|
 |
ec8eba |
diff -up pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c.digest pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c
|
|
|
ec8eba |
--- pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c.digest 2011-08-15 00:06:11.000000000 +0200
|
|
|
ec8eba |
+++ pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c 2018-05-04 18:57:37.708913903 +0200
|
|
|
ec8eba |
@@ -2,7 +2,7 @@
|
|
|
ec8eba |
#define crypto_MODULE
|
|
|
ec8eba |
#include "crypto.h"
|
|
|
ec8eba |
|
|
|
ec8eba |
-
|
|
|
ec8eba |
+#if OPENSSL_VERSION_NUMBER<0x10002000L
|
|
|
ec8eba |
static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
|
|
|
ec8eba |
X509_REVOKED *dupe = NULL;
|
|
|
ec8eba |
|
|
|
ec8eba |
@@ -32,6 +32,7 @@ static X509_REVOKED * X509_REVOKED_dup(X
|
|
|
ec8eba |
dupe->sequence = orig->sequence;
|
|
|
ec8eba |
return dupe;
|
|
|
ec8eba |
}
|
|
|
ec8eba |
+#endif
|
|
|
ec8eba |
|
|
|
ec8eba |
static char crypto_CRL_get_revoked_doc[] = "\n\
|
|
|
ec8eba |
Return revoked portion of the CRL structure (by value\n\
|
|
|
ec8eba |
@@ -130,14 +131,24 @@ crypto_CRL_export(crypto_CRLObj *self, P
|
|
|
ec8eba |
crypto_PKeyObj *key;
|
|
|
ec8eba |
ASN1_TIME *tmptm;
|
|
|
ec8eba |
crypto_X509Obj *x509;
|
|
|
ec8eba |
- static char *kwlist[] = {"cert", "key", "type", "days", NULL};
|
|
|
ec8eba |
+ const char *mdname = NULL;
|
|
|
ec8eba |
+ const EVP_MD *md;
|
|
|
ec8eba |
+ static char *kwlist[] = {"cert", "key", "type", "days", "digest", NULL};
|
|
|
ec8eba |
|
|
|
ec8eba |
- if (!PyArg_ParseTupleAndKeywords(args, keywds, "O!O!|ii:dump_crl", kwlist,
|
|
|
ec8eba |
+ if (!PyArg_ParseTupleAndKeywords(args, keywds, "O!O!|iiz:dump_crl", kwlist,
|
|
|
ec8eba |
&crypto_X509_Type, &x509,
|
|
|
ec8eba |
- &crypto_PKey_Type, &key, &type, &days)) {
|
|
|
ec8eba |
+ &crypto_PKey_Type, &key, &type, &days, &mdname)) {
|
|
|
ec8eba |
+ return NULL;
|
|
|
ec8eba |
+ }
|
|
|
ec8eba |
+ if (mdname == NULL) {
|
|
|
ec8eba |
+ mdname = "sha256";
|
|
|
ec8eba |
+ }
|
|
|
ec8eba |
+ if ((md = EVP_get_digestbyname(mdname)) == NULL) {
|
|
|
ec8eba |
+ PyErr_SetString(
|
|
|
ec8eba |
+ PyExc_ValueError,
|
|
|
ec8eba |
+ "No such digest method");
|
|
|
ec8eba |
return NULL;
|
|
|
ec8eba |
}
|
|
|
ec8eba |
-
|
|
|
ec8eba |
bio = BIO_new(BIO_s_mem());
|
|
|
ec8eba |
tmptm = ASN1_TIME_new();
|
|
|
ec8eba |
if (!tmptm) {
|
|
|
ec8eba |
@@ -149,7 +160,7 @@ crypto_CRL_export(crypto_CRLObj *self, P
|
|
|
ec8eba |
X509_CRL_set_nextUpdate(self->crl, tmptm);
|
|
|
ec8eba |
ASN1_TIME_free(tmptm);
|
|
|
ec8eba |
X509_CRL_set_issuer_name(self->crl, X509_get_subject_name(x509->x509));
|
|
|
ec8eba |
- X509_CRL_sign(self->crl, key->pkey, EVP_md5());
|
|
|
ec8eba |
+ X509_CRL_sign(self->crl, key->pkey, md);
|
|
|
ec8eba |
switch (type) {
|
|
|
ec8eba |
case X509_FILETYPE_PEM:
|
|
|
ec8eba |
ret = PEM_write_bio_X509_CRL(bio, self->crl);
|
|
|
ec8eba |
diff -up pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.digest pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py
|
|
|
ec8eba |
--- pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.digest 2018-05-04 18:57:37.707913880 +0200
|
|
|
ec8eba |
+++ pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py 2018-05-04 18:55:09.360484497 +0200
|
|
|
ec8eba |
@@ -2628,11 +2628,12 @@ class CRLTests(TestCase):
|
|
|
ec8eba |
crl.add_revoked(revoked)
|
|
|
ec8eba |
|
|
|
ec8eba |
# PEM format
|
|
|
ec8eba |
- dumped_crl = crl.export(self.cert, self.pkey, days=20)
|
|
|
ec8eba |
+ dumped_crl = crl.export(self.cert, self.pkey, days=20, digest="sha1")
|
|
|
ec8eba |
text = _runopenssl(dumped_crl, "crl", "-noout", "-text")
|
|
|
ec8eba |
text.index(b('Serial Number: 03AB'))
|
|
|
ec8eba |
text.index(b('Superseded'))
|
|
|
ec8eba |
text.index(b('Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA'))
|
|
|
ec8eba |
+ text.index(b('Signature Algorithm: sha1WithRSAEncryption'))
|
|
|
ec8eba |
|
|
|
ec8eba |
# DER format
|
|
|
ec8eba |
dumped_crl = crl.export(self.cert, self.pkey, FILETYPE_ASN1)
|
|
|
ec8eba |
@@ -2662,14 +2663,14 @@ class CRLTests(TestCase):
|
|
|
ec8eba |
def test_export_wrong_args(self):
|
|
|
ec8eba |
"""
|
|
|
ec8eba |
Calling L{OpenSSL.CRL.export} with fewer than two or more than
|
|
|
ec8eba |
- four arguments, or with arguments other than the certificate,
|
|
|
ec8eba |
- private key, integer file type, and integer number of days it
|
|
|
ec8eba |
+ five arguments, or with arguments other than the certificate,
|
|
|
ec8eba |
+ private key, integer file type, integer number of days, and digest it
|
|
|
ec8eba |
expects, results in a L{TypeError} being raised.
|
|
|
ec8eba |
"""
|
|
|
ec8eba |
crl = CRL()
|
|
|
ec8eba |
self.assertRaises(TypeError, crl.export)
|
|
|
ec8eba |
self.assertRaises(TypeError, crl.export, self.cert)
|
|
|
ec8eba |
- self.assertRaises(TypeError, crl.export, self.cert, self.pkey, FILETYPE_PEM, 10, "foo")
|
|
|
ec8eba |
+ self.assertRaises(TypeError, crl.export, self.cert, self.pkey, FILETYPE_PEM, 10, "foo", "boo")
|
|
|
ec8eba |
|
|
|
ec8eba |
self.assertRaises(TypeError, crl.export, None, self.pkey, FILETYPE_PEM, 10)
|
|
|
ec8eba |
self.assertRaises(TypeError, crl.export, self.cert, None, FILETYPE_PEM, 10)
|