Cutlery/calibre
1
0
Fork 0
mirror of https://github.com/kovidgoyal/calibre.git synced 2025-07-09 03:04:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

Better error reporting in certgen

Browse Source 
Also require alt_names to already be prefixed
This commit is contained in:
Kovid Goyal 2023-10-06 16:30:43 +05:30
parent e8b69b44cb
commit b0552e399b
No known key found for this signature in database
GPG Key ID: 06BC317B515ACE7C
2 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/calibre/utils/certgen.c
View File

@ -22,18 +22,23 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/conf.h> #include <openssl/conf.h>
static PyObject* set_error(const char *where) { static PyObject*
char *buf = NULL; set_error_with_detail(const char *where, const char* detail) {
char *suffix = NULL, buf[1024];
unsigned long err = ERR_get_error(); unsigned long err = ERR_get_error();
if (err == 0) { if (err == 0) {
return PyErr_Format(PyExc_RuntimeError, "Error calling: %s: OpenSSL error queue is empty", where); suffix = "OpenSSL error queue is empty";
} else {
ERR_error_string_n(err, buf, sizeof(buf));
suffix = buf;
} }
buf = ERR_error_string(err, NULL); if (detail && detail[0]) return PyErr_Format(PyExc_ValueError, "Error calling: %s %s: %s", where, detail, suffix);
if (!buf) { return PyErr_Format(PyExc_ValueError, "Error calling: %s: %s", where, suffix);
PyErr_SetString(PyExc_RuntimeError, "An unknown error occurred (OpenSSL error string returned NULL)"); }
return NULL;
} static PyObject*
return PyErr_Format(PyExc_ValueError, "Error calling: %s: %s", where, buf); set_error(const char *where) {
return set_error_with_detail(where, NULL);
} }
static void free_rsa_keypair(PyObject *capsule) { static void free_rsa_keypair(PyObject *capsule) {
@ -97,9 +102,8 @@ static void free_req(PyObject *capsule) {
static int static int
add_ext(STACK_OF(X509_EXTENSION) *sk, int nid, const char *value, char *item_type) { add_ext(STACK_OF(X509_EXTENSION) *sk, int nid, const char *value, char *item_type) {
X509_EXTENSION *ex = X509V3_EXT_conf_nid(NULL, NULL, nid, value); X509_EXTENSION *ex = X509V3_EXT_conf_nid(NULL, NULL, nid, value);
char ebuf[256] = {0}; if (!ex) { set_error_with_detail("X509V3_EXT_conf_nid", value); return 0;}
if (!ex) { snprintf(ebuf, sizeof(ebuf), "%s: %s", item_type, "X509V3_EXT_conf_nid"); set_error(ebuf); return 0;} if (!sk_X509_EXTENSION_push(sk, ex)) { set_error_with_detail("sk_X509_EXTENSION_push", item_type); return 0; }
if (!sk_X509_EXTENSION_push(sk, ex)) { snprintf(ebuf, sizeof(ebuf), "%s: %s", item_type, "sk_X509_EXTENSION_push"); set_error(ebuf); return 0; }
return 1; return 1;
} }

4
src/calibre/utils/certgen.py
View File

@ -18,7 +18,7 @@ def create_cert_request(
organizational_unit=None, email_address=None, alt_names=(), basic_constraints=None organizational_unit=None, email_address=None, alt_names=(), basic_constraints=None
): ):
return certgen.create_rsa_cert_req( return certgen.create_rsa_cert_req(
key_pair, tuple(f'DNS:{x}' for x in alt_names), common_name, key_pair, tuple(alt_names), common_name,
country, state, locality, organization, organizational_unit, email_address, basic_constraints country, state, locality, organization, organizational_unit, email_address, basic_constraints
) )
@ -91,7 +91,7 @@ def create_server_cert(
if __name__ == '__main__': if __name__ == '__main__':
cacert, cakey, cert, pkey = create_server_cert('test.me', alt_names=['moose.cat', 'huge.bat']) cacert, cakey, cert, pkey = create_server_cert('test.me', alt_names=['DNS:moose.cat', 'DNS:huge.bat'])
print("CA Certificate") print("CA Certificate")
print(cert_info(cacert)) print(cert_info(cacert))
print(), print(), print() print(), print(), print()