Fix error message for updated draft

[public/dnssec-swede-utility.git] / swede

diff --git a/swede b/swede
index 60947eb7d2a1d7e5cccf7488de1fe562dcb048a3..036071a3cb6cf72ac56e96037f61f8c82a4887bd 100755 (executable)
--- a/swede
+++ b/swede
@@ -271,7 +271,7 @@ class TLSARecord:
                        if self.getPort() != '*':
                                err.append('Port %s not a number' % self.getPort())
                if not self.usage in [0,1,2,3]:
-                       err.append('Usage: invalid (%s is not one of 0, 1 or 2)' % self.usage)
+                       err.append('Usage: invalid (%s is not one of 0, 1, 2 or 3)' % self.usage)
                if not self.selector in [0,1]:
                        err.append('Selector: invalid (%s is not one of 0 or 1)' % self.selector)
                if not self.mtype in [0,1,2]:
@@ -504,7 +504,13 @@ if __name__ == '__main__':
                                elif record.usage == 2: # Usage 2, use the cert in the record as trust anchor
                                        #FIXME: doesnt comply to the spec
                                        matched = False
+                                       previous_issuer = None
                                        for cert in chain:
+                                               if previous_issuer:
+                                                       if not str(previous_issuer) == str(cert.get_subject()): # The chain cannot be valid
+                                                               print "FAIL: Certificates don't chain"
+                                                               break
+                                                       previous_issuer = cert.get_issuer()
                                                if verifyCertMatch(record, cert):
                                                        matched = True
                                                        continue