aboutsummaryrefslogtreecommitdiffstats
path: root/debian/patches/Fix-post-issuance-validation-logic.patch
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@debian.org>2024-06-14 01:15:11 +0200
committerGuilhem Moulin <guilhem@debian.org>2024-06-14 01:45:16 +0200
commit80e4e3f08ac66871fd953ab4806e1be6f5f130b0 (patch)
tree58de9fbb220888061d9814e44bd5e7f51d8d2f69 /debian/patches/Fix-post-issuance-validation-logic.patch
parent4340c68fa9626ab3db81dd774f79305dc774a7e6 (diff)
d/gbp.conf: Set 'debian-branch = debian/bookworm'.
Diffstat (limited to 'debian/patches/Fix-post-issuance-validation-logic.patch')
-rw-r--r--debian/patches/Fix-post-issuance-validation-logic.patch35
1 files changed, 26 insertions, 9 deletions
diff --git a/debian/patches/Fix-post-issuance-validation-logic.patch b/debian/patches/Fix-post-issuance-validation-logic.patch
index f5ecbed..1453055 100644
--- a/debian/patches/Fix-post-issuance-validation-logic.patch
+++ b/debian/patches/Fix-post-issuance-validation-logic.patch
@@ -24,10 +24,10 @@ Encrypt's latest recommendations:
Origin: https://git.guilhem.org/lacme/commit/?id=9cb882a468843bf8ce9598de8769d5baaaaae3ea
Bug-Debian: https://bugs.debian.org/1072847
---
- Makefile | 8 ++-----
- lacme | 26 +++++++++++++++++----
- tests/cert-install | 67 ++++++++++++++++++++++++++++++++++++++++++------------
- 3 files changed, 76 insertions(+), 25 deletions(-)
+ Makefile | 8 ++----
+ lacme | 26 +++++++++++++----
+ tests/cert-install | 82 +++++++++++++++++++++++++++++++++++-------------------
+ 3 files changed, 76 insertions(+), 40 deletions(-)
diff --git a/Makefile b/Makefile
index 10e55c5..cb2f4ed 100644
@@ -111,7 +111,7 @@ index 6284c66..86a0516 100755
if (spawn(\%args, 'openssl', 'verify', @options)) {
print STDERR "[$s] Error: Received invalid X.509 certificate from ACME server!\n";
diff --git a/tests/cert-install b/tests/cert-install
-index 4b3e820..4415cdd 100644
+index 4b3e820..c38f3cf 100644
--- a/tests/cert-install
+++ b/tests/cert-install
@@ -28,6 +28,55 @@ EOF
@@ -170,15 +170,32 @@ index 4b3e820..4415cdd 100644
# 'certificate' installs only the leaf certificate
openssl genpkey -algorithm RSA -out /etc/lacme/test1.key
subject="/CN=$(head -c10 /dev/urandom | base32 -w0).$DOMAINNAME"
-@@ -42,6 +91,7 @@ lacme newOrder test1 2>"$STDERR" || fail newOrder test1
+@@ -42,23 +91,9 @@ lacme newOrder test1 2>"$STDERR" || fail newOrder test1
test /etc/lacme/test1.crt -nt /etc/lacme/test1.key
sed -n "0,/^-----END CERTIFICATE-----$/ p" /etc/lacme/test1.crt >/etc/lacme/test1.pem
diff --unified /etc/lacme/test1.crt /etc/lacme/test1.pem
+check_spki /etc/lacme/test1.crt /etc/lacme/test1.key
- check_hash() {
-@@ -70,16 +120,7 @@ EOF
+-check_hash() {
+- local p1="$1" p2 s1 s2
+- s1="$(openssl x509 -noout -hash <"$p1")"
+- for p2 in /usr/share/lacme/ca-certificates.pem.*; do
+- s2="$(openssl x509 -noout -hash <"$p2")"
+- if [ "$s1" = "$s2" ]; then
+- return 0
+- fi
+- done
+- return 1
+-}
+-csplit -f /usr/share/lacme/ca-certificates.pem. /usr/share/lacme/ca-certificates.crt \
+- "/-----BEGIN CERTIFICATE-----/" "{*}"
+-rm -f /usr/share/lacme/ca-certificates.pem.00
+-
+ # 'certificate-chain' appends the chain of trust
+ openssl genpkey -algorithm RSA -out /etc/lacme/test2.key
+ cat >"/etc/lacme/lacme-certs.conf.d/test2.conf" <<- EOF
+@@ -70,16 +105,7 @@ EOF
lacme newOrder test2 2>"$STDERR" || fail newOrder test2
test /etc/lacme/test2.crt -nt /etc/lacme/test2.key
@@ -196,7 +213,7 @@ index 4b3e820..4415cdd 100644
# 'certificate' + 'certificate-chain'
openssl genpkey -algorithm RSA -out /etc/lacme/test3.key
-@@ -94,10 +135,8 @@ EOF
+@@ -94,10 +120,8 @@ EOF
lacme newOrder test3 2>"$STDERR" || fail newOrder test3
test /etc/lacme/test3.pem -nt /etc/lacme/test3.key
test /etc/lacme/test3.crt -nt /etc/lacme/test3.key