diff options
author | Alexander Sulfrian <asulfrian@zedat.fu-berlin.de> | 2022-01-16 09:37:09 +0100 |
---|---|---|
committer | Alexander Sulfrian <asulfrian@zedat.fu-berlin.de> | 2022-01-16 10:07:54 +0100 |
commit | 3ea270b7583bb13b1234680c4bde4ae03701a109 (patch) | |
tree | ddd184adb653e7dc86e19d688401764ab168d392 /src/lib | |
parent | a6c58a242db90623a6cb4dfe111d7c1ee8423a84 (diff) | |
parent | f99adfc3e26dc4e49da79399f97c1cd1765068c8 (diff) | |
download | bcfg2-3ea270b7583bb13b1234680c4bde4ae03701a109.tar.gz bcfg2-3ea270b7583bb13b1234680c4bde4ae03701a109.tar.bz2 bcfg2-3ea270b7583bb13b1234680c4bde4ae03701a109.zip |
Merge branch 'fix/partial-chain-validation'
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/Bcfg2/Server/Plugins/Cfg/CfgSSLCACertCreator.py | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgSSLCACertCreator.py b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgSSLCACertCreator.py index 92fcc4cd8..b9ced6682 100644 --- a/src/lib/Bcfg2/Server/Plugins/Cfg/CfgSSLCACertCreator.py +++ b/src/lib/Bcfg2/Server/Plugins/Cfg/CfgSSLCACertCreator.py @@ -216,15 +216,12 @@ class CfgSSLCACertCreator(XMLCfgCreator, CfgVerifier): chaincert = ca.get('chaincert') cmd = ["openssl", "verify"] is_root = ca.get('root_ca', "false").lower() == 'true' - if is_root: - cmd.append("-CAfile") - else: - # verifying based on an intermediate cert - cmd.extend(["-purpose", "sslserver", "-untrusted"]) - cmd.extend([chaincert, filename]) + if not is_root: + cmd.append("-partial_chain") + cmd.extend(["-trusted", chaincert, filename]) self.debug_log("Cfg: Verifying %s against CA" % entry.get("name")) result = self.cmd.run(cmd) - if result.stdout == cert + ": OK\n": + if result.stdout == filename + ": OK\n": self.debug_log("Cfg: %s verified successfully against CA" % entry.get("name")) else: |