
2.21.0

25
SOURCES/0022-Uninitialized-variable.patch Normal file
View File

@ -0,0 +1,25 @@
From a5c7484a00b378290069ab57c1f2e52719cc91c0 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 8 Oct 2018 14:48:43 -0400
Subject: [PATCH 22/25] Uninitialized variable
---
src/csrgen-o.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/csrgen-o.c b/src/csrgen-o.c
index 402284ff..41b4f014 100644
--- a/src/csrgen-o.c
+++ b/src/csrgen-o.c
@@ -181,7 +181,7 @@ cm_csrgen_o_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
BIGNUM *serialbn;
char buf[LINE_MAX], *s, *nickname, *pin, *password, *filename;
unsigned char *extensions, *upassword, *bmp, *name, *up, *uq, md[CM_DIGEST_MAX];
- char *spkidec, *mcb64, *nows;
+ char *spkidec = NULL, *mcb64, *nows;
const char *default_cn = CM_DEFAULT_CERT_SUBJECT_CN, *spkihex = NULL;
const unsigned char *nametmp;
struct tm *now;
--
2.21.0

39
SOURCES/0023-merge-into-clang-more-Memory-leaks.patch Normal file
View File

@ -0,0 +1,39 @@
From 432f843ffbc0bc0b14c0501b26a10e450c5b5fcc Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 8 Oct 2018 15:43:02 -0400
Subject: [PATCH 23/25] merge into clang: more Memory leaks
---
src/getcert.c | 2 +-
src/submit-x.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/getcert.c b/src/getcert.c
index bbc45479..4713dd15 100644
--- a/src/getcert.c
+++ b/src/getcert.c
@@ -4040,7 +4040,7 @@ thumbprint(const char *s, SECOidTag tag, int bits)
if (length == 0) {
goto done;
}
- u = malloc(length);
+ u = malloc(length+1);
if (u == NULL) {
free(t);
goto done;
diff --git a/src/submit-x.c b/src/submit-x.c
index 58d007ef..467e67e4 100644
--- a/src/submit-x.c
+++ b/src/submit-x.c
@@ -43,7 +43,7 @@
static char *
get_error_message(krb5_context ctx, krb5_error_code kcode)
{
- const char *ret;
+ char *ret;
#ifdef HAVE_KRB5_GET_ERROR_MESSAGE
if (ctx) {
const char *msg = krb5_get_error_message(ctx, kcode);
--
2.21.0

24
SOURCES/0024-Add-missing-return-type-declaration.patch Normal file
View File

@ -0,0 +1,24 @@
From d610317f69687d0c6892209d3cb6e3c407af4d86 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 8 Oct 2018 15:44:07 -0400
Subject: [PATCH 24/25] Add missing return type declaration
---
src/tdbush.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/tdbush.c b/src/tdbush.c
index d1bbe4da..a10a1aff 100644
--- a/src/tdbush.c
+++ b/src/tdbush.c
@@ -2129,6 +2129,7 @@ ca_get_serial(DBusConnection *conn, DBusMessage *msg,
}
/* org.fedorahosted.certonger.ca.get_config_file_path */
+static DBusHandlerResult
ca_get_config_file_path(DBusConnection *conn, DBusMessage *msg,
struct cm_client_info *ci, struct cm_context *ctx)
{
--
2.21.0

43
SOURCES/0025-Discards-const-qualifier.patch Normal file
View File

@ -0,0 +1,43 @@
From c16545915ab280e40eefc6bfb4e86d081f20c758 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 8 Oct 2018 15:46:50 -0400
Subject: [PATCH 25/25] Discards const qualifier
---
src/dogtag.c | 3 ++-
src/scep.c | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/dogtag.c b/src/dogtag.c
index 8e3890a5..962a8bf4 100644
--- a/src/dogtag.c
+++ b/src/dogtag.c
@@ -117,9 +117,10 @@ main(int argc, const char **argv)
const char *ssldir = NULL, *cainfo = NULL, *capath = NULL;
const char *sslcert = NULL, *sslkey = NULL;
const char *sslpin = NULL, *sslpinfile = NULL;
- const char *csr = NULL, *csre = NULL, *serial = NULL, *template = NULL;
+ const char *serial = NULL, *template = NULL;
const char *uid = NULL, *pwd = NULL, *pwdfile = NULL;
const char *udn = NULL, *pin = NULL, *pinfile = NULL;
+ char *csr = NULL, *csre = NULL;
char *poptarg;
struct {
char *name;
diff --git a/src/scep.c b/src/scep.c
index b0bd214b..b37711cf 100644
--- a/src/scep.c
+++ b/src/scep.c
@@ -204,7 +204,8 @@ main(int argc, const char **argv)
int prefer_non_renewal = 0, can_renewal = 0;
int response_code = 0, response_code2 = 0;
enum known_ops op = op_unset;
- const char *id = NULL, *cainfo = NULL;
+ const char *id = NULL;
+ char *cainfo = NULL;
char *poptarg;
char *message = NULL, *rekey_message = NULL;
const char *mode = NULL, *content_type = NULL, *content_type2 = NULL;
--
2.21.0

1309
SPECS/certmonger.spec Normal file
View File

File diff suppressed because it is too large Load Diff