diff options
Diffstat (limited to 'debian/patches')
-rw-r--r-- | debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch | 2 | ||||
-rw-r--r-- | debian/patches/Fix-post-issuance-validation-logic.patch | 35 |
2 files changed, 27 insertions, 10 deletions
diff --git a/debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch b/debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch index 0065c39..af9d7f8 100644 --- a/debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch +++ b/debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch @@ -40,7 +40,7 @@ index e79a528..a3ad707 100644 # vim: set filetype=sh : diff --git a/tests/cert-install b/tests/cert-install -index 4415cdd..03360fd 100644 +index c38f3cf..279309f 100644 --- a/tests/cert-install +++ b/tests/cert-install @@ -79,7 +79,7 @@ check_chain() { diff --git a/debian/patches/Fix-post-issuance-validation-logic.patch b/debian/patches/Fix-post-issuance-validation-logic.patch index f5ecbed..1453055 100644 --- a/debian/patches/Fix-post-issuance-validation-logic.patch +++ b/debian/patches/Fix-post-issuance-validation-logic.patch @@ -24,10 +24,10 @@ Encrypt's latest recommendations: Origin: https://git.guilhem.org/lacme/commit/?id=9cb882a468843bf8ce9598de8769d5baaaaae3ea Bug-Debian: https://bugs.debian.org/1072847 --- - Makefile | 8 ++----- - lacme | 26 +++++++++++++++++---- - tests/cert-install | 67 ++++++++++++++++++++++++++++++++++++++++++------------ - 3 files changed, 76 insertions(+), 25 deletions(-) + Makefile | 8 ++---- + lacme | 26 +++++++++++++---- + tests/cert-install | 82 +++++++++++++++++++++++++++++++++++------------------- + 3 files changed, 76 insertions(+), 40 deletions(-) diff --git a/Makefile b/Makefile index 10e55c5..cb2f4ed 100644 @@ -111,7 +111,7 @@ index 6284c66..86a0516 100755 if (spawn(\%args, 'openssl', 'verify', @options)) { print STDERR "[$s] Error: Received invalid X.509 certificate from ACME server!\n"; diff --git a/tests/cert-install b/tests/cert-install -index 4b3e820..4415cdd 100644 +index 4b3e820..c38f3cf 100644 --- a/tests/cert-install +++ b/tests/cert-install @@ -28,6 +28,55 @@ EOF @@ -170,15 +170,32 @@ index 4b3e820..4415cdd 100644 # 'certificate' installs only the leaf certificate openssl genpkey -algorithm RSA -out /etc/lacme/test1.key subject="/CN=$(head -c10 /dev/urandom | base32 -w0).$DOMAINNAME" -@@ -42,6 +91,7 @@ lacme newOrder test1 2>"$STDERR" || fail newOrder test1 +@@ -42,23 +91,9 @@ lacme newOrder test1 2>"$STDERR" || fail newOrder test1 test /etc/lacme/test1.crt -nt /etc/lacme/test1.key sed -n "0,/^-----END CERTIFICATE-----$/ p" /etc/lacme/test1.crt >/etc/lacme/test1.pem diff --unified /etc/lacme/test1.crt /etc/lacme/test1.pem +check_spki /etc/lacme/test1.crt /etc/lacme/test1.key - check_hash() { -@@ -70,16 +120,7 @@ EOF +-check_hash() { +- local p1="$1" p2 s1 s2 +- s1="$(openssl x509 -noout -hash <"$p1")" +- for p2 in /usr/share/lacme/ca-certificates.pem.*; do +- s2="$(openssl x509 -noout -hash <"$p2")" +- if [ "$s1" = "$s2" ]; then +- return 0 +- fi +- done +- return 1 +-} +-csplit -f /usr/share/lacme/ca-certificates.pem. /usr/share/lacme/ca-certificates.crt \ +- "/-----BEGIN CERTIFICATE-----/" "{*}" +-rm -f /usr/share/lacme/ca-certificates.pem.00 +- + # 'certificate-chain' appends the chain of trust + openssl genpkey -algorithm RSA -out /etc/lacme/test2.key + cat >"/etc/lacme/lacme-certs.conf.d/test2.conf" <<- EOF +@@ -70,16 +105,7 @@ EOF lacme newOrder test2 2>"$STDERR" || fail newOrder test2 test /etc/lacme/test2.crt -nt /etc/lacme/test2.key @@ -196,7 +213,7 @@ index 4b3e820..4415cdd 100644 # 'certificate' + 'certificate-chain' openssl genpkey -algorithm RSA -out /etc/lacme/test3.key -@@ -94,10 +135,8 @@ EOF +@@ -94,10 +120,8 @@ EOF lacme newOrder test3 2>"$STDERR" || fail newOrder test3 test /etc/lacme/test3.pem -nt /etc/lacme/test3.key test /etc/lacme/test3.crt -nt /etc/lacme/test3.key |