albatross_ca: compare request vs my version, write mine, bump to AV4

provision/albatross_provision.ml

@@ -1,6 +1,6 @@
 (* (c) 2017 Hannes Mehnert, all rights reserved *)
 
-let asn_version = `AV2
+let asn_version = `AV4
 
 let timestamps validity =
   let now = Ptime_clock.now () in

provision/albatross_provision_ca.ml

@@ -41,10 +41,9 @@ let sign_csr dbname cacert key csr days =
   match albatross_extension csr with
   | Ok v ->
     Vmm_asn.cert_extension_of_cstruct v >>= fun (version, cmd) ->
-    (if Vmm_commands.version_eq version version then
+    if not (Vmm_commands.version_eq asn_version version) then
-       Ok ()
+      Logs.warn (fun m -> m "version in request (%a) different from our version %a, using ours"
-     else
+                    Vmm_commands.pp_version version Vmm_commands.pp_version asn_version);
-       Error (`Msg "unknown version in request")) >>= fun () ->
     let exts, default_days = match cmd with
       | `Policy_cmd (`Policy_add _) -> d_exts (), 365
       | _ -> l_exts, 1
@@ -54,7 +53,8 @@ let sign_csr dbname cacert key csr days =
     (* the "false" is here since X509 validation bails on exts marked as
        critical (as required), but has no way to supply which extensions
        are actually handled by the application / caller *)
-    let extensions = Extension.(add (Unsupported Vmm_asn.oid) (false, v) exts) in
+    let v' = Vmm_asn.cert_extension_to_cstruct (asn_version, cmd) in
+    let extensions = Extension.(add (Unsupported Vmm_asn.oid) (false, v') exts) in
     sign ~dbname extensions issuer key csr (Duration.of_day days)
   | Error e -> Error e