whoops, no longer necessary

certmonger-x509-req-to-x509.patch

@@ -1,119 +0,0 @@
-Backported from master.
-
-commit 254a4b852a7c4c3cec4e99a0ae485a497fe09760
-Author: Nalin Dahyabhai <nalin@redhat.com>
-Date:   Tue Nov 27 12:18:51 2012 -0500
-
-    check for errors from X509_REQ_to_X509()
-
-commit 8a8a95489bb35271542999d07bdd62d7aca177ac
-Author: Nalin Dahyabhai <nalin@redhat.com>
-Date:   Tue Nov 27 18:32:06 2012 -0500
-
-    present failure to self-sign as rejection
-
-diff --git a/src/submit-so.c b/src/submit-so.c
-index 7ad799e..39c3d33 100644
---- a/src/submit-so.c
-+++ b/src/submit-so.c
-@@ -117,45 +117,52 @@ cm_submit_so_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
- 							cert = X509_REQ_to_X509(req,
- 										0,
- 										pkey);
--							ASN1_TIME_set(cert->cert_info->validity->notBefore, now);
--							ASN1_TIME_set(cert->cert_info->validity->notAfter, now + life);
--							X509_set_version(cert, 2);
--							/* set the serial number */
--							cm_log(3, "Setting certificate serial number \"%s\".\n",
--							       ca->cm_ca_internal_serial);
--							serial = cm_store_serial_to_der(ca, ca->cm_ca_internal_serial);
--							seriall = strlen(serial) / 2;
--							seriald = talloc_size(ca, seriall);
--							cm_store_hex_to_bin(serial, seriald, seriall);
--							serialtmp = seriald;
--							seriali = d2i_ASN1_INTEGER(NULL, &serialtmp, seriall);
--							X509_set_serialNumber(cert, seriali);
-+							if (cert != NULL) {
-+								ASN1_TIME_set(cert->cert_info->validity->notBefore, now);
-+								ASN1_TIME_set(cert->cert_info->validity->notAfter, now + life);
-+								X509_set_version(cert, 2);
-+								/* set the serial number */
-+								cm_log(3, "Setting certificate serial number \"%s\".\n",
-+								       ca->cm_ca_internal_serial);
-+								serial = cm_store_serial_to_der(ca, ca->cm_ca_internal_serial);
-+								seriall = strlen(serial) / 2;
-+								seriald = talloc_size(ca, seriall);
-+								cm_store_hex_to_bin(serial, seriald, seriall);
-+								serialtmp = seriald;
-+								seriali = d2i_ASN1_INTEGER(NULL, &serialtmp, seriall);
-+								X509_set_serialNumber(cert, seriali);
- #ifdef HAVE_UUID
--							if (cm_prefs_populate_unique_id()) {
--								if (cm_submit_uuid_new(uuid) == 0) {
--									cert->cert_info->subjectUID = M_ASN1_BIT_STRING_new();
--									if (cert->cert_info->subjectUID != NULL) {
--										ASN1_BIT_STRING_set(cert->cert_info->subjectUID, uuid, 16);
--										cert->cert_info->issuerUID = M_ASN1_BIT_STRING_new();
--										if (cert->cert_info->issuerUID != NULL) {
--											ASN1_BIT_STRING_set(cert->cert_info->issuerUID, uuid, 16);
-+								if (cm_prefs_populate_unique_id()) {
-+									if (cm_submit_uuid_new(uuid) == 0) {
-+										cert->cert_info->subjectUID = M_ASN1_BIT_STRING_new();
-+										if (cert->cert_info->subjectUID != NULL) {
-+											ASN1_BIT_STRING_set(cert->cert_info->subjectUID, uuid, 16);
-+											cert->cert_info->issuerUID = M_ASN1_BIT_STRING_new();
-+											if (cert->cert_info->issuerUID != NULL) {
-+												ASN1_BIT_STRING_set(cert->cert_info->issuerUID, uuid, 16);
-+											}
- 										}
- 									}
- 								}
--							}
- #endif
--							/* add basic constraints */
--							cert->cert_info->extensions = X509_REQ_get_extensions(req);
--							basicl = strlen(CM_BASIC_CONSTRAINT_NOT_CA) / 2;
--							basicd = talloc_size(ca, basicl);
--							cm_store_hex_to_bin(CM_BASIC_CONSTRAINT_NOT_CA, basicd, basicl);
--							basictmp = basicd;
--							basic = d2i_BASIC_CONSTRAINTS(NULL, &basictmp, basicl);
--							X509_add1_ext_i2d(cert, NID_basic_constraints, basic, 1, 0);
-+								/* add basic constraints */
-+								cert->cert_info->extensions = X509_REQ_get_extensions(req);
-+								basicl = strlen(CM_BASIC_CONSTRAINT_NOT_CA) / 2;
-+								basicd = talloc_size(ca, basicl);
-+								cm_store_hex_to_bin(CM_BASIC_CONSTRAINT_NOT_CA, basicd, basicl);
-+								basictmp = basicd;
-+								basic = d2i_BASIC_CONSTRAINTS(NULL, &basictmp, basicl);
-+								X509_add1_ext_i2d(cert, NID_basic_constraints, basic, 1, 0);
-+								/* finish up */
-+								X509_sign(cert, pkey,
-+									  cm_prefs_ossl_hash());
-+								status = 0;
-+							} else {
-+								cm_log(1, "Error building "
-+								       "certificate from "
-+								       "signing request.\n");
-+								status = 2;
-+ 							}
--							/* finish up */
--							X509_sign(cert, pkey,
--								  cm_prefs_ossl_hash());
--							status = 0;
- 						} else {
- 							cm_log(1, "Error reading "
- 							       "signing request.\n");
-@@ -260,7 +261,12 @@ static int
- cm_submit_so_rejected(struct cm_store_entry *entry,
- 		      struct cm_submit_state *state)
- {
--	return -1; /* it never gets rejected */
-+	int status;
-+	status = cm_subproc_get_exitstatus(entry, state->subproc);
-+	if (!WIFEXITED(status) || (WEXITSTATUS(status) != 2)) {
-+		return -1; /* it should never get rejected */
-+	}
-+	return 0;
- }
- 
- /* Check if the CA was unreachable. */