[debian-edu-commits] debian-edu/pkg-team/ 01/02: debian/patches: Add 0001_fix-certificate-bug-with-chrome-browser.patch. Make sure self-created certificates contain a SAN (subjectAltName) field.
Mike Gabriel
sunweaver at debian.org
Sat Jun 3 20:47:05 UTC 2017
This is an automated email from the git hooks/post-receive script.
sunweaver pushed a commit to branch master
in repository e2guardian.
commit 1ba685505575fbbf737e2ee126f447e41e460059
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Wed May 31 11:45:28 2017 +0200
debian/patches: Add 0001_fix-certificate-bug-with-chrome-browser.patch. Make sure self-created certificates contain a SAN (subjectAltName) field.
---
...1_fix-certificate-bug-with-chrome-browser.patch | 69 ++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 70 insertions(+)
diff --git a/debian/patches/0001_fix-certificate-bug-with-chrome-browser.patch b/debian/patches/0001_fix-certificate-bug-with-chrome-browser.patch
new file mode 100644
index 0000000..803afe0
--- /dev/null
+++ b/debian/patches/0001_fix-certificate-bug-with-chrome-browser.patch
@@ -0,0 +1,69 @@
+From 0e2bbdea7b4433b75fb73f8e915dbe0e1095fed1 Mon Sep 17 00:00:00 2001
+From: Fredb <numsys at free.fr>
+Date: Wed, 31 May 2017 09:33:09 +0200
+Subject: [PATCH] Bug #216 (v3.4.0.3) Fix certificate bug with chrome browser
+
+---
+ src/CertificateAuthority.cpp | 24 +++++++++++++++++++++++-
+ src/CertificateAuthority.hpp | 1 +
+ 2 files changed, 24 insertions(+), 1 deletion(-)
+
+diff --git a/src/CertificateAuthority.cpp b/src/CertificateAuthority.cpp
+index 6202002..4e03ded 100755
+--- a/src/CertificateAuthority.cpp
++++ b/src/CertificateAuthority.cpp
+@@ -118,7 +118,7 @@ bool CertificateAuthority::getSerial(const char *commonname, struct ca_serial *c
+ // added to generate different serial number than previous versions
+ // needs to be added as an option
+ std::string sname(commonname );
+- sname += "A";
++ sname += "B";
+
+ #ifdef DGDEBUG
+ std::cout << "Generating serial no for " << commonname << std::endl;
+@@ -390,6 +390,14 @@ X509 *CertificateAuthority::generateCertificate(const char *commonname, struct c
+ return NULL;
+ }
+
++{
++ String temp1 = "DNS:";
++ String temp2 = commonname;
++ temp1 = temp1 + temp2;
++ char *value = (char*) temp1.toCharArray();
++if( !addExtension(newCert, NID_subject_alt_name, value))
++ log_ssl_errors("Error adding subjectAltName to the request", commonname);
++}
+ //sign it using the ca
+ ERR_clear_error();
+ if (!X509_sign(newCert, _caPrivKey, EVP_sha256())) {
+@@ -521,4 +529,18 @@ CertificateAuthority::~CertificateAuthority()
+ if (_caPrivKey) EVP_PKEY_free(_caPrivKey);
+ if (_certPrivKey) EVP_PKEY_free(_certPrivKey);
+ }
++
++bool CertificateAuthority::addExtension(X509 *cert, int nid, char *value)
++{
++ X509_EXTENSION *ex = NULL;
++
++ ex = X509V3_EXT_conf_nid(NULL,NULL , nid, value);
++
++ int result = X509_add_ext(cert, ex, -1);
++
++ X509_EXTENSION_free(ex);
++
++ return (result > 0) ? true : false;
++}
++
+ #endif //__SSLMITM
+diff --git a/src/CertificateAuthority.hpp b/src/CertificateAuthority.hpp
+index 230932b..0aecf61 100755
+--- a/src/CertificateAuthority.hpp
++++ b/src/CertificateAuthority.hpp
+@@ -25,6 +25,7 @@ class CertificateAuthority
+ time_t _ca_end;
+ static int do_mkdir(const char *path, mode_t mode);
+ int mkpath(const char *path, mode_t mode);
++ bool addExtension(X509 *cert, int nid, char *value);
+
+ public:
+ CertificateAuthority(const char *caCert,
diff --git a/debian/patches/series b/debian/patches/series
index 9aa6e49..12704da 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
+0001_fix-certificate-bug-with-chrome-browser.patch
1001_idem-potent-build.patch
1002_fix-message-typos.patch
2001_remove-w3c-badge.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/pkg-team/e2guardian.git
More information about the debian-edu-commits
mailing list