albatross_ca: compare request vs my version, write mine, bump to AV4

This commit is contained in:
Hannes Mehnert 2019-11-11 19:18:48 +01:00
parent af04739575
commit 365a569b25
2 changed files with 6 additions and 6 deletions

View file

@ -1,6 +1,6 @@
(* (c) 2017 Hannes Mehnert, all rights reserved *)
let asn_version = `AV2
let asn_version = `AV4
let timestamps validity =
let now = Ptime_clock.now () in

View file

@ -41,10 +41,9 @@ let sign_csr dbname cacert key csr days =
match albatross_extension csr with
| Ok v ->
Vmm_asn.cert_extension_of_cstruct v >>= fun (version, cmd) ->
(if Vmm_commands.version_eq version version then
Ok ()
else
Error (`Msg "unknown version in request")) >>= fun () ->
if not (Vmm_commands.version_eq asn_version version) then
Logs.warn (fun m -> m "version in request (%a) different from our version %a, using ours"
Vmm_commands.pp_version version Vmm_commands.pp_version asn_version);
let exts, default_days = match cmd with
| `Policy_cmd (`Policy_add _) -> d_exts (), 365
| _ -> l_exts, 1
@ -54,7 +53,8 @@ let sign_csr dbname cacert key csr days =
(* the "false" is here since X509 validation bails on exts marked as
critical (as required), but has no way to supply which extensions
are actually handled by the application / caller *)
let extensions = Extension.(add (Unsupported Vmm_asn.oid) (false, v) exts) in
let v' = Vmm_asn.cert_extension_to_cstruct (asn_version, cmd) in
let extensions = Extension.(add (Unsupported Vmm_asn.oid) (false, v') exts) in
sign ~dbname extensions issuer key csr (Duration.of_day days)
| Error e -> Error e