Cutlery/calibre
1
0
Fork 0
mirror of https://github.com/kovidgoyal/calibre.git synced 2025-07-09 03:04:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

Better error reporting in certgen

Browse Source 
Also require alt_names to already be prefixed
This commit is contained in:
Kovid Goyal 2023-10-06 16:30:43 +05:30
parent e8b69b44cb
commit b0552e399b
No known key found for this signature in database
GPG Key ID: 06BC317B515ACE7C
2 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/calibre/utils/certgen.c
View File

@ -22,18 +22,23 @@
#include <openssl/err.h>
#include <openssl/conf.h>
static PyObject* set_error(const char *where) {
char *buf = NULL;
static PyObject*
set_error_with_detail(const char *where, const char* detail) {
char *suffix = NULL, buf[1024];
unsigned long err = ERR_get_error();
if (err == 0) {
return PyErr_Format(PyExc_RuntimeError, "Error calling: %s: OpenSSL error queue is empty", where);
suffix = "OpenSSL error queue is empty";
} else {
ERR_error_string_n(err, buf, sizeof(buf));
suffix = buf;
}
buf = ERR_error_string(err, NULL);
if (!buf) {
PyErr_SetString(PyExc_RuntimeError, "An unknown error occurred (OpenSSL error string returned NULL)");
return NULL;
if (detail && detail[0]) return PyErr_Format(PyExc_ValueError, "Error calling: %s %s: %s", where, detail, suffix);
return PyErr_Format(PyExc_ValueError, "Error calling: %s: %s", where, suffix);
}
return PyErr_Format(PyExc_ValueError, "Error calling: %s: %s", where, buf);
static PyObject*
set_error(const char *where) {
return set_error_with_detail(where, NULL);
}
static void free_rsa_keypair(PyObject *capsule) {
@ -97,9 +102,8 @@ static void free_req(PyObject *capsule) {
static int
add_ext(STACK_OF(X509_EXTENSION) *sk, int nid, const char *value, char *item_type) {
X509_EXTENSION *ex = X509V3_EXT_conf_nid(NULL, NULL, nid, value);
char ebuf[256] = {0};
if (!ex) { snprintf(ebuf, sizeof(ebuf), "%s: %s", item_type, "X509V3_EXT_conf_nid"); set_error(ebuf); return 0;}
if (!sk_X509_EXTENSION_push(sk, ex)) { snprintf(ebuf, sizeof(ebuf), "%s: %s", item_type, "sk_X509_EXTENSION_push"); set_error(ebuf); return 0; }
if (!ex) { set_error_with_detail("X509V3_EXT_conf_nid", value); return 0;}
if (!sk_X509_EXTENSION_push(sk, ex)) { set_error_with_detail("sk_X509_EXTENSION_push", item_type); return 0; }
return 1;
}

4
src/calibre/utils/certgen.py
View File

@ -18,7 +18,7 @@ def create_cert_request(
organizational_unit=None, email_address=None, alt_names=(), basic_constraints=None
):
return certgen.create_rsa_cert_req(
key_pair, tuple(f'DNS:{x}' for x in alt_names), common_name,
key_pair, tuple(alt_names), common_name,
country, state, locality, organization, organizational_unit, email_address, basic_constraints
)
@ -91,7 +91,7 @@ def create_server_cert(
if __name__ == '__main__':
cacert, cakey, cert, pkey = create_server_cert('test.me', alt_names=['moose.cat', 'huge.bat'])
cacert, cakey, cert, pkey = create_server_cert('test.me', alt_names=['DNS:moose.cat', 'DNS:huge.bat'])
print("CA Certificate")
print(cert_info(cacert))
print(), print(), print()