[debian-edu-commits] debian-edu/pkg-team/ 01/02: debian/patches: Add 0001_fix-certificate-bug-with-chrome-browser.patch. Make sure self-created certificates contain a SAN (subjectAltName) field.

Mike Gabriel sunweaver at debian.org
Sat Jun 3 20:47:05 UTC 2017


This is an automated email from the git hooks/post-receive script.

sunweaver pushed a commit to branch master
in repository e2guardian.

commit 1ba685505575fbbf737e2ee126f447e41e460059
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Wed May 31 11:45:28 2017 +0200

    debian/patches: Add 0001_fix-certificate-bug-with-chrome-browser.patch. Make sure self-created certificates contain a SAN (subjectAltName) field.
---
 ...1_fix-certificate-bug-with-chrome-browser.patch | 69 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 70 insertions(+)

diff --git a/debian/patches/0001_fix-certificate-bug-with-chrome-browser.patch b/debian/patches/0001_fix-certificate-bug-with-chrome-browser.patch
new file mode 100644
index 0000000..803afe0
--- /dev/null
+++ b/debian/patches/0001_fix-certificate-bug-with-chrome-browser.patch
@@ -0,0 +1,69 @@
+From 0e2bbdea7b4433b75fb73f8e915dbe0e1095fed1 Mon Sep 17 00:00:00 2001
+From: Fredb <numsys at free.fr>
+Date: Wed, 31 May 2017 09:33:09 +0200
+Subject: [PATCH] Bug #216 (v3.4.0.3) Fix certificate bug with chrome browser
+
+---
+ src/CertificateAuthority.cpp | 24 +++++++++++++++++++++++-
+ src/CertificateAuthority.hpp |  1 +
+ 2 files changed, 24 insertions(+), 1 deletion(-)
+
+diff --git a/src/CertificateAuthority.cpp b/src/CertificateAuthority.cpp
+index 6202002..4e03ded 100755
+--- a/src/CertificateAuthority.cpp
++++ b/src/CertificateAuthority.cpp
+@@ -118,7 +118,7 @@ bool CertificateAuthority::getSerial(const char *commonname, struct ca_serial *c
+     // added to generate different serial number than previous versions
+     //   needs to be added as an option
+     std::string sname(commonname );
+-    sname += "A";
++    sname += "B";
+ 
+ #ifdef DGDEBUG
+     std::cout << "Generating serial no for " << commonname << std::endl;
+@@ -390,6 +390,14 @@ X509 *CertificateAuthority::generateCertificate(const char *commonname, struct c
+         return NULL;
+     }
+ 
++{
++    String temp1 = "DNS:";
++    String temp2 = commonname;
++    temp1 = temp1 + temp2;
++    char    *value = (char*) temp1.toCharArray();
++if( !addExtension(newCert, NID_subject_alt_name, value))
++        log_ssl_errors("Error adding subjectAltName to the request", commonname);
++}
+     //sign it using the ca
+     ERR_clear_error();
+     if (!X509_sign(newCert, _caPrivKey, EVP_sha256())) {
+@@ -521,4 +529,18 @@ CertificateAuthority::~CertificateAuthority()
+     if (_caPrivKey) EVP_PKEY_free(_caPrivKey);
+     if (_certPrivKey) EVP_PKEY_free(_certPrivKey);
+ }
++
++bool CertificateAuthority::addExtension(X509 *cert, int nid, char *value)
++{
++    X509_EXTENSION *ex = NULL;
++    
++    ex = X509V3_EXT_conf_nid(NULL,NULL , nid, value);
++
++    int result = X509_add_ext(cert, ex, -1);
++
++    X509_EXTENSION_free(ex);
++
++    return (result > 0) ? true : false;
++}
++
+ #endif //__SSLMITM
+diff --git a/src/CertificateAuthority.hpp b/src/CertificateAuthority.hpp
+index 230932b..0aecf61 100755
+--- a/src/CertificateAuthority.hpp
++++ b/src/CertificateAuthority.hpp
+@@ -25,6 +25,7 @@ class CertificateAuthority
+     time_t _ca_end;
+     static int do_mkdir(const char *path, mode_t mode);
+     int mkpath(const char *path, mode_t mode);
++    bool addExtension(X509 *cert, int nid, char *value);
+ 
+     public:
+     CertificateAuthority(const char *caCert,
diff --git a/debian/patches/series b/debian/patches/series
index 9aa6e49..12704da 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
+0001_fix-certificate-bug-with-chrome-browser.patch
 1001_idem-potent-build.patch
 1002_fix-message-typos.patch
 2001_remove-w3c-badge.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/pkg-team/e2guardian.git



More information about the debian-edu-commits mailing list