ruben/sort_certificate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

instead of finding the issuer of the last certificate, probe in reverse order

Browse Source 
This allows for handling of disappeared/expired root certificates which
might still be a dependency for a present cross signed certificate
This commit is contained in:
Ruben van Staveren 2022-07-27 13:34:11 +02:00
parent 5cce5722c5
commit 6dda760ffd
Signed by: ruben
GPG Key ID: 886F6BECD477A93F
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sort_certificate.py
View File

@ -176,7 +176,15 @@ def find_root(x509_objects, root_issuers):
''' '''
Find a suitable anchor by finding the intermediate that was signed by root Find a suitable anchor by finding the intermediate that was signed by root
''' '''
root_cert = root_issuers[str(x509_objects[-1].get_issuer())] root_cert = None
for x509_object in reversed(x509_objects):
if str(x509_object.get_issuer()) in root_issuers:
root_cert = root_issuers[str(x509_object.get_issuer())]
break
if not root_cert:
raise CertificateComponentException('Unable to find a suitable '
'trusted root certificate '
'for bundle')
logging.debug('Retrieved root certificate %s', root_cert.get_subject()) logging.debug('Retrieved root certificate %s', root_cert.get_subject())
return root_cert return root_cert