ruben/sort_certificate
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improved handling of cross signed intermediates. #1

Browse Source
This commit is contained in:
Ruben van Staveren 2022-07-27 11:19:35 +02:00
parent ebe467260a
commit ba94ceb9cc
Signed by: ruben
GPG Key ID: 886F6BECD477A93F
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sort_certificate.py
View File

@ -187,11 +187,12 @@ def find_intermediate_root(x509_objects, root_issuers):
''' '''
# Some intermediates have the *same* subject as some root certificates. # Some intermediates have the *same* subject as some root certificates.
# blacklist them # blacklist them if their issuer and subject name is present in the root
# XXX better use pubkey/hash for that, but can't find the appropriate # bundle
# interface to that at the moment
excluded_issuers = [str(x.get_subject()) for x in x509_objects excluded_issuers = [str(x.get_subject()) for x in x509_objects
if x.get_subject() != x.get_issuer()] if x.get_subject() != x.get_issuer()
and str(x.get_issuer()) in root_issuers
and str(x.get_subject()) in root_issuers]
logging.debug('Known root issuers\n\t%s', '\n\t'.join(root_issuers)) logging.debug('Known root issuers\n\t%s', '\n\t'.join(root_issuers))
logging.debug('Excluding issuers because of potential intermediates\n\t%s', logging.debug('Excluding issuers because of potential intermediates\n\t%s',