mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
api: Validate certificate serial only if serial is supplied
This commit is contained in:
parent
a5b880c020
commit
66e2b5fc35
@ -1,5 +1,6 @@
|
|||||||
|
|
||||||
import click
|
import click
|
||||||
|
import falcon
|
||||||
import logging
|
import logging
|
||||||
import xattr
|
import xattr
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
@ -29,7 +30,7 @@ class LeaseResource(object):
|
|||||||
# TODO: verify signature
|
# TODO: verify signature
|
||||||
common_name = req.get_param("client", required=True)
|
common_name = req.get_param("client", required=True)
|
||||||
path, buf, cert = authority.get_signed(common_name) # TODO: catch exceptions
|
path, buf, cert = authority.get_signed(common_name) # TODO: catch exceptions
|
||||||
if cert.serial != req.get_param_as_int("serial"): # OCSP-ish solution for OpenVPN, not exposed for StrongSwan
|
if req.get_param("serial") and cert.serial != req.get_param_as_int("serial"): # OCSP-ish solution for OpenVPN, not exposed for StrongSwan
|
||||||
raise falcon.HTTPForbidden("Forbidden", "Invalid serial number supplied")
|
raise falcon.HTTPForbidden("Forbidden", "Invalid serial number supplied")
|
||||||
|
|
||||||
xattr.setxattr(path, "user.lease.address", req.get_param("address", required=True).encode("ascii"))
|
xattr.setxattr(path, "user.lease.address", req.get_param("address", required=True).encode("ascii"))
|
||||||
|
Loading…
Reference in New Issue
Block a user