A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://github.com/cloudflare/cfssl/commit/beeced861039dcb4f2f378ed9efcb8ac71e766e4 below:

Allowing CSR to take CRL url as input which can then be used on a cer… · cloudflare/cfssl@beeced8 · GitHub

File tree Expand file treeCollapse file tree 3 files changed

+21

-1

lines changed

Filter options

Expand file treeCollapse file tree 3 files changed

+21

-1

lines changed Original file line number Diff line number Diff line change

@@ -139,6 +139,7 @@ type CertificateRequest struct {

 139 139

CA *CAConfig `json:"ca,omitempty" yaml:"ca,omitempty"`

 140 140

SerialNumber string `json:"serialnumber,omitempty" yaml:"serialnumber,omitempty"`

 141 141

Extensions []pkix.Extension `json:"extensions,omitempty" yaml:"extensions,omitempty"`

 142 +

CRL string `json:"crl_url,omitempty" yaml:"crl_url,omitempty"`

 142 143

}

 143 144 144 145

// New returns a new, empty CertificateRequest with a

 Original file line number Diff line number Diff line change

@@ -69,6 +69,10 @@ func New(req *csr.CertificateRequest) (cert, csrPEM, key []byte, err error) {

 69 69

}

 70 70

}

 71 71 72 +

if req.CRL != "" {

 73 +

policy.Default.CRL = req.CRL

 74 +

}

 75 + 72 76

g := &csr.Generator{Validator: validator}

 73 77

csrPEM, key, err = g.ProcessRequest(req)

 74 78

if err != nil {

 Original file line number Diff line number Diff line change

@@ -64,6 +64,7 @@ var invalidCryptoParams = []csr.KeyRequest{

 64 64

func TestInitCA(t *testing.T) {

 65 65

var req *csr.CertificateRequest

 66 66

hostname := "cloudflare.com"

 67 +

crl := "http://crl.cloudflare.com/655c6a9b-01c6-4eea-bf21-be690cc315e0.crl" //cert_uuid.crl

 67 68

for _, param := range validKeyParams {

 68 69

for _, caconfig := range validCAConfigs {

 69 70

req = &csr.CertificateRequest{

@@ -80,6 +81,7 @@ func TestInitCA(t *testing.T) {

 80 81

Hosts: []string{hostname, "www." + hostname},

 81 82

KeyRequest: &param,

 82 83

CA: &caconfig,

 84 +

CRL: crl,

 83 85

}

 84 86

certBytes, _, keyBytes, err := New(req)

 85 87

if err != nil {

@@ -94,6 +96,18 @@ func TestInitCA(t *testing.T) {

 94 96

t.Fatal("InitCA cert parsing failed:", err)

 95 97

}

 96 98 99 +

// Verify if the CRL is set

 100 +

crlSet := false

 101 +

for _, certCrl := range cert.CRLDistributionPoints {

 102 +

if certCrl == crl {

 103 +

crlSet = true

 104 +

break

 105 +

}

 106 +

}

 107 +

if !crlSet {

 108 +

t.Fatal("Missing CRL on certificate")

 109 +

}

 110 + 97 111

// Verify key parameters.

 98 112

switch req.KeyRequest.Algo() {

 99 113

case "rsa":

@@ -126,14 +140,15 @@ func TestInitCA(t *testing.T) {

 126 140

}

 127 141

}

 128 142 129 -

// Replace the default CAPolicy with a test (short expiry) version.

 143 +

// Replace the default CAPolicy with a test (short expiry) version and add a crl

 130 144

CAPolicy = func() *config.Signing {

 131 145

return &config.Signing{

 132 146

Default: &config.SigningProfile{

 133 147

Usage: []string{"cert sign", "crl sign"},

 134 148

ExpiryString: "300s",

 135 149

Expiry: 300 * time.Second,

 136 150

CAConstraint: config.CAConstraint{IsCA: true},

 151 +

CRL: crl,

 137 152

},

 138 153

}

 139 154

}

You can’t perform that action at this time.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4