Mercurial Mercurial > upstream > oracle > pkg-gate / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
18937 check-certificate-revocation is ignored in some cases
authorShawn Walker <shawn.walker@oracle.com>
Sat, 17 Sep 2011 10:17:12 -0700
changeset 2558 5903fa459c85
parent 2557 79015f2ed019
child 2559 244beb5c12be
18937 check-certificate-revocation is ignored in some cases
src/modules/client/publisher.py file | annotate | diff | comparison | revisions 
--- a/src/modules/client/publisher.py	Fri Sep 16 11:02:46 2011 +0900
+++ b/src/modules/client/publisher.py	Sat Sep 17 10:17:12 2011 -0700
@@ -2388,12 +2388,13 @@
                 if rev:
                         raise api_errors.RevokedCertificate(cert, rev[1])
 
-        def __check_revocation(self, cert, ca_dict):
+        def __check_revocation(self, cert, ca_dict, use_crls):
                 hsh = self.__hash_cert(cert)
                 if hsh in self.revoked_ca_certs:
                         raise api_errors.RevokedCertificate(cert,
                             "User manually revoked certificate.")
-                self.__check_crls(cert, ca_dict)
+                if use_crls:
+                        self.__check_crls(cert, ca_dict)
 
         def __check_extensions(self, cert, usages, cur_pathlen):
                 """Check whether the critical extensions in this certificate
@@ -2506,8 +2507,7 @@
                 self.__check_extensions(cert, usages, cur_pathlen)
 
                 # Check whether this certificate has been revoked.
-                if use_crls:
-                        self.__check_revocation(cert, ca_dict)
+                self.__check_revocation(cert, ca_dict, use_crls)
 
                 while continue_loop:
                         # If this certificate's CN is in the set of required
@@ -2574,7 +2574,7 @@
                                                             c, CERT_SIGNING_USE,
                                                             cur_pathlen)
                                                         self.__check_revocation(c,
-                                                            ca_dict)
+                                                            ca_dict, use_crls)
                                                 except (api_errors.UnsupportedCriticalExtension, api_errors.RevokedCertificate), e:
                                                         certs_with_problems.append(e)
                                                         problem = True
upstream/oracle/pkg-gate