git.svenne.dk
/
public
/
dnssec-swede-utility.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add some checking to usage 2
[public/dnssec-swede-utility.git]
/
swede
diff --git
a/swede
b/swede
index 60947eb7d2a1d7e5cccf7488de1fe562dcb048a3..af8f56006f54120f42047f3945e6e1402121f2ad 100755
(executable)
--- a/
swede
+++ b/
swede
@@
-504,7
+504,13
@@
if __name__ == '__main__':
elif record.usage == 2: # Usage 2, use the cert in the record as trust anchor
#FIXME: doesnt comply to the spec
matched = False
elif record.usage == 2: # Usage 2, use the cert in the record as trust anchor
#FIXME: doesnt comply to the spec
matched = False
+ previous_issuer = None
for cert in chain:
for cert in chain:
+ if previous_issuer:
+ if not str(previous_issuer) == str(cert.get_subject()): # The chain cannot be valid
+ print "FAIL: Certificates don't chain"
+ break
+ previous_issuer = cert.get_issuer()
if verifyCertMatch(record, cert):
matched = True
continue
if verifyCertMatch(record, cert):
matched = True
continue