Changeset - 127c506a1427
Parent rev.
Child rev.
[Not reviewed]
0 2 0
Branko Majic (branko) - 5 years ago 2018-11-28 09:17:50
branko@majic.rs
GC-26: Fix wrong issuer DN in client and server certificates:

- Updated tests to generate deeper hierarchy so the issue is more
likely to be triggered.
- Applied necessary fixes (a simple switch to using subject instead of
issuer from the issuer certificate - which should be quite obvious).
2 files changed with 6 insertions and 6 deletions:
gimmecert/crypto.py
2
2
tests/test_crypto.py
4
4
0 comments (0 inline, 0 general)
gimmecert/crypto.py
Show inline comments
 
@@ -241,7 +241,7 @@ def issue_server_certificate(name, public_key, issuer_private_key, issuer_certif
 
    if not_after > issuer_certificate.not_valid_after:
 
        not_after = issuer_certificate.not_valid_after
 

			




	
	
	
		
 
    certificate = issue_certificate(issuer_certificate.issuer, dn, issuer_private_key, public_key, not_before, not_after, extensions)

			




	
	
	
		
 
    certificate = issue_certificate(issuer_certificate.subject, dn, issuer_private_key, public_key, not_before, not_after, extensions)

			




	
	
	
		
 

			




	
	
	
		
 
    return certificate

			




	
	
	
		
 

			




	
	
		
 
@@ -299,7 +299,7 @@ def issue_client_certificate(name, public_key, issuer_private_key, issuer_certif

			




	
	
	
		
 
    if not_after > issuer_certificate.not_valid_after:

			




	
	
	
		
 
        not_after = issuer_certificate.not_valid_after

			




	
	
	
		
 

			




	
	
	
		
 
    certificate = issue_certificate(issuer_certificate.issuer, dn, issuer_private_key, public_key, not_before, not_after, extensions)

			




	
	
	
		
 
    certificate = issue_certificate(issuer_certificate.subject, dn, issuer_private_key, public_key, not_before, not_after, extensions)

			




	
	
	
		
 

			




	
	
	
		
 
    return certificate

			




	
	
	
		
 

			




        

    


    
    

    

        

                

                    tests/test_crypto.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -317,8 +317,8 @@ def test_issue_server_certificate_sets_correct_extensions():

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_issue_server_certificate_has_correct_issuer_and_subject():

			




	
	
	
		
 
    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1)

			




	
	
	
		
 
    issuer_private_key, issuer_certificate = ca_hierarchy[0]

			




	
	
	
		
 
    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 4)

			




	
	
	
		
 
    issuer_private_key, issuer_certificate = ca_hierarchy[3]

			




	
	
	
		
 

			




	
	
	
		
 
    private_key = gimmecert.crypto.generate_private_key()

			




	
	
	
		
 

			




	
	
		
 
@@ -412,8 +412,8 @@ def test_issue_client_certificate_returns_certificate():

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def test_issue_client_certificate_has_correct_issuer_and_subject():

			




	
	
	
		
 
    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 1)

			




	
	
	
		
 
    issuer_private_key, issuer_certificate = ca_hierarchy[0]

			




	
	
	
		
 
    ca_hierarchy = gimmecert.crypto.generate_ca_hierarchy('My Project', 4)

			




	
	
	
		
 
    issuer_private_key, issuer_certificate = ca_hierarchy[3]

			




	
	
	
		
 

			




	
	
	
		
 
    private_key = gimmecert.crypto.generate_private_key()

			




	
	
	
		
 

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.