diff options
author | Guilhem Moulin <guilhem@debian.org> | 2024-06-14 01:15:11 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@debian.org> | 2024-06-14 01:45:16 +0200 |
commit | 80e4e3f08ac66871fd953ab4806e1be6f5f130b0 (patch) | |
tree | 58de9fbb220888061d9814e44bd5e7f51d8d2f69 /debian/patches/Fix-post-issuance-validation-logic.patch | |
parent | 4340c68fa9626ab3db81dd774f79305dc774a7e6 (diff) |
d/gbp.conf: Set 'debian-branch = debian/bookworm'.
Diffstat (limited to 'debian/patches/Fix-post-issuance-validation-logic.patch')
-rw-r--r-- | debian/patches/Fix-post-issuance-validation-logic.patch | 35 |
1 files changed, 26 insertions, 9 deletions
diff --git a/debian/patches/Fix-post-issuance-validation-logic.patch b/debian/patches/Fix-post-issuance-validation-logic.patch index f5ecbed..1453055 100644 --- a/debian/patches/Fix-post-issuance-validation-logic.patch +++ b/debian/patches/Fix-post-issuance-validation-logic.patch @@ -24,10 +24,10 @@ Encrypt's latest recommendations: Origin: https://git.guilhem.org/lacme/commit/?id=9cb882a468843bf8ce9598de8769d5baaaaae3ea Bug-Debian: https://bugs.debian.org/1072847 --- - Makefile | 8 ++----- - lacme | 26 +++++++++++++++++---- - tests/cert-install | 67 ++++++++++++++++++++++++++++++++++++++++++------------ - 3 files changed, 76 insertions(+), 25 deletions(-) + Makefile | 8 ++---- + lacme | 26 +++++++++++++---- + tests/cert-install | 82 +++++++++++++++++++++++++++++++++++------------------- + 3 files changed, 76 insertions(+), 40 deletions(-) diff --git a/Makefile b/Makefile index 10e55c5..cb2f4ed 100644 @@ -111,7 +111,7 @@ index 6284c66..86a0516 100755 if (spawn(\%args, 'openssl', 'verify', @options)) { print STDERR "[$s] Error: Received invalid X.509 certificate from ACME server!\n"; diff --git a/tests/cert-install b/tests/cert-install -index 4b3e820..4415cdd 100644 +index 4b3e820..c38f3cf 100644 --- a/tests/cert-install +++ b/tests/cert-install @@ -28,6 +28,55 @@ EOF @@ -170,15 +170,32 @@ index 4b3e820..4415cdd 100644 # 'certificate' installs only the leaf certificate openssl genpkey -algorithm RSA -out /etc/lacme/test1.key subject="/CN=$(head -c10 /dev/urandom | base32 -w0).$DOMAINNAME" -@@ -42,6 +91,7 @@ lacme newOrder test1 2>"$STDERR" || fail newOrder test1 +@@ -42,23 +91,9 @@ lacme newOrder test1 2>"$STDERR" || fail newOrder test1 test /etc/lacme/test1.crt -nt /etc/lacme/test1.key sed -n "0,/^-----END CERTIFICATE-----$/ p" /etc/lacme/test1.crt >/etc/lacme/test1.pem diff --unified /etc/lacme/test1.crt /etc/lacme/test1.pem +check_spki /etc/lacme/test1.crt /etc/lacme/test1.key - check_hash() { -@@ -70,16 +120,7 @@ EOF +-check_hash() { +- local p1="$1" p2 s1 s2 +- s1="$(openssl x509 -noout -hash <"$p1")" +- for p2 in /usr/share/lacme/ca-certificates.pem.*; do +- s2="$(openssl x509 -noout -hash <"$p2")" +- if [ "$s1" = "$s2" ]; then +- return 0 +- fi +- done +- return 1 +-} +-csplit -f /usr/share/lacme/ca-certificates.pem. /usr/share/lacme/ca-certificates.crt \ +- "/-----BEGIN CERTIFICATE-----/" "{*}" +-rm -f /usr/share/lacme/ca-certificates.pem.00 +- + # 'certificate-chain' appends the chain of trust + openssl genpkey -algorithm RSA -out /etc/lacme/test2.key + cat >"/etc/lacme/lacme-certs.conf.d/test2.conf" <<- EOF +@@ -70,16 +105,7 @@ EOF lacme newOrder test2 2>"$STDERR" || fail newOrder test2 test /etc/lacme/test2.crt -nt /etc/lacme/test2.key @@ -196,7 +213,7 @@ index 4b3e820..4415cdd 100644 # 'certificate' + 'certificate-chain' openssl genpkey -algorithm RSA -out /etc/lacme/test3.key -@@ -94,10 +135,8 @@ EOF +@@ -94,10 +120,8 @@ EOF lacme newOrder test3 2>"$STDERR" || fail newOrder test3 test /etc/lacme/test3.pem -nt /etc/lacme/test3.key test /etc/lacme/test3.crt -nt /etc/lacme/test3.key |