|
 |
50e473 |
diff -up pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c.digest pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c
|
|
|
50e473 |
--- pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c.digest 2011-08-15 00:06:11.000000000 +0200
|
|
|
50e473 |
+++ pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c 2018-05-04 18:57:37.708913903 +0200
|
|
|
50e473 |
@@ -2,7 +2,7 @@
|
|
|
50e473 |
#define crypto_MODULE
|
|
|
50e473 |
#include "crypto.h"
|
|
|
50e473 |
|
|
|
50e473 |
-
|
|
|
50e473 |
+#if OPENSSL_VERSION_NUMBER<0x10002000L
|
|
|
50e473 |
static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
|
|
|
50e473 |
X509_REVOKED *dupe = NULL;
|
|
|
50e473 |
|
|
|
50e473 |
@@ -32,6 +32,7 @@ static X509_REVOKED * X509_REVOKED_dup(X
|
|
|
50e473 |
dupe->sequence = orig->sequence;
|
|
|
50e473 |
return dupe;
|
|
|
50e473 |
}
|
|
|
50e473 |
+#endif
|
|
|
50e473 |
|
|
|
50e473 |
static char crypto_CRL_get_revoked_doc[] = "\n\
|
|
|
50e473 |
Return revoked portion of the CRL structure (by value\n\
|
|
|
50e473 |
@@ -130,14 +131,24 @@ crypto_CRL_export(crypto_CRLObj *self, P
|
|
|
50e473 |
crypto_PKeyObj *key;
|
|
|
50e473 |
ASN1_TIME *tmptm;
|
|
|
50e473 |
crypto_X509Obj *x509;
|
|
|
50e473 |
- static char *kwlist[] = {"cert", "key", "type", "days", NULL};
|
|
|
50e473 |
+ const char *mdname = NULL;
|
|
|
50e473 |
+ const EVP_MD *md;
|
|
|
50e473 |
+ static char *kwlist[] = {"cert", "key", "type", "days", "digest", NULL};
|
|
|
50e473 |
|
|
|
50e473 |
- if (!PyArg_ParseTupleAndKeywords(args, keywds, "O!O!|ii:dump_crl", kwlist,
|
|
|
50e473 |
+ if (!PyArg_ParseTupleAndKeywords(args, keywds, "O!O!|iiz:dump_crl", kwlist,
|
|
|
50e473 |
&crypto_X509_Type, &x509,
|
|
|
50e473 |
- &crypto_PKey_Type, &key, &type, &days)) {
|
|
|
50e473 |
+ &crypto_PKey_Type, &key, &type, &days, &mdname)) {
|
|
|
50e473 |
+ return NULL;
|
|
|
50e473 |
+ }
|
|
|
50e473 |
+ if (mdname == NULL) {
|
|
|
50e473 |
+ mdname = "sha256";
|
|
|
50e473 |
+ }
|
|
|
50e473 |
+ if ((md = EVP_get_digestbyname(mdname)) == NULL) {
|
|
|
50e473 |
+ PyErr_SetString(
|
|
|
50e473 |
+ PyExc_ValueError,
|
|
|
50e473 |
+ "No such digest method");
|
|
|
50e473 |
return NULL;
|
|
|
50e473 |
}
|
|
|
50e473 |
-
|
|
|
50e473 |
bio = BIO_new(BIO_s_mem());
|
|
|
50e473 |
tmptm = ASN1_TIME_new();
|
|
|
50e473 |
if (!tmptm) {
|
|
|
50e473 |
@@ -149,7 +160,7 @@ crypto_CRL_export(crypto_CRLObj *self, P
|
|
|
50e473 |
X509_CRL_set_nextUpdate(self->crl, tmptm);
|
|
|
50e473 |
ASN1_TIME_free(tmptm);
|
|
|
50e473 |
X509_CRL_set_issuer_name(self->crl, X509_get_subject_name(x509->x509));
|
|
|
50e473 |
- X509_CRL_sign(self->crl, key->pkey, EVP_md5());
|
|
|
50e473 |
+ X509_CRL_sign(self->crl, key->pkey, md);
|
|
|
50e473 |
switch (type) {
|
|
|
50e473 |
case X509_FILETYPE_PEM:
|
|
|
50e473 |
ret = PEM_write_bio_X509_CRL(bio, self->crl);
|
|
|
50e473 |
diff -up pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.digest pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py
|
|
|
50e473 |
--- pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.digest 2018-05-04 18:57:37.707913880 +0200
|
|
|
50e473 |
+++ pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py 2018-05-04 18:55:09.360484497 +0200
|
|
|
50e473 |
@@ -2628,11 +2628,12 @@ class CRLTests(TestCase):
|
|
|
50e473 |
crl.add_revoked(revoked)
|
|
|
50e473 |
|
|
|
50e473 |
# PEM format
|
|
|
50e473 |
- dumped_crl = crl.export(self.cert, self.pkey, days=20)
|
|
|
50e473 |
+ dumped_crl = crl.export(self.cert, self.pkey, days=20, digest="sha1")
|
|
|
50e473 |
text = _runopenssl(dumped_crl, "crl", "-noout", "-text")
|
|
|
50e473 |
text.index(b('Serial Number: 03AB'))
|
|
|
50e473 |
text.index(b('Superseded'))
|
|
|
50e473 |
text.index(b('Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA'))
|
|
|
50e473 |
+ text.index(b('Signature Algorithm: sha1WithRSAEncryption'))
|
|
|
50e473 |
|
|
|
50e473 |
# DER format
|
|
|
50e473 |
dumped_crl = crl.export(self.cert, self.pkey, FILETYPE_ASN1)
|
|
|
50e473 |
@@ -2662,14 +2663,14 @@ class CRLTests(TestCase):
|
|
|
50e473 |
def test_export_wrong_args(self):
|
|
|
50e473 |
"""
|
|
|
50e473 |
Calling L{OpenSSL.CRL.export} with fewer than two or more than
|
|
|
50e473 |
- four arguments, or with arguments other than the certificate,
|
|
|
50e473 |
- private key, integer file type, and integer number of days it
|
|
|
50e473 |
+ five arguments, or with arguments other than the certificate,
|
|
|
50e473 |
+ private key, integer file type, integer number of days, and digest it
|
|
|
50e473 |
expects, results in a L{TypeError} being raised.
|
|
|
50e473 |
"""
|
|
|
50e473 |
crl = CRL()
|
|
|
50e473 |
self.assertRaises(TypeError, crl.export)
|
|
|
50e473 |
self.assertRaises(TypeError, crl.export, self.cert)
|
|
|
50e473 |
- self.assertRaises(TypeError, crl.export, self.cert, self.pkey, FILETYPE_PEM, 10, "foo")
|
|
|
50e473 |
+ self.assertRaises(TypeError, crl.export, self.cert, self.pkey, FILETYPE_PEM, 10, "foo", "boo")
|
|
|
50e473 |
|
|
|
50e473 |
self.assertRaises(TypeError, crl.export, None, self.pkey, FILETYPE_PEM, 10)
|
|
|
50e473 |
self.assertRaises(TypeError, crl.export, self.cert, None, FILETYPE_PEM, 10)
|