github-personal/labca
1
0
Fork 0
mirror of https://github.com/outbackdingo/labca.git synced 2026-01-27 10:19:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix lintIssuer with mixed RSA/ECDSA certificates (#46)

Browse Source
This commit is contained in:
Arjan H
2022-06-04 15:22:18 +02:00
parent f000abb97d
commit 691a0bd29f
2 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
patch.sh
View File

@@ -29,6 +29,7 @@ $SUDO patch -p1 < $cloneDir/patches/log-validator_main.patch
$SUDO patch -p1 < $cloneDir/patches/startservers.patch
$SUDO patch -p1 < $cloneDir/patches/errors_errors.patch
$SUDO patch -p1 < $cloneDir/patches/ratelimit_rate-limits.patch
$SUDO patch -p1 < $cloneDir/patches/linter_linter.patch
sed -i -e "s/berrors.RateLimitError(/berrors.RateLimitError(ra.rlPolicies.RateLimitsURL(), /g" ra/ra.go

21
patches/linter_linter.patch Normal file
View File

@@ -0,0 +1,21 @@
diff --git a/linter/linter.go b/linter/linter.go
index 59066e3f8..8cf143227 100644
--- a/linter/linter.go
+++ b/linter/linter.go
@@ -136,7 +136,15 @@ func makeIssuer(realIssuer *x509.Certificate, lintSigner crypto.Signer) (*x509.C
}
lintIssuerBytes, err := x509.CreateCertificate(rand.Reader, lintIssuerTBS, lintIssuerTBS, lintSigner.Public(), lintSigner)
if err != nil {
- return nil, fmt.Errorf("failed to create lint issuer: %w", err)
+ if strings.Contains(fmt.Sprint(err), "requested SignatureAlgorithm does not match private key type") {
+ lintIssuerTBS.SignatureAlgorithm = 0
+ lintIssuerBytes, err = x509.CreateCertificate(rand.Reader, lintIssuerTBS, lintIssuerTBS, lintSigner.Public(), lintSigner)
+ if err != nil {
+ return nil, fmt.Errorf("failed to create lint issuer (without SignatureAlgorithm): %w", err)
+ }
+ } else {
+ return nil, fmt.Errorf("failed to create lint issuer: %w", err)
+ }
}
lintIssuer, err := x509.ParseCertificate(lintIssuerBytes)
if err != nil {