diff options
Diffstat (limited to 'debian/patches')
| -rw-r--r-- | debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch | 2 | ||||
| -rw-r--r-- | debian/patches/Fix-post-issuance-validation-logic.patch | 35 | 
2 files changed, 27 insertions, 10 deletions
| diff --git a/debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch b/debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch index 0065c39..af9d7f8 100644 --- a/debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch +++ b/debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch @@ -40,7 +40,7 @@ index e79a528..a3ad707 100644   # vim: set filetype=sh :  diff --git a/tests/cert-install b/tests/cert-install -index 4415cdd..03360fd 100644 +index c38f3cf..279309f 100644  --- a/tests/cert-install  +++ b/tests/cert-install  @@ -79,7 +79,7 @@ check_chain() { diff --git a/debian/patches/Fix-post-issuance-validation-logic.patch b/debian/patches/Fix-post-issuance-validation-logic.patch index f5ecbed..1453055 100644 --- a/debian/patches/Fix-post-issuance-validation-logic.patch +++ b/debian/patches/Fix-post-issuance-validation-logic.patch @@ -24,10 +24,10 @@ Encrypt's latest recommendations:  Origin: https://git.guilhem.org/lacme/commit/?id=9cb882a468843bf8ce9598de8769d5baaaaae3ea  Bug-Debian: https://bugs.debian.org/1072847  --- - Makefile           |  8 ++----- - lacme              | 26 +++++++++++++++++---- - tests/cert-install | 67 ++++++++++++++++++++++++++++++++++++++++++------------ - 3 files changed, 76 insertions(+), 25 deletions(-) + Makefile           |  8 ++---- + lacme              | 26 +++++++++++++---- + tests/cert-install | 82 +++++++++++++++++++++++++++++++++++------------------- + 3 files changed, 76 insertions(+), 40 deletions(-)  diff --git a/Makefile b/Makefile  index 10e55c5..cb2f4ed 100644 @@ -111,7 +111,7 @@ index 6284c66..86a0516 100755               if (spawn(\%args, 'openssl', 'verify', @options)) {                   print STDERR "[$s] Error: Received invalid X.509 certificate from ACME server!\n";  diff --git a/tests/cert-install b/tests/cert-install -index 4b3e820..4415cdd 100644 +index 4b3e820..c38f3cf 100644  --- a/tests/cert-install  +++ b/tests/cert-install  @@ -28,6 +28,55 @@ EOF @@ -170,15 +170,32 @@ index 4b3e820..4415cdd 100644   # 'certificate' installs only the leaf certificate   openssl genpkey -algorithm RSA -out /etc/lacme/test1.key   subject="/CN=$(head -c10 /dev/urandom | base32 -w0).$DOMAINNAME" -@@ -42,6 +91,7 @@ lacme newOrder test1 2>"$STDERR" || fail newOrder test1 +@@ -42,23 +91,9 @@ lacme newOrder test1 2>"$STDERR" || fail newOrder test1   test /etc/lacme/test1.crt -nt /etc/lacme/test1.key   sed -n "0,/^-----END CERTIFICATE-----$/ p" /etc/lacme/test1.crt >/etc/lacme/test1.pem   diff --unified /etc/lacme/test1.crt /etc/lacme/test1.pem  +check_spki /etc/lacme/test1.crt /etc/lacme/test1.key - check_hash() { -@@ -70,16 +120,7 @@ EOF +-check_hash() { +-    local p1="$1" p2 s1 s2 +-    s1="$(openssl x509 -noout -hash <"$p1")" +-    for p2 in /usr/share/lacme/ca-certificates.pem.*; do +-        s2="$(openssl x509 -noout -hash <"$p2")" +-        if [ "$s1" = "$s2" ]; then +-            return 0 +-        fi +-    done +-    return 1 +-} +-csplit -f /usr/share/lacme/ca-certificates.pem. /usr/share/lacme/ca-certificates.crt \ +-    "/-----BEGIN CERTIFICATE-----/" "{*}" +-rm -f /usr/share/lacme/ca-certificates.pem.00 +- + # 'certificate-chain' appends the chain of trust + openssl genpkey -algorithm RSA -out /etc/lacme/test2.key + cat >"/etc/lacme/lacme-certs.conf.d/test2.conf" <<- EOF +@@ -70,16 +105,7 @@ EOF   lacme newOrder test2 2>"$STDERR" || fail newOrder test2   test /etc/lacme/test2.crt -nt /etc/lacme/test2.key @@ -196,7 +213,7 @@ index 4b3e820..4415cdd 100644   # 'certificate' + 'certificate-chain'   openssl genpkey -algorithm RSA -out /etc/lacme/test3.key -@@ -94,10 +135,8 @@ EOF +@@ -94,10 +120,8 @@ EOF   lacme newOrder test3 2>"$STDERR" || fail newOrder test3   test /etc/lacme/test3.pem -nt /etc/lacme/test3.key   test /etc/lacme/test3.crt -nt /etc/lacme/test3.key | 
