albatross_ca: compare request vs my version, write mine, bump to AV4

2019-11-11 19:18:48 +01:00 · 2019-11-11 19:18:48 +01:00 · 365a569b25
parent af04739575
commit 365a569b25
2 changed files with 6 additions and 6 deletions
--- a/provision/albatross_provision.ml
+++ b/provision/albatross_provision.ml
@ -1,6 +1,6 @@
 (* (c) 2017 Hannes Mehnert, all rights reserved *)

-let asn_version = `AV2
+let asn_version = `AV4

 let timestamps validity =
  let now = Ptime_clock.now () in
--- a/provision/albatross_provision_ca.ml
+++ b/provision/albatross_provision_ca.ml
@ -41,10 +41,9 @@ let sign_csr dbname cacert key csr days =
  match albatross_extension csr with
  | Ok v ->
    Vmm_asn.cert_extension_of_cstruct v >>= fun (version, cmd) ->
-    (if Vmm_commands.version_eq version version then
-       Ok ()
-     else
-       Error (`Msg "unknown version in request")) >>= fun () ->
+    if not (Vmm_commands.version_eq asn_version version) then
+      Logs.warn (fun m -> m "version in request (%a) different from our version %a, using ours"
+                    Vmm_commands.pp_version version Vmm_commands.pp_version asn_version);
    let exts, default_days = match cmd with
      | `Policy_cmd (`Policy_add _) -> d_exts (), 365
      | _ -> l_exts, 1
@ -54,7 +53,8 @@ let sign_csr dbname cacert key csr days =
    (* the "false" is here since X509 validation bails on exts marked as
       critical (as required), but has no way to supply which extensions
       are actually handled by the application / caller *)
-    let extensions = Extension.(add (Unsupported Vmm_asn.oid) (false, v) exts) in
+    let v' = Vmm_asn.cert_extension_to_cstruct (asn_version, cmd) in
+    let extensions = Extension.(add (Unsupported Vmm_asn.oid) (false, v') exts) in
    sign ~dbname extensions issuer key csr (Duration.of_day days)
  | Error e -> Error e