use proper extension
This commit is contained in:
Hannes Mehnert
parent
34291dbe65
commit
d08de432b6
|
|
@ -39,8 +39,7 @@ let sign dbname cacert key csr days =
|
||||||
Logs.app (fun m -> m "signing certificate with subject %s"
|
Logs.app (fun m -> m "signing certificate with subject %s"
|
||||||
(X509.distinguished_name_to_string ri.X509.CA.subject)) ;
|
(X509.distinguished_name_to_string ri.X509.CA.subject)) ;
|
||||||
let issuer = X509.subject cacert in
|
let issuer = X509.subject cacert in
|
||||||
(* TODO: handle version mismatch of the delegation cert specially here *)
|
(* TODO: check delegation! verify whitelisted commands!? *)
|
||||||
(* TODO: check delegation! *)
|
|
||||||
match albatross_extension csr with
|
match albatross_extension csr with
|
||||||
| Ok (ext, v) ->
|
| Ok (ext, v) ->
|
||||||
Vmm_asn.cert_extension_of_cstruct v >>= fun (version, cmd) ->
|
Vmm_asn.cert_extension_of_cstruct v >>= fun (version, cmd) ->
|
||||||
|
|
@ -48,9 +47,12 @@ let sign dbname cacert key csr days =
|
||||||
Ok ()
|
Ok ()
|
||||||
else
|
else
|
||||||
Error (`Msg "unknown version in request")) >>= fun () ->
|
Error (`Msg "unknown version in request")) >>= fun () ->
|
||||||
(* TODO l_exts / d_exts trouble *)
|
let exts = match cmd with
|
||||||
|
| `Policy_cmd (`Policy_add _) -> d_exts ()
|
||||||
|
| _ -> l_exts
|
||||||
|
in
|
||||||
Logs.app (fun m -> m "signing %a" Vmm_commands.pp cmd) ;
|
Logs.app (fun m -> m "signing %a" Vmm_commands.pp cmd) ;
|
||||||
Ok (ext :: l_exts) >>= fun extensions ->
|
Ok (ext :: exts) >>= fun extensions ->
|
||||||
Vmm_provision.sign ~dbname extensions issuer key csr (Duration.of_day days)
|
Vmm_provision.sign ~dbname extensions issuer key csr (Duration.of_day days)
|
||||||
| Error e -> Error e
|
| Error e -> Error e
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue