|
 |
5e5f7c |
From b63be96fd30d0a9fb2538e41509e8813620d5107 Mon Sep 17 00:00:00 2001
|
|
|
5e5f7c |
From: Rob Crittenden <rcritten@redhat.com>
|
|
|
5e5f7c |
Date: Fri, 22 May 2020 12:58:44 -0400
|
|
|
5e5f7c |
Subject: [PATCH] Include &message=CA-IDENT with GetCACaps and GetCACert
|
|
|
5e5f7c |
requests
|
|
|
5e5f7c |
|
|
|
5e5f7c |
The guttman spec is quite unclear on this and in the GetCACaps
|
|
|
5e5f7c |
section doesn't mention &message at all. It only appears in the
|
|
|
5e5f7c |
generic GET requests section 4.1
|
|
|
5e5f7c |
|
|
|
5e5f7c |
The nourse spec is clearer and requires &message=CA-IDENT on
|
|
|
5e5f7c |
GetCACaps requests.
|
|
|
5e5f7c |
|
|
|
5e5f7c |
AD 2012 R2 servers also require message on GetCACert requests.
|
|
|
5e5f7c |
|
|
|
5e5f7c |
This reverts much of 60a4db5796b0575ca2cc9f1af4ecb3fdc6359242
|
|
|
5e5f7c |
|
|
|
5e5f7c |
https://bugzilla.redhat.com/show_bug.cgi?id=1839181
|
|
|
5e5f7c |
https://pagure.io/certmonger/issue/103
|
|
|
5e5f7c |
---
|
|
|
5e5f7c |
src/scep.c | 8 ++++----
|
|
|
5e5f7c |
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
|
5e5f7c |
|
|
|
5e5f7c |
diff --git a/src/scep.c b/src/scep.c
|
|
|
5e5f7c |
index 4dde1ce..11ebd6f 100644
|
|
|
5e5f7c |
--- a/src/scep.c
|
|
|
5e5f7c |
+++ b/src/scep.c
|
|
|
5e5f7c |
@@ -370,11 +370,11 @@ main(int argc, const char **argv)
|
|
|
5e5f7c |
break;
|
|
|
5e5f7c |
case op_get_ca_caps:
|
|
|
5e5f7c |
/* Only step: read capabilities for the daemon. */
|
|
|
5e5f7c |
- params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS);
|
|
|
5e5f7c |
+ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
|
|
|
5e5f7c |
break;
|
|
|
5e5f7c |
case op_get_ca_certs:
|
|
|
5e5f7c |
/* First step: get the root certificate. */
|
|
|
5e5f7c |
- params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT);
|
|
|
5e5f7c |
+ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT "&message=%s", id);
|
|
|
5e5f7c |
break;
|
|
|
5e5f7c |
case op_get_cert_initial:
|
|
|
5e5f7c |
if ((racert == NULL) || (strlen(racert) == 0)) {
|
|
|
5e5f7c |
@@ -393,7 +393,7 @@ main(int argc, const char **argv)
|
|
|
5e5f7c |
goto done;
|
|
|
5e5f7c |
}
|
|
|
5e5f7c |
/* First step: read capabilities for our use. */
|
|
|
5e5f7c |
- params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS);
|
|
|
5e5f7c |
+ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
|
|
|
5e5f7c |
}
|
|
|
5e5f7c |
break;
|
|
|
5e5f7c |
case op_pkcsreq:
|
|
|
5e5f7c |
@@ -413,7 +413,7 @@ main(int argc, const char **argv)
|
|
|
5e5f7c |
goto done;
|
|
|
5e5f7c |
}
|
|
|
5e5f7c |
/* First step: read capabilities for our use. */
|
|
|
5e5f7c |
- params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS);
|
|
|
5e5f7c |
+ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
|
|
|
5e5f7c |
}
|
|
|
5e5f7c |
break;
|
|
|
5e5f7c |
}
|
|
|
5e5f7c |
--
|
|
|
5e5f7c |
2.25.4
|
|
|
5e5f7c |
|