git.svenne.dk / public / dnssec-swede-utility.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add some checking to usage 2
[public/dnssec-swede-utility.git] / swede
diff --git a/swede b/swede
index 60947eb7d2a1d7e5cccf7488de1fe562dcb048a3..af8f56006f54120f42047f3945e6e1402121f2ad 100755 (executable)
--- a/swede
+++ b/swede
@@ -504,7 +504,13 @@ if __name__ == '__main__':
                                elif record.usage == 2: # Usage 2, use the cert in the record as trust anchor
                                        #FIXME: doesnt comply to the spec
                                        matched = False
+                                       previous_issuer = None
                                        for cert in chain:
+                                               if previous_issuer:
+                                                       if not str(previous_issuer) == str(cert.get_subject()): # The chain cannot be valid
+                                                               print "FAIL: Certificates don't chain"
+                                                               break
+                                                       previous_issuer = cert.get_issuer()
                                                if verifyCertMatch(record, cert):
                                                        matched = True
                                                        continue
Unnamed repository; edit this file 'description' to name the repository.