Searched hist:"73 d1fbf3" (Results 1 – 2 of 2) sorted by relevance
/openbmc/phosphor-certificate-manager/test/ |
H A D | certs_manager_test.cpp | 73d1fbf3 Wed Jan 15 08:31:12 CST 2020 Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com> Installing certificates with the same subject name. This patch enables the way for installing different CA certificates with the same subject name which could be the use case. The problem is OpenSSL requires certificates file name to be consisted of the certificate subject name hash (as name base) and integer number (as name extension), e.g. "9d66eef0.0": https://www.boost.org/doc/libs/1_69_0/doc/html/boost_asio/reference/ssl__context/add_verify_path.html https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_load_verify_locations.html But finally OpenSSL allows to use many CA certificatates with the same subject name but handling certificate file name extension (e.g. must be consecutive integers numbers) is needed. Current implementation hardcodes name extension to 0. So this patch is about handling certificate file name extension properly. Tested by installing, deleting and replacing a few CA certificates with the same subject name and checking whether authentication based on them works: - install a few CA certificates and check whether authentication based on them works, - delete single CA certificate and check whether authentication based on the rest works and based on the deleted one do not work, - replace single CA certificate and check whether authentication based on the rest and the new one works and based on the replaced one do not work. Signed-off-by: Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com> Change-Id: I95b8e77559a9e64f0e6cb95dac60dbad32fbcb86
|
/openbmc/phosphor-certificate-manager/ |
H A D | certificate.cpp | 73d1fbf3 Wed Jan 15 08:31:12 CST 2020 Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com> Installing certificates with the same subject name. This patch enables the way for installing different CA certificates with the same subject name which could be the use case. The problem is OpenSSL requires certificates file name to be consisted of the certificate subject name hash (as name base) and integer number (as name extension), e.g. "9d66eef0.0": https://www.boost.org/doc/libs/1_69_0/doc/html/boost_asio/reference/ssl__context/add_verify_path.html https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_load_verify_locations.html But finally OpenSSL allows to use many CA certificatates with the same subject name but handling certificate file name extension (e.g. must be consecutive integers numbers) is needed. Current implementation hardcodes name extension to 0. So this patch is about handling certificate file name extension properly. Tested by installing, deleting and replacing a few CA certificates with the same subject name and checking whether authentication based on them works: - install a few CA certificates and check whether authentication based on them works, - delete single CA certificate and check whether authentication based on the rest works and based on the deleted one do not work, - replace single CA certificate and check whether authentication based on the rest and the new one works and based on the replaced one do not work. Signed-off-by: Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com> Change-Id: I95b8e77559a9e64f0e6cb95dac60dbad32fbcb86
|