Cutlery/calibre
1
0
Fork 0
mirror of https://github.com/kovidgoyal/calibre.git synced 2025-07-09 03:04:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

Proper fix for ssl server test

Browse Source 
Needed to generate subject key id for the CA cert and authority key id
for the server cert
This commit is contained in:
Kovid Goyal 2024-08-16 17:18:00 +05:30
parent c278d6de5c
commit 60db6aae2f
No known key found for this signature in database
GPG Key ID: 06BC317B515ACE7C
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/calibre/srv/tests/loop.py
View File

@ -201,6 +201,7 @@ class LoopTest(BaseTest):
cert_file, key_file, ca_file = map(lambda x:os.path.join(tdir, x), 'cka')
create_server_cert(address, ca_file, cert_file, key_file, key_size=2048)
ctx = ssl.create_default_context(cafile=ca_file)
ctx.verify_flags |= ssl.VERIFY_X509_STRICT
with TestServer(
lambda data:(data.path[0] + data.read().decode('utf-8')),
ssl_certfile=cert_file, ssl_keyfile=key_file, listen_on=address, port=0) as server:

10
src/calibre/utils/certgen.c
View File

@ -272,15 +272,17 @@ static PyObject* create_rsa_cert(PyObject *self, PyObject *args) {
if (!PubKey) { set_error("X509_REQ_get_pubkey"); goto error; }
if (!X509_REQ_verify(req, PubKey)) { set_error("X509_REQ_verify"); goto error; }
if (!X509_set_pubkey(Cert, PubKey)) { set_error("X509_set_pubkey"); goto error; }
if (!req_is_for_CA_cert) {
X509V3_CTX ctx;
X509V3_set_ctx(&ctx, Cert, Cert, NULL, NULL, 0);
X509_EXTENSION *ex;
if (req_is_for_CA_cert) {
X509V3_set_ctx(&ctx, NULL, Cert, NULL, NULL, 0);
X509V3_set_ctx_nodb(&ctx);
X509_EXTENSION *ex;
ex = X509V3_EXT_conf_nid(NULL, &ctx, NID_subject_key_identifier, "hash");
if (!ex) { set_error("creating subject key identifier failed"); goto error; }
X509_add_ext(Cert, ex, -1);
X509_EXTENSION_free(ex);
} else {
X509V3_set_ctx(&ctx, CA_cert, Cert, NULL, NULL, 0);
X509V3_set_ctx_nodb(&ctx);
ex = X509V3_EXT_conf_nid(NULL, &ctx, NID_authority_key_identifier, "keyid:always");
if (!ex) { set_error("creating authority key identifier failed"); goto error; }
X509_add_ext(Cert, ex, -1);