Attachment 475 Details for Bug 4619 – Patch for fixing the logics of revocation

[patch] Patch for fixing the logics of revocation

crl_check_logics.patch (text/plain), 1.34 KB, created by Henrik Andersson on 2013-04-25 10:01:56 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: Henrik Andersson

Created: 2013-04-25 10:01:56 CEST

Size: 1.34 KB

patch

obsolete

>Index: tl-ldap-certalias
>===================================================================
>--- tl-ldap-certalias	(revision 27175)
>+++ tl-ldap-certalias	(working copy)
>@@ -636,23 +636,28 @@
>     # implement OCSP support.
>     #
> 
>+    crl = None
>     for uri in cert["crl"]:
>+
>+        # for now we only support http distribution points
>         if not uri.startswith("http"):
>             continue
> 
>         crl = find_crl(uri)
>-        if crl is None:
>-            return (False, "Unable to retrieve CRL at %s" % uri)
>+        if crl is not None:
>+            break
> 
>-        if crl["serials"].has_key(cert["serial"]):
>-            vprint("Certificate revoked by CRL list at %s" % uri)
>-            return (False, "Certificate has been revoked by CA")
>+        # failed to get CRL, lets try next distribution point
>+        vprint("Failed to download CRL list at %s, trying next distribution point" % uri)
>+        
>+    # check if certificate is revoked
>+    if crl is not None and crl["serials"].has_key(cert["serial"]):
>+        vprint("Certificate revoked by CRL list at %s" % uri)
>+        return (False, "Certificate has been revoked by CA")
> 
>-    # We've passed expiration/validation dates, CA verification, CRL
>-    # checks. It's OK.
>-
>     return (True, "Certificate OK")
> 
>+
> def usage():
>     print "Usage: tl-ldap-certalias [options]"
>     print "Options:"

Actions: View | Diff

Attachments on bug 4619: 475