rpms / certmonger

Clone
Source Code
GIT

Blame SOURCES/0009-Use-extensions-template-from-NSS.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   cebf485c5e70b41d314ca9c695e88dc93463e919
  2.   SOURCES
  3.   0009-Use-extensions-template-from-NSS.patch
Blob History Raw
68c1c4 
From 9312d1892c611d9f0e814cb915488182da2b76cc Mon Sep 17 00:00:00 2001
68c1c4 
From: Christian Heimes <cheimes@redhat.com>
68c1c4 
Date: Mon, 4 Oct 2021 15:55:44 +0200
68c1c4 
Subject: [PATCH] Use extensions template from NSS
68c1c4
68c1c4 
Drop certmonger's custom extension template and use the sequence of X509v3
68c1c4 
extensions template from NSS.
68c1c4
68c1c4 
The certmonger template had a bug that caused certmonger to create CSRs
68c1c4 
with invalid DER. It was encoding extension's critical element even for
68c1c4 
default value FALSE.
68c1c4
68c1c4 
Fixes: https://pagure.io/certmonger/issue/223
68c1c4 
Signed-off-by: Christian Heimes <cheimes@redhat.com>
68c1c4 
---
68c1c4 
 src/certext.c | 41 +----------------------------------------
68c1c4 
 1 file changed, 1 insertion(+), 40 deletions(-)
68c1c4
68c1c4 
diff --git a/src/certext.c b/src/certext.c
68c1c4 
index be536987..0d66971e 100644
68c1c4 
--- a/src/certext.c
68c1c4 
+++ b/src/certext.c
68c1c4 
@@ -203,45 +203,6 @@ cm_ms_template_template[] = {
68c1c4 
 	{0, 0, NULL, 0},
68c1c4 
 };
68c1c4
68c1c4 
-/* RFC 5280, 4.1 */
68c1c4 
-const SEC_ASN1Template
68c1c4 
-cm_certext_cert_extension_template[] = {
68c1c4 
-	{
68c1c4 
-	.kind = SEC_ASN1_SEQUENCE,
68c1c4 
-	.offset = 0,
68c1c4 
-	.sub = NULL,
68c1c4 
-	.size = sizeof(CERTCertExtension),
68c1c4 
-	},
68c1c4 
-	{
68c1c4 
-	.kind = SEC_ASN1_OBJECT_ID,
68c1c4 
-	.offset = offsetof(CERTCertExtension, id),
68c1c4 
-	.sub = NULL,
68c1c4 
-	.size = sizeof(SECItem),
68c1c4 
-	},
68c1c4 
-	{
68c1c4 
-	.kind = SEC_ASN1_BOOLEAN,
68c1c4 
-	.offset = offsetof(CERTCertExtension, critical),
68c1c4 
-	.sub = NULL,
68c1c4 
-	.size = sizeof(SECItem),
68c1c4 
-	},
68c1c4 
-	{
68c1c4 
-	.kind = SEC_ASN1_OCTET_STRING,
68c1c4 
-	.offset = offsetof(CERTCertExtension, value),
68c1c4 
-	.sub = NULL,
68c1c4 
-	.size = sizeof(SECItem),
68c1c4 
-	},
68c1c4 
-	{0, 0, NULL, 0},
68c1c4 
-};
68c1c4 
-const SEC_ASN1Template
68c1c4 
-cm_certext_sequence_of_cert_extension_template[] = {
68c1c4 
-	{
68c1c4 
-	.kind = SEC_ASN1_SEQUENCE_OF,
68c1c4 
-	.offset = 0,
68c1c4 
-	.sub = cm_certext_cert_extension_template,
68c1c4 
-	.size = sizeof(CERTCertExtension **),
68c1c4 
-	},
68c1c4 
-};
68c1c4 
-
68c1c4 
 /* Windows 2000-style UPN */
68c1c4 
 static unsigned char oid_ms_upn_name_bytes[] = {0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x14, 0x02, 0x03};
68c1c4 
 static const SECOidData oid_ms_upn_name = {
68c1c4 
@@ -1960,7 +1921,7 @@ cm_certext_build_csr_extensions(struct cm_store_entry *entry,
68c1c4 
 	/* Encode the sequence. */
68c1c4 
 	memset(&encoded, 0, sizeof(encoded));
68c1c4 
 	if (i > 1) {
68c1c4 
-		template = cm_certext_sequence_of_cert_extension_template;
68c1c4 
+		template = CERT_SequenceOfCertExtensionTemplate;
68c1c4 
 		if (SEC_ASN1EncodeItem(arena, &encoded, &exts_ptr,
68c1c4 
 				       template) == &encoded) {
68c1c4 
 			*extensions = talloc_memdup(entry, encoded.data,
68c1c4 
--
68c1c4 
2.31.1
68c1c4

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation