1
0
mirror of https://github.com/laurivosandi/certidude synced 2025-01-05 05:37:35 +00:00

api: Validate certificate serial only if serial is supplied

This commit is contained in:
Lauri Võsandi 2017-04-20 14:17:03 +00:00
parent a5b880c020
commit 66e2b5fc35

View File

@ -1,5 +1,6 @@
import click import click
import falcon
import logging import logging
import xattr import xattr
from datetime import datetime from datetime import datetime
@ -29,7 +30,7 @@ class LeaseResource(object):
# TODO: verify signature # TODO: verify signature
common_name = req.get_param("client", required=True) common_name = req.get_param("client", required=True)
path, buf, cert = authority.get_signed(common_name) # TODO: catch exceptions path, buf, cert = authority.get_signed(common_name) # TODO: catch exceptions
if cert.serial != req.get_param_as_int("serial"): # OCSP-ish solution for OpenVPN, not exposed for StrongSwan if req.get_param("serial") and cert.serial != req.get_param_as_int("serial"): # OCSP-ish solution for OpenVPN, not exposed for StrongSwan
raise falcon.HTTPForbidden("Forbidden", "Invalid serial number supplied") raise falcon.HTTPForbidden("Forbidden", "Invalid serial number supplied")
xattr.setxattr(path, "user.lease.address", req.get_param("address", required=True).encode("ascii")) xattr.setxattr(path, "user.lease.address", req.get_param("address", required=True).encode("ascii"))