lauri/certidude
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude synced 2025-10-30 17:09:19 +00:00
Code Issues Activity

api: Validate certificate serial only if serial is supplied

Browse Source
This commit is contained in:
Lauri Võsandi
2017-04-20 14:17:03 +00:00
parent a5b880c020
commit 66e2b5fc35
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
certidude/api/lease.py
View File

@@ -1,5 +1,6 @@
import click import click
import falcon
import logging import logging
import xattr import xattr
from datetime import datetime from datetime import datetime
@@ -29,7 +30,7 @@ class LeaseResource(object):
# TODO: verify signature # TODO: verify signature
common_name = req.get_param("client", required=True) common_name = req.get_param("client", required=True)
path, buf, cert = authority.get_signed(common_name) # TODO: catch exceptions path, buf, cert = authority.get_signed(common_name) # TODO: catch exceptions
if cert.serial != req.get_param_as_int("serial"): # OCSP-ish solution for OpenVPN, not exposed for StrongSwan if req.get_param("serial") and cert.serial != req.get_param_as_int("serial"): # OCSP-ish solution for OpenVPN, not exposed for StrongSwan
raise falcon.HTTPForbidden("Forbidden", "Invalid serial number supplied") raise falcon.HTTPForbidden("Forbidden", "Invalid serial number supplied")
xattr.setxattr(path, "user.lease.address", req.get_param("address", required=True).encode("ascii")) xattr.setxattr(path, "user.lease.address", req.get_param("address", required=True).encode("ascii"))