rpms/certmonger
5
0
Fork 0
Code Issues Pull Requests Releases Activity

check for errors from X509_REQ_to_X509()

Browse Source 
backport a change from git to report X509_REQ_to_X509() failures as
CA-rejected-our-request failures
This commit is contained in:
Nalin Dahyabhai 2012-11-27 18:54:12 -05:00
parent 04733941c2
commit d7b55107b2
2 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
certmonger-x509-req-to-x509.patch
View File

@ -6,11 +6,17 @@ Date: Tue Nov 27 12:18:51 2012 -0500
check for errors from X509_REQ_to_X509()
commit 8a8a95489bb35271542999d07bdd62d7aca177ac
Author: Nalin Dahyabhai <nalin@redhat.com>
Date: Tue Nov 27 18:32:06 2012 -0500
present failure to self-sign as rejection
diff --git a/src/submit-so.c b/src/submit-so.c
index 7ad799e..39c3d33 100644
--- a/src/submit-so.c
+++ b/src/submit-so.c
@@ -117,45 +117,51 @@ cm_submit_so_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
@@ -117,45 +117,52 @@ cm_submit_so_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
cert = X509_REQ_to_X509(req,
0,
pkey);
@ -88,6 +94,7 @@ index 7ad799e..39c3d33 100644
+ cm_log(1, "Error building "
+ "certificate from "
+ "signing request.\n");
+ status = 2;
+ }
- /* finish up */
- X509_sign(cert, pkey,
@ -96,3 +103,17 @@ index 7ad799e..39c3d33 100644
} else {
cm_log(1, "Error reading "
"signing request.\n");
@@ -260,7 +261,12 @@ static int
cm_submit_so_rejected(struct cm_store_entry *entry,
struct cm_submit_state *state)
{
- return -1; /* it never gets rejected */
+ int status;
+ status = cm_subproc_get_exitstatus(entry, state->subproc);
+ if (!WIFEXITED(status) || (WEXITSTATUS(status) != 2)) {
+ return -1; /* it should never get rejected */
+ }
+ return 0;
}
/* Check if the CA was unreachable. */

1
certmonger.spec
View File

@ -206,6 +206,7 @@ exit 0
* Tue Nov 27 2012 Nalin Dahyabhai <nalin@redhat.com> 0.61-3
- backport change from git to not choke if X509_REQ_to_X509() fails when we're
self-signing using OpenSSL
- backport another change from git to represent this as a CA-rejected error
* Mon Sep 24 2012 Nalin Dahyabhai <nalin@redhat.com> 0.61-1
- fix a regression in reading old request tracking files where the