Add some checking to usage 2

author Pieter Lexis <pieter@plexis.eu>

Sat, 4 Feb 2012 19:30:27 +0000 (20:30 +0100)

committer Pieter Lexis <pieter@plexis.eu>

Sat, 4 Feb 2012 19:30:27 +0000 (20:30 +0100)
author Pieter Lexis <pieter@plexis.eu>
Sat, 4 Feb 2012 19:30:27 +0000 (20:30 +0100)
committer Pieter Lexis <pieter@plexis.eu>
Sat, 4 Feb 2012 19:30:27 +0000 (20:30 +0100)
diff --git a/swede b/swede

index 60947eb7d2a1d7e5cccf7488de1fe562dcb048a3..af8f56006f54120f42047f3945e6e1402121f2ad 100755 (executable)
--- a/swede
+++ b/swede
@@ -504,7 +504,13 @@ if __name__ == '__main__':
                                 elif record.usage == 2: # Usage 2, use the cert in the record as trust anchor
                                         #FIXME: doesnt comply to the spec
                                         matched = False
+                                       previous_issuer = None
                                         for cert in chain:
+                                               if previous_issuer:
+                                                       if not str(previous_issuer) == str(cert.get_subject()): # The chain cannot be valid
+                                                               print "FAIL: Certificates don't chain"
+                                                               break
+                                                       previous_issuer = cert.get_issuer()
                                                 if verifyCertMatch(record, cert):
                                                         matched = True
                                                         continue
author	Pieter Lexis <pieter@plexis.eu>
	Sat, 4 Feb 2012 19:30:27 +0000 (20:30 +0100)
committer	Pieter Lexis <pieter@plexis.eu>
	Sat, 4 Feb 2012 19:30:27 +0000 (20:30 +0100)