rpms / certmonger

Clone
Source Code
GIT

Blame SOURCES/0031-Include-message-CA-IDENT-with-GetCACaps-and-GetCACer.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   0031-Include-message-CA-IDENT-with-GetCACaps-and-GetCACer.patch
Blob History Raw
dbb109 
From 5c21bcbc0c189777b8cad8658c47d2cfb4cbd2e5 Mon Sep 17 00:00:00 2001
dbb109 
From: Rob Crittenden <rcritten@redhat.com>
dbb109 
Date: Fri, 22 May 2020 12:58:44 -0400
dbb109 
Subject: [PATCH] Include &message=CA-IDENT with GetCACaps and GetCACert
dbb109 
 requests
dbb109
dbb109 
The guttman spec is quite unclear on this and in the GetCACaps
dbb109 
section doesn't mention &message at all. It only appears in the
dbb109 
generic GET requests section 4.1
dbb109
dbb109 
The nourse spec is clearer and requires &message=CA-IDENT on
dbb109 
GetCACaps requests.
dbb109
dbb109 
AD 2012 R2 servers also require message on GetCACert requests.
dbb109
dbb109 
This reverts much of 60a4db5796b0575ca2cc9f1af4ecb3fdc6359242
dbb109
dbb109 
https://bugzilla.redhat.com/show_bug.cgi?id=1839181
dbb109 
https://pagure.io/certmonger/issue/103
dbb109 
---
dbb109 
 src/scep.c | 8 ++++----
dbb109 
 1 file changed, 4 insertions(+), 4 deletions(-)
dbb109
dbb109 
diff --git a/src/scep.c b/src/scep.c
dbb109 
index 46ab149b..6568122c 100644
dbb109 
--- a/src/scep.c
dbb109 
+++ b/src/scep.c
dbb109 
@@ -369,11 +369,11 @@ main(int argc, const char **argv)
dbb109 
 		break;
dbb109 
 	case op_get_ca_caps:
dbb109 
 		/* Only step: read capabilities for the daemon. */
dbb109 
-		params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS);
dbb109 
+		params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
dbb109 
 		break;
dbb109 
 	case op_get_ca_certs:
dbb109 
 		/* First step: get the root certificate. */
dbb109 
-		params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT);
dbb109 
+		params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT "&message=%s", id);
dbb109 
 		break;
dbb109 
 	case op_get_cert_initial:
dbb109 
 		if ((racert == NULL) || (strlen(racert) == 0)) {
dbb109 
@@ -392,7 +392,7 @@ main(int argc, const char **argv)
dbb109 
 				goto done;
dbb109 
 			}
dbb109 
 			/* First step: read capabilities for our use. */
dbb109 
-			params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS);
dbb109 
+			params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
dbb109 
 		}
dbb109 
 		break;
dbb109 
 	case op_pkcsreq:
dbb109 
@@ -412,7 +412,7 @@ main(int argc, const char **argv)
dbb109 
 				goto done;
dbb109 
 			}
dbb109 
 			/* First step: read capabilities for our use. */
dbb109 
-			params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS);
dbb109 
+			params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
dbb109 
 		}
dbb109 
 		break;
dbb109 
 	}
dbb109 
--
dbb109 
2.25.4
dbb109

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation