Searched hist:"73 d1fbf3" (Results 1 – 2 of 2) sorted by relevance
| /openbmc/phosphor-certificate-manager/test/ |
| H A D | certs_manager_test.cpp | 73d1fbf3 Wed Jan 15 08:31:12 CST 2020 Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com> Installing certificates with the same subject name.
This patch enables the way for installing different CA certificates with
the same subject name which could be the use case. The problem is OpenSSL
requires certificates file name to be consisted of the certificate
subject name hash (as name base) and integer number (as name extension),
e.g. "9d66eef0.0":
https://www.boost.org/doc/libs/1_69_0/doc/html/boost_asio/reference/ssl__context/add_verify_path.html
https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_load_verify_locations.html
But finally OpenSSL allows to use many CA certificatates with the same subject
name but handling certificate file name extension (e.g. must be
consecutive integers numbers) is needed. Current implementation
hardcodes name extension to 0. So this patch is about handling
certificate file name extension properly.
Tested by installing, deleting and replacing a few CA certificates
with the same subject name and checking whether authentication based
on them works:
- install a few CA certificates and check whether authentication based
on them works,
- delete single CA certificate and check whether authentication based
on the rest works and based on the deleted one do not work,
- replace single CA certificate and check whether authentication based
on the rest and the new one works and based on the replaced one do not
work.
Signed-off-by: Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com>
Change-Id: I95b8e77559a9e64f0e6cb95dac60dbad32fbcb86
|
| /openbmc/phosphor-certificate-manager/ |
| H A D | certificate.cpp | 73d1fbf3 Wed Jan 15 08:31:12 CST 2020 Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com> Installing certificates with the same subject name.
This patch enables the way for installing different CA certificates with
the same subject name which could be the use case. The problem is OpenSSL
requires certificates file name to be consisted of the certificate
subject name hash (as name base) and integer number (as name extension),
e.g. "9d66eef0.0":
https://www.boost.org/doc/libs/1_69_0/doc/html/boost_asio/reference/ssl__context/add_verify_path.html
https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_load_verify_locations.html
But finally OpenSSL allows to use many CA certificatates with the same subject
name but handling certificate file name extension (e.g. must be
consecutive integers numbers) is needed. Current implementation
hardcodes name extension to 0. So this patch is about handling
certificate file name extension properly.
Tested by installing, deleting and replacing a few CA certificates
with the same subject name and checking whether authentication based
on them works:
- install a few CA certificates and check whether authentication based
on them works,
- delete single CA certificate and check whether authentication based
on the rest works and based on the deleted one do not work,
- replace single CA certificate and check whether authentication based
on the rest and the new one works and based on the replaced one do not
work.
Signed-off-by: Zbigniew Lukwinski <zbigniew.lukwinski@linux.intel.com>
Change-Id: I95b8e77559a9e64f0e6cb95dac60dbad32fbcb86
|